If you would like to provide access to a number of php files via the joomla wrapper menu item you can use some code in the external script:

The following code in .htaccess works to block direct access to the script while not causing any problems with access via the wrapper. It's for a script that exists outside of Joomla.. Note this is not the "core" .htaccess-file!

RewriteEngine On
RewriteBase /
# Blocking direct access
RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*index\\.php$
RewriteRule .* - [F] 

change domain.com with your real domain and set!