View Categories

What Is PHP (And How Can You Use It in WordPress)?

PHP functions on a computer screen.
  • Jul 14, 2021
  • 0
  • by A2 Support Team

Many WordPress website owners run successful blogs, e-commerce stores, and businesses without ever writing a single line of code. While you don’t have to be a programming master to manage a website, learning some fundamentals can give you an edge over the competition.

Fortunately, you don’t need to spend years learning the intricacies of writing code. By familiarizing yourself with how WordPress uses its core programming languages and learning the basic syntax, you can unlock a whole new world of possibilities.

In this post, we’ll look at the role PHP plays in the world’s most popular Content Management System (CMS). We’ll then show you how to customize the core WordPress platform, themes, and plugins by writing some simple PHP functions. Let’s get started!

An Introduction to PHP

PHP is an open-source programming language that is used by almost 80 percent of all websites whose programming language is known. As a server-side language, the majority of PHP processing happens on your server.

Whenever a visitor requests a page that contains PHP, this code is processed by the PHP module installed on your web server. The pre-processor then generates the HTML output and sends it to the visitor’s browser.

Part of PHP’s popularity is due to the fact that it’s used by different Content Management Systems (CMS), including WordPress. In fact, the bulk of the core WordPress software is written in PHP. If you download and unzip a copy of WordPress core, you’ll see plenty of PHP files:

The WordPress core software.

Whenever someone visits your WordPress website, the server will run the PHP code contained in your theme and core files, plus any plugins you’ve installed on your site. Once your server has processed all of that PHP, it will deliver the HTML code to the web browser. This means that the visitor will only ever encounter the processed HTML, and never the PHP code that powers your WordPress website.

Like other programming languages, there are many different versions of PHP. At the time of writing, the most recent release is 8.0.8, with everything prior to PHP 7.3 considered end of life. This means that PHP developers no longer issue updates or security patches for older versions. Thus, we recommend avoiding all versions of PHP prior to 7.3.

Why PHP Is Important for Website Owners

You don’t need to be a PHP master in order to run a successful WordPress website. The great thing about opting for WordPress as your CMS is that the majority of the PHP is already written for you. In fact, most WordPress users never learn how to write or understand this popular programming language.

However, there are some benefits to learning PHP. Out of the box, WordPress is a powerful and flexible CMS, but there may come a time when the built-in options aren’t enough.

If you want to modify WordPress’ core behaviors, some basic PHP skills can help you create more complex and unique customizations. In particular, WordPress supports a number of hooks, classes, and functions that you can use to extend this platform in new and exciting ways.

If you dream of developing your own WordPress theme or plugin, then you’ll also need to know PHP. In addition, many themes and plugins are open sources, so you’re free to modify the underlying code. Similar to WordPress core, if you download and unzip any theme or plugin, you’ll see a list of PHP files:

The WordPress Jetpack plugin.

Even if you don’t plan to code a theme or plugin from scratch, you may still benefit from tweaking these existing PHP files. By getting to grips with the basic syntax, you’ll have the freedom to modify that theme or plugin in order to make it the perfect fit for your WordPress website.

How to Write PHP Code and Functions

Becoming a PHP master is beyond the scope of this post. However, it helps to have a basic understanding of the syntax. To start, all PHP code is surrounded by tags, for example:

<?php echo 'This is PHP'; ?>

Here, we’re defining a string, which is a sequence of characters. In PHP, you differentiate a string from the rest of the code using either single quotation marks or double quotation marks, for example:

'This is PHP'

Each line of code generally ends with a { or a semicolon. However, statements like echo should always end with a semicolon.

In the above example, we’re using the ?> closing PHP tag. While you’ll use this closing tag throughout your code, it’s best practice not to use the closing PHP tags at the end of your file.

Although there is some interaction between HTML and PHP, it’s important to differentiate between these two programming languages by using the appropriate tags. For example, a file containing both HTML and PHP might look something like this:

<html>
<?php echo 'This is PHP'; ?>
</html>

Another fundamental element of PHP are functions, which are stored procedures. You can define functions using the following structure:

function functionName() {
code to be executed;
}

The function name must start with either a letter or an underscore. It’s also worth noting that function names aren’t case-sensitive. Let’s look at an example of a simple function:

<?php
function displayMsg() {
echo "Hello World";
}

displayMsg();
?>

Here, we’re creating a function called displayMsg. This function will output the value Hello World. To call this function, we’re simply writing the name of the function followed by brackets. Although this may seem like a simple example, you can apply this exact structure to more complex PHP functions.

A Few PHP Best Practices

As one of the world’s most popular programming languages, PHP is a prime target for hackers. If a malicious third party manages to uncover a vulnerability in PHP code, they could use this exact same attack against multiple WordPress sites.

To help keep your site safe, it’s important to ensure that you’re running the latest version of PHP. At A2 Hosting, we give our customers the flexibility to switch between different versions of PHP. If you have a shared or managed hosting account, you can log into your cPanel and choose the Select PHP Version tool.

A2 Hosting's cPanel dashboard.

Then, open the Current PHP dropdown and choose a version of PHP from the list:

A2 Hosting's PHP Selector tool.

Alternatively, if you have a managed Virtual Private Server (VPS) or managed server account, you can open a support ticket specifying the version of PHP that you want to use. Our team will be happy to make this change for you.

When writing custom PHP, you can protect against Cross-Site Scripting (XSS) attacks by sanitizing your data. PHP’s filter_var function contains disinfection indicators that enable you to check all user-submitted data. You can then remove any values that aren’t of the expected type. You can also use PHP’s validation features to ensure that user-submitted values match your expectations.

Error messages may be vital when testing your website, but a hacker might use these messages to glean valuable information about your site. For this reason, it’s smart to hide error messages before deploying your website on a live server.

To close this potential security loophole, start by launching cPanel’s File Manager tool:

A2 Hosting's File Manager tool.

Then, navigate to your wp-admin directory and open the php.ini file. To disable error logging, simply add the following text to your file: display_errors=Off.

How to Add PHP Functions Using a WordPress Plugin

By default, WordPress won’t execute PHP inside of a page or post. If you want to add custom PHP code to a specific webpage, you’ll need to use the Insert PHP Code Snippet plugin.

This plugin provides a central location where you can define each PHP snippet. You can then insert these snippets anywhere on your site, using the automatically-generated shortcode.

After installing and activating the Insert PHP Code Snippet plugin, navigate to XYZ PHP Code > PHPCode Snippets:

The PHP Code Snippets plugin.

On the next page, select Add New PHP Code Snippet. Inside the code box, you can either copy/paste or type the PHP function that you want to use:

Inserting PHP functions.

In the Tracking Name field, you’ll need to give this PHP snippet a title. This will represent the PHP function throughout the WordPress dashboard, so it’s a good idea to choose something distinctive. You’ll also use the tracking name when calling this snippet manually. When you’re happy with the information you’ve entered, click on Create.

You can now add this PHP snippet to any page or post, using a shortcode. To access this shortcode, head to XYZ PHP Code > PHPCode Snippets. You can then find the snippet in question and copy its corresponding shortcode:

PHP functions, created using a WordPress plugin.

Next, open the page or post where you want to insert the associated PHP. You can then create a new shortcode block:

The WordPress shortcode block.

Simply paste the shortcode into this block and save your changes. This custom PHP will now be installed on this specific page or post.

How to Remove PHP Functions From a Page or Post

At some point, you may want to remove custom PHP snippets from your website. Perhaps you no longer require a particular function, or you’re concerned that it’s making your site more vulnerable to attack.

If you want to remove a function from a specific page or post, then simply open that webpage for editing, find the shortcode in question, and delete it. Alternatively, you can deactivate a PHP snippet without removing it from the pages where it’s installed. This can be useful if you’ve deployed the same snippet across multiple pages and want a quick and easy way to deactivate every instance of this function.

To temporarily suspend a snippet, navigate to XYZ PHP Code > PHPCode Snippets. You can then find the snippet and click on its accompanying Pause button.

Another option is to delete the function from the Insert PHP Code Snippet plugin. This can be a serious time-saver if you’ve used a snippet multiple times and want to permanently remove it from every single webpage.

To delete a snippet, navigate to XYZ PHP Code > PHPCode Snippets. Then, locate the snippet that you want to scrub from your WordPress website and click on its accompanying Delete action.

How to Add PHP Functions Without a Plugin (In 2 Easy Steps)

If you want all the benefits of custom PHP without installing yet another WordPress plugin, then a child theme may be the answer. Before proceeding, we recommend creating a backup so you’ll have something to restore in case anything goes wrong. Once your backup is in place, you’re ready to start.

1. Create a Child Theme

You can create a child theme via the File Transfer Protocol (FTP) using a client such as FileZilla. After connecting to your site, your first task is to create a directory for your child theme.

In FileZilla, navigate to wp-content/themes and create a new folder. When naming your directory, we recommend using the parent theme’s name, appended with -child:

The FileZilla FTP client.

The next step is to create a style sheet. This file will contain the code that determines your website’s design. When creating this file, make sure you assign it the filename style.ss:

Inserting PHP functions into a child theme.

To build an eye-catching and effective child theme, you’ll usually have to write a considerable amount of code. However, if you just want to spin up a quick child theme to test your custom PHP functions, the WordPress Codex provides some boilerplate code that you can use:

/*
Theme Name: Twenty Fifteen Child
Theme URI: http://example.com/twenty-fifteen-child/
Description: Twenty Fifteen Child Theme
Author: John Doe
Author URI: http://example.com
Template: twentyfifteen
Version: 1.0.0
License: GNU General Public License v2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Tags: light, dark, two-columns, right-sidebar, responsive-layout, accessibility-ready
Text Domain: twentyfifteenchild
*/

Next, you’ll need to create a functions.php file, which is where you’ll add features to your theme. After creating this file, open it in your text editor and add the following:

<?php
add_action( 'wp_enqueue_scripts', 'enqueue_parent_styles' );
function enqueue_parent_styles() {
wp_enqueue_style( 'parent-style', get_template_directory_uri().'/style.css' );
}

In this snippet, we’re inheriting information from the parent’s style sheet. Now that you have all of the essential elements in place, you can navigate to Appearance > Themes in the WordPress dashboard. Here, you should be able to see your child theme. Assuming that you’re happy with your theme’s appearance, you can activate it.

2. Add a PHP Function

The next step is adding your custom PHP functions to your child theme. In your WordPress dashboard, go to Appearance > Theme Editor. Then, open the Select theme to edit dropdown and choose your child theme:

The WordPress theme editor.

In the left-hand menu, select the functions.php file. You can now add all of your PHP functions to this file.

As a quick example, let’s create a simple function that will display some text. To achieve this, copy and paste the following:

function test_func( $atts ){
return 'This is a PHP function' ;
}
add_shortcode( 'test', 'test_func' );

You can then select Update File. Now, you can call this PHP function using the defined shortcode. In the above example, we set the shortcode as test.

In your WordPress dashboard, navigate to the page or post where you want to call this PHP function. Then, create a new shortcode block and add your shortcode:

Inserting PHP functions into a shortcode.

You can now save your changes and head to the page that you’ve just edited. The string from your test function should appear on this webpage:

PHP functions, as seen in the visitor's browser.

This is just a simple example. WordPress supports a wide range of functions that you can use to customize and extend your new child theme. You’ll find a complete library of all these functions over at the WordPress Codex.

Why You Might Want to Add PHP Functions Without a Plugin

Plugins can be a quick and easy way to insert PHP into a specific webpage. However, if you only need to insert the occasional PHP function, then installing an entire plugin may feel like overkill.

WordPress plugins are also a huge source of security vulnerabilities. In 2021, WP White Security discovered almost 4,000 known plugin vulnerabilities. With this in mind, you may want to try minimizing the number of plugins installed on your WordPress website.

As we have seen, you can insert PHP manually by creating a child theme. You can then add your custom code to that child’s functions.php file. The downside is that your PHP functions will only work when you’re using this particular theme.

While it may be tempting to simply apply your PHP code to your current theme, it’s always best to create a child theme first. If you edit the parent theme’s functions.php file directly, then these changes will be overwritten every time you update your theme. By taking the time to create a child theme now, you can continue installing the latest updates without losing all of your custom code.

Conclusion

You don’t need to know PHP in order to run a successful WordPress website. However, PHP can be an effective tool for enhancing and extending the core Content Management System (CMS) platform.

Armed with some PHP know-how, you can add your own custom hooks to any page or post. You can also tweak your favorite themes and plugins so they’re the perfect fit for your WordPress website. If you’re feeling adventurous, then learning PHP may even be the first step towards developing your own themes and plugins.

Custom PHP can be a powerful addition to your site. However, hackers may try to weaponize this programming language against you. At A2 Hosting, we offer all the security features you need in order to reap the rewards of bespoke PHP without any risks.

Related Resources:

PHP and WordPress Compatability: Everything You Need to Know

Top 8 Security Practices for PHP

How to Find the Right WordPress Plan

9 Ways to Keep Your WordPress Website Secure

 

Image credit: Pexels.

 

 

The A2 Posting