How to Develop a PHP File Include Plugin for WordPress

Share this article

WordPress can save developers weeks of effort. It’s difficult to justify writing your own CMS when it offers so many features. That said, there are times when you want to inject your own PHP code; perhaps a custom form or a report generated by another system. To insert your code on every WordPress page or post, you can simply add a PHP include() function to page.php or single.php accordingly, e.g.


include('mycode.php');
Assuming mycode.php resides in your theme folder (wp-content/themes/theme-name), it will be included and executed at that point. But what if you need to include a file on a specific post/page or within the middle of a content block? We need a WordPress plugin…

Creating the Plugin

Create a new file named php-include.php in your plugins folder (wp-content/plugins) and add a header so it can be identified by WordPress:

<?php
/*
Plugin Name: PHP File Includer
Plugin URI: https://www.sitepoint.com/
Description: Include PHP files using a shortcode
Version: 1.0
Author: Craig Buckler
Author URI: http://optimalworks.net/
License: Use this how you like!
*/
This is followed by our primary function, PHP_Include(). It expects an array of parameters although we’re just using one — file. If it’s not passed, file set to ‘default’:

// include PHP file
function PHP_Include($params = array()) {

	extract(shortcode_atts(array(
	    'file' => 'default'
	), $params));
	
	ob_start();
	include(get_theme_root() . '/' . get_template() . "/$file.php");
	return ob_get_clean();
}
The function assumes you’re requesting a file which resides in the theme folder. The last three lines include the file and return its executed contents using PHP’s output buffering functions.
warning: With great power…
…comes great responsibility. This plugin may be small but it allows anyone to execute arbitrary code. That’s not be a problem if you’re the sole editor of your own blog, but you should be wary of other users. Optionally, you could modify the include statement’s location or only permit files with a specific name pattern, e.g. “/include/mycode-$file.php”. This should safeguard against users including any PHP file.
Finally, we’ll register our function as a shortcode handler:

// register shortcode
add_shortcode('phpinclude', 'PHP_Include');
Save the file and activate the plugin in your WordPress control panel.

Including a PHP File

The following shortcode can now be added to any page or post:

[phpinclude file='mycode']
Assuming mycode.php exists in your theme’s folder, it will be inserted at that point in the content. I hope you find it useful.

Frequently Asked Questions on Developing a PHP File Include Plugin for WordPress

What is the importance of PHP in WordPress development?

PHP is a server-side scripting language that forms the backbone of WordPress. It is responsible for all the functions and features we see on WordPress websites. From the theme customization to the plugins, everything is driven by PHP. It is the language in which WordPress was originally written and continues to be the primary language for WordPress development. Understanding PHP is crucial for anyone looking to develop themes or plugins for WordPress.

How does a PHP file include plugin work in WordPress?

A PHP file include plugin allows you to insert the content of one PHP file into another. This is particularly useful when you have a piece of code that needs to be used in multiple places. Instead of duplicating the code, you can write it once in a PHP file and then include that file wherever the code is needed. This not only makes your code more organized but also easier to maintain and update.

What are the steps to develop a PHP file include plugin for WordPress?

Developing a PHP file include plugin involves several steps. First, you need to create a new PHP file in your WordPress plugin directory. This file will contain the plugin header, which tells WordPress that it’s a plugin. Next, you need to write the function that will include your PHP file. This function uses the include() or require() function to insert the content of the PHP file. Finally, you need to hook your function into WordPress using add_action() or add_filter().

What is the difference between include() and require() in PHP?

Both include() and require() are used to include the content of one PHP file into another. The difference lies in how they handle errors. If the file to be included is not found, include() will throw a warning but the script will continue to execute. On the other hand, require() will throw a fatal error and stop the script execution.

How can I ensure the security of my PHP file include plugin?

Security is a crucial aspect of any WordPress plugin development. To ensure the security of your PHP file include plugin, you should always validate and sanitize user input, use nonces to protect against cross-site request forgery attacks, and check user permissions before performing any action. Additionally, you should always use the WordPress API functions for database queries to prevent SQL injection attacks.

Can I use PHP file include plugin to include files from external sources?

While it’s technically possible to include files from external sources using a PHP file include plugin, it’s generally not recommended due to security risks. Including files from external sources can expose your website to potential attacks and vulnerabilities. It’s always safer to include files that are hosted on your own server.

How can I debug my PHP file include plugin in WordPress?

WordPress provides several debugging tools that can help you troubleshoot issues with your PHP file include plugin. The WP_DEBUG constant, for example, can be used to display PHP errors on your website. Additionally, you can use the debug.log file to log any errors or warnings.

What are the best practices for developing a PHP file include plugin for WordPress?

Some of the best practices for developing a PHP file include plugin include: using a unique name for your plugin to avoid conflicts with other plugins, following the WordPress coding standards, writing clean and well-commented code, and testing your plugin thoroughly before releasing it.

Can I use PHP file include plugin to include HTML files?

Yes, you can use a PHP file include plugin to include HTML files. However, you need to ensure that the HTML code is properly formatted and does not contain any PHP code. If the HTML file contains PHP code, it will not be executed.

How can I update my PHP file include plugin in WordPress?

Updating your PHP file include plugin involves modifying the plugin file and then uploading it to your WordPress plugin directory. You should always backup your website before updating any plugin to prevent any potential data loss. After updating the plugin, you should test your website thoroughly to ensure that everything is working as expected.

Craig BucklerCraig Buckler
View Author

Craig is a freelance UK web consultant who built his first page for IE2.0 in 1995. Since that time he's been advocating standards, accessibility, and best-practice HTML5 techniques. He's created enterprise specifications, websites and online applications for companies and organisations including the UK Parliament, the European Parliament, the Department of Energy & Climate Change, Microsoft, and more. He's written more than 1,000 articles for SitePoint and you can find him @craigbuckler.

PHPpluginWordPress
Share this article
Read Next
Get the freshest news and resources for developers, designers and digital creators in your inbox each week
Loading form