When developing a module, you should always keep security in mind. This guide explains some basic things you should know when developing a module for pluck.

Please make sure the files in your pages_admin and pages_site dirs are not directly accessible. If you don't block direct access, anyone can execute the code, even admin code without having to login.

You could for example use this code to block direct access (put at the very top of your PHP-file, just below the PHP opening):

//Make sure the file isn't accessed directly
if((!ereg('index.php', $_SERVER['SCRIPT_FILENAME'])) && (!ereg('admin.php', $_SERVER['SCRIPT_FILENAME'])) && (!ereg('install.php', $_SERVER['SCRIPT_FILENAME'])) && (!ereg('login.php', $_SERVER['SCRIPT_FILENAME']))){
    //Give out an "access denied" error
    echo 'access denied';
    //Block all other code
    exit();
}