this code isn’t mine, but actually hope it can works to you.
just put this code to every script that people can access.
define('access',1);
otherwise, use this script to script that you won’t let people access it directly
if(!defined('access'))
{
echo 'You cannot access this file directly.';
exit;
}