Table of Contents

Introduction

The following code/functions on this page are, in accordance with the WordPress license, also licensed under GPL v3.

How to use WordPress functions

These WordPress functions and many others you will find on the web are pieces of code that you can implement in to your website to enhance or modify WordPress functionality. They are, like WordPress, written in the PHP programming language. There are 2 main ways that users can extend their websites using functions.

Adding WordPress functions via a theme

Every WordPress theme must contain a handful of core files, one of these is the functions.php file. This file can be seen as a theme specific plugin file that will execute code while the website (and subsequently the theme) is loaded.

You can simply add your own code to the functions.php file to include them in your website. To avoid any conflicts it may be easiest to paste the code directly at the end of this file. You can find it at /wp-content/themes/YOUR_THEME_NAME/functions.php . If you are using a prebuilt theme then it is highly recommended that you create a child theme for any modifications to avoid them being overwritten during a theme update.

The advantages of this method is that it is simple and the file already exists and is ready to go. A disadvantage of this method is that it is theme specific and if you change themes then you will need to move the code across. This can be avoided by creating a site-specific plugin.

Adding WordPress functions via a site-specific plugin

Adding WordPress functions via a site-specific plugin is an effective way to manage your custom functions independently of which theme you are using. Creating your own plugin is probably easier than you might think!

If you have FTP access to your website, read on! Otherwise you can follow this guide to create one locally and upload/edit via wp-admin.

To create a plugin for our custom functions, FTP in to your website and navigate to the /wp-content/plugins/ directory. Create a folder within this directory called custom-functions (or whatever you like!) and within this folder create a file called custom-functions.php (or whatever you named your directory with .php on the end).

Within this new file, we need to add a few lines of code to get PHP working and let WordPress know some information about our new plugin.

<?php /* Plugin Name: Adam's Custom Functions Description: My custom WordPress functions */ /* You can add your own functions below this line! */ /* Don't edit below this line! */ ?>

Once saved, you should see this appear in the Plugins admin view where you can activate it.

Though this method is a little more involved to get started the benefits include theme independence and easier debugging by being able to deactivate/activate your plugin at will.

A word of warning

I’ve tested the snippets on this page but adding code in this way has the potential to bring your site down with a fatal error. It is not possible to test for every conflict, specific hosting set-up, plugin & theme conflicts, WordPress versions, etc. It may also be possible for somebody with malicious intent to give you code that could include malware or other security risks. Always have a read of the code as best you can to understand what it does, never implement custom code from somebody you don’t trust and always have a back-up.

⚠️ Always test new code on a development website first!

That being said, let’s get rolling with my ultimate list of WordPress functions to supercharge your website.

Functions to optimise your WordPress website

Disable WordPress emoji 😊

If you don’t use emoji on your website or are happy to support them only in browsers that can render system emoji then you can remove these extra scripts & styles from your website with the following function.

/* Disable WordPress Emoji */ function disable_wp_emoji() { remove_action('admin_print_styles', 'print_emoji_styles'); remove_action('wp_head', 'print_emoji_detection_script', 7); remove_action('admin_print_scripts', 'print_emoji_detection_script'); remove_action('wp_print_styles', 'print_emoji_styles'); remove_filter('wp_mail', 'wp_staticize_emoji_for_email'); remove_filter('the_content_feed', 'wp_staticize_emoji'); remove_filter('comment_text_rss', 'wp_staticize_emoji'); add_filter('emoji_svg_url', '__return_false'); } add_action('init', 'disable_wp_emojicons');

Disable RSS feeds

/* Disable RSS feeds */ function fb_disable_feed() { wp_die( __('RSS not available, please visit our <a href="'. get_bloginfo('url') .'">website</a> instead.!') ); } add_action('do_feed', 'fb_disable_feed', 1); add_action('do_feed_rdf', 'fb_disable_feed', 1); add_action('do_feed_rss', 'fb_disable_feed', 1); add_action('do_feed_rss2', 'fb_disable_feed', 1); add_action('do_feed_atom', 'fb_disable_feed', 1);

Disable RSD link

RSD (Really Simple Discovery) is required for XML-RPC clients, pingbacks, etc. If you don’t require pingback/remote client support then you can disable this unnecessary header with the following code.

/* Disable RSD link */ remove_action('wp_head', 'rsd_link');

Disable shortlink

WordPress adds a shortlink in your header code. If you’re not using this shortlink for any functionality then you can remove them.

/* Disable shortlink */ remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);

Disable embeds

WordPress introduced oEmbed features in 4.4 which allows any site to embed WordPress posts remotely. By adding the following code, it will prevent the related JS file from loading but also prevent others from embedding your blog posts.

/* Disable Embeds */ function disable_embed() { wp_dequeue_script('wp-embed'); } add_action('wp_footer', 'disable_embed');

Remove WLManifest

Use Windows Live Writer? Probably not. You can remove this XML file linking in your header with the following code.

/* Remove Windows Live Writer Manifest */ remove_action('wp_head', 'wlwmanifest_link');

Functions to customise your WordPress admin dashboard

Customise the WordPress login page

Customise the look and feel of your WordPress login page by adding your own CSS file and pointing the WordPress links to your own website. You will need to upload your own CSS file to your theme and edit the path on line 6 accordingly.

/* Customise WordPress login page */ // Link to your own login css so you can style it function custom_login_css() { wp_enqueue_style('custom_login_css', get_template_directory_uri() . '/assets/styles/login.css', false); } // Change logo link to your site function custom_login_url() { return home_url(); } function custom_login_title() { return get_option('blogname'); } add_action('login_enqueue_scripts', 'custom_login_css', 10 ); add_filter('login_headerurl', 'custom_login_url'); add_filter('login_headertitle', 'custom_login_title');

Hide ‘Comments’ from WordPress sidebar & admin bar

It seems that increasingly blogs nowadays forgo a comments section. If you’re not using yours, remove some admin clutter by removing the ‘Comments’ links in the admin sidebar and admin bar.

/* Hide 'Comments' from admin */ // Removes from sidebar function remove_comments_sidebar_link() { remove_menu_page('edit-comments.php'); } add_action('admin_menu', 'remove_comments_sidebar_link'); // Removes from admin bar function remove_comments_topbar_link($wp_admin_bar) { $wp_admin_bar->remove_menu('comments'); } add_action('admin_bar_menu', 'remove_comments_topbar_link', 999); // Removes from post and pages function remove_comment_support() { remove_post_type_support( 'post', 'comments' ); remove_post_type_support( 'page', 'comments' ); } add_action('init', 'remove_comment_support', 100);

Add your own admin footer text

With this simple function you can replace the default “Thank you for creating with WordPress” text in the admin footer with your own HTML message.

/* Add my own custom admin footer message */ function custom_admin_footer() { _e('<span id="footer-thankyou">Website by <a href="#" target="_blank">My Name</a></span>.', 'jointswp'); } add_filter('admin_footer_text', 'custom_admin_footer');

Show update notices to admins only

/* Show update notices to admins only */ function show_update_admin_only() { if(!current_user_can( 'update_core')) { remove_action('admin_notices', 'update_nag', 3); } } add_action( 'admin_head', 'hide_update_notice_to_all_but_admin', 1 );

Add your own custom dashboard widget

/* Add your own custom dashboard widget */ function my_dashboard_widget() { echo ' <h2>My Dashboard Widget</h2> <p>I can put anything I like in here!</p> '; } function add_dashboard_widgets() { wp_add_dashboard_widget('custom_dashboard_widget', 'My Custom Dashoard Widget', 'my_dashboard_widget'); } add_action('wp_dashboard_setup', 'add_dashboard_widgets');

Create a custom settings page

Adapted from Create a WordPress Theme Settings Page with the Settings API

/* Create custom global settings */ function custom_settings_page() { ?> <div class="wrap"> <h1>Custom Settings</h1> <form method="post" action="options.php"> <?php settings_fields( 'section' ); do_settings_sections( 'theme-options' ); submit_button(); ?> </form> </div> <?php } function custom_settings_add_menu() { add_theme_page( 'Custom Settings', 'Custom Settings', 'manage_options', 'custom-settings', 'custom_settings_page', null, 99 ); } add_action( 'admin_menu', 'custom_settings_add_menu' ); // Example setting function setting_twitter() { ?> <input type="text" name="twitter" id="twitter" value="<?php echo get_option('twitter'); ?>" /> <?php } function custom_settings_page_setup() { add_settings_section( 'section', 'All Settings', null, 'theme-options' ); add_settings_field( 'twitter', 'Twitter Username', 'setting_twitter', 'theme-options', 'section' ); register_setting( 'section', 'twitter' ); } add_action( 'admin_init', 'custom_settings_page_setup' );

/* Retrieve a field in your theme */ echo get_option('twitter');

Remove the WordPress admin bar

/* Remove admin bar */ function remove_admin_bar() { remove_action('wp_head', '_admin_bar_bump_cb'); } add_action('get_header', 'remove_admin_bar');

Add thumbnail column to post listing

From taniarascia on GitHub. You may need to regenerate thumbnails after.

/* Add thumbnail column to post listing */ add_image_size('admin-list-thumb', 80, 80, false); function wpcs_add_thumbnail_columns($columns) { if(!is_array($columns)) { $columns = array(); $new = array(); foreach( $columns as $key => $title ) { if($key == 'title') // Put the Thumbnail column before the Title column $new['featured_thumb'] = __( 'Image'); $new[$key] = $title; } return $new; } function wpcs_add_thumbnail_columns_data($column, $post_id) { switch($column) { case 'featured_thumb': echo '<a href="' . $post_id . '">'; echo the_post_thumbnail('admin-list-thumb'); echo '</a>'; break; } } if(function_exists( 'add_theme_support')) { add_filter( 'manage_posts_columns', 'wpcs_add_thumbnail_columns'); add_action( 'manage_posts_custom_column', 'wpcs_add_thumbnail_columns_data', 10, 2); }

Functions to help make your WordPress website more secure

Hide WordPress login errors

Hiding logging errors can help make your website more secure by hiding what is wrong with a login attempt from an attacker. By default, WordPress will let you know if your username exists or not which can make your website less secure.

/* Hide Login Errors */ function hide_login_errors(){ return 'Something is wrong!'; } add_filter('login_errors', 'no_wordpress_errors');

Disable XML-RPC in WordPress

XML-RPC is a throwback to the days before WordPress was even called WordPress. Back when internet connections were slow and lots of work was done offline, 3rd-party blogging clients could connect to a WordPress blog via XML-RPC to publish. Now, if you’re not using this functionality, it exists only as a potential route for exploit.

/* Disable XML-RPC */ add_filter('xmlrpc_enabled', '__return_false'); remove_action('wp_head', 'rsd_link'); remove_action('wp_head', 'wlwmanifest_link');

Disable file editing from WordPress dashboard

For a hint of added security you can disable theme and plugin file editing from within the WordPress admin panel.

/* Disallow file editing from WordPress admin */ define('DISALLOW_FILE_EDIT', true);

Remove the WordPress version number from head

Displaying your WordPress version number in your websites header gives potential attackers extra information that could be used against you. Of course, you should always run the latest version of WordPress, but you can hide your specific version using this snippet.

/* Remove WordPress version from head */ function wpb_remove_version() { return ''; } add_filter('the_generator', 'wpb_remove_version');

Disable login via email

WordPress allows you to login via both email and username by default. You can disable the email option with the following line of code.

/* Disable login via email */ remove_filter('authenticate', 'wp_authenticate_email_password', 20);

Functions to customise your WordPress frontend

Change the excerpt length

Change the default WordPress excerpt length with this handy snippet. Change the number 25 on line 6 to your desired length.

/* Modify excerpt length */ function custom_excerpt_length($length) { return 25; } add_filter('excerpt_length', 'custom_excerpt_length', 999);

Custom ‘Read More’ link

function new_read_more($more) { global $post; return '... <a href="'. get_permalink($post->ID) . '" class="read_more">Read More →</a>'; } add_filter('excerpt_more', 'new_read_more');

Add a Google Font

Add a Google Font that you can apply using CSS with the following script using Open Sans as an example.