All php files start with one of security checks:

• if (!defined('CMS')) exit;
• if (!defined('FRONTEND')) exit;
• if (!defined('BACKEND')) exit;

That ensure that PHP files will not be accessed directly.

If CMS constant is defined, it means that file is accessed in correct way.

If you wish to secure file to be accessed only in back-end enviroment, you need to check if BACKEND constant is defined.