index.php security issue

Sparkling’s error log (in one of my clients’ sites) is reflecting multiple instances of this error:

PHP Fatal error: Uncaught Error: Call to undefined function get_header() in /wp-content/themes/sparkling/index.php.

This likely reflects bot attacks on theme files (outside of the context of WordPress) per https://perishablepress.com/fix-error-undefined-function/, and is easily prevented by adding the following line above the get_header() call:

<?php if (!defined('ABSPATH')) exit; ?>

This prevents execution of index.php unless WordPress is running and eliminates the PHP error message.