Shortcode to include PHP file, pass various parameters to include?

Thanks for your comments and guidance. I implemented solutions which didn’t reinvent the wheel.

The complication was finding a way to remove the [insert_php][/insert_php] wrapped code from pages and posts and still preserve the content and user experience.

Custom Template Pages

Pages and Posts which were almost entirely PHP were made into custom template files. These were placed into my child theme folder. Old posts and pages were updated to the custom templates.

For large websites, I suggest writing a command line script to bulk update post templates. Or, use a good plugin.

Created Short Codes for Content Snippets

All instances of PHP includes, tables and DB calls within posts and pages were rewritten as short codes. These codes were added to my child theme’s functions.php file.

This preserved essential tables, ads and images. Also, I removed text from within the PHP wrapper and placed it back into the WP content. This makes for much easier content management and integration with helpful plugins like Yoast SEO.

Easier to update content

I’ve found periodically re-coding my content functions improves efficiency and maintenance. It’s similar to editing and rewriting written prose.

Making these changes was lengthy. However it will be much easier to update content snippets in the future!

Faster Website

Removing the [insert_php][/insert_php] content and plugin improved server performance and page speed. This is critical for SEO. Google Page Speed Insights noted a slight but noticeable improvement in server response time, roughly 0.30 ~ 0.23 for most pages.

Previously the server had to process all WP PHP, then run my own PHP wrapped inside each post. This was redundant and wasted time.

More Secure

Running a PHP wrapper inside WP content creates a substantial security vulnerability. Remember, these wrappers allow any PHP code to be executed, including MySQL, Exec, etc. commands. This is dangerous even if you have secured your WP site and database.

Now my sites are much safer. As an aside, I suggest using 2 Factor authentication for WP login. If someone gets in and runs PHP code (or installs a PHP wrapper plugin and subsequently runs code) you could be in big trouble!

2 Factor login adds an extra layer of security even if you password gets compromised. I recommend a plugin with Google Authenticator.

Do PHP Plugins Have Any Valid Purpose?

At this point I’m not sure. Given immense security risks, I wouldn’t recommend them for large, high traffic websites.

I definitely would not recommend them if you’re including DB logins, passwords and SQL queries to non-WP DBs in your code. If you must, make sure your DB user is limited to one database and “SELECT” queries. Do NOT give such users global privileges.

They might be helpful for testing. It is much easier for newbies to use these plugins while experimenting with content and design ideas than custom-coding a template. But I would highly recommend doing so after testing is done.

Finally, if it is possible to limit PHP commands and output, these plugins might be less risky.

Related Posts:

  1. Get value from shortcode to do something
  2. How Can I Display the Last Modified Date for User Profiles on WordPress?
  3. How to manually fix the WordPress gallery code using PHP in functions.php?
  4. Shortcode putting html such as
  5. ob_get_clean returns empty string, ob_get_flush outputs string
  6. Counting number of posts in a category and its sub categories and displaying result using shortcode
  7. Shortcode created to check language not works
  8. Add/echo div with Analytics-Code to function in functions.php
  9. How do I know what variables are passed in a filter/action and what their meaning is?
  10. Custom plugin issue when trying to use the shortcode twice on a page [closed]
  11. How can I default to all WordPress roles when parameter is not included in shortcode?
  12. WordPress menu deletes when trying to add a hook
  13. Wrap each shortcode in array to div
  14. Can I change a variable in a content part while calling it?
  15. Recent post display using shortcode
  16. Nested shortCode functions in the functions.php file
  17. Making Quote Plugin more efficient
  18. Placing raw HTML inside a WordPress shortcode
  19. Shortcode content output but not in correct place
  20. is_page “range” for if statement?
  21. PHP code inside shortcodes
  22. Shortcode content filter?
  23. Trigger popup in a php if/else statement
  24. functions.php is being included twice, creating PHP fatal errors
  25. How to output a PHP file values by shortcode?
  26. Showing content from one page on another
  27. How to display posts by current user in a drop down
  28. Custom shortcode outputs plain text instead of HTML at top of post
  29. Pass php dynamic variable to shortcode
  30. How to Reference/Echo Variable from Another PHP Function
  31. Remove echo from shortcode
  32. Shortcode with PHP issue “Undefined index”
  33. Shortcode from a function not working
  34. Display Data in Table from External Database in WP using Shortcodes
  35. Is it possible to return content, and then also continue to do other things?
  36. ::before on open/close function [closed]
  37. Is it possible to define variables in a wordpress shortcode, and then call the shortcode using a specific variable?
  38. Creating WordPress Shortcode with Variable
  39. Shortcode to find and replace URL
  40. Where is this function’s callback getting its arguments from?
  41. Help with WordPress function inside a shortcode
  42. calling a custom field value inside functions.php
  43. List all blogs, but exclude the main site
  44. Shortcode to embed Edit Account form not working
  45. Shortcode for Listing Users from Meta Value?
  46. Cant display an image via PHP in wordpress
  47. Need to Modify a WordPress Shortcode with another wordpress shortcode
  48. How to return a string that has a jQuery and Ajax inside in a shortcode?
  49. Create special button on WP Tiny MCE Posts Editor for Shortcodes
  50. Include a file that has a function in it
  51. Adding a Tag Parameter / Filter to My Shortcode
  52. AJAX function not working [closed]
  53. How do I call an external php non WordPress class into functions.php?
  54. Updating Metadata with Shortcode
  55. Display logged in user name and lastname on page
  56. Create shortcode for metabox gallery
  57. Display Visual Composer shortcode if a post belongs in specific categories
  58. Why is the current page loaded in the pop-up window and not the specified one?
  59. How do I reopen the (Popup Maker) after entering the correct password for a password protected page?
  60. Block error message in foreach loop when looping through ACF field
  61. How to pass parameters in wordpress shortcode?
  62. require get_template_directory() . ‘path/to-my/file.php’ BREAKS customize > themes functionality
  63. How can I prevent a shortcode div from extending beyond its boundaries?
  64. PHP multiple forms, same page, isset($_POST[]) not working?
  65. Gravity Forms: How to add PHP function to confirmation conditional shortcode?
  66. wpdb->query returns different value to phpMyAdmin
  67. shortcodes, custom php and their errors
  68. Display a custom name when the user has no name settle in his account
  69. Having trouble creating two shortcodes, one for logged in user and one for visitors
  70. Show data obtained from a function and place it in a shortocode function
  71. Before & After Content – After Content directly below Before Content when using require_once
  72. Display current user metadata on WordPress page
  73. Reload page with a different shortcode when a user selects from a dropdown
  74. PHP/CSS: Shortcode won’t display correctly, and only displays in the head (before content)
  75. Offset with ajax load more posts duplicates
  76. Get posts by id using shortcode
  77. Shortcode’s output to use as other shortcode’s parameter
  78. Open/closed function [closed]
  79. Need to Echo A Url path to show on a wordpress page
  80. PHP get_category() function redeclared
  81. Wrapping shortcode content in a span or link
  82. Need help with PHP functions
  83. How to pass parameter that ends up being part of a class name with wordpress shortcode
  84. How to have Function of a plugin using global vars into a shortcode?
  85. Overwriting a Shortcode
  86. Shortcoding with Divs
  87. Shortcode not passing variable to included file
  88. php “use” not working in template [closed]
  89. Whats wrong with my code? Need To add String to shortcode? [closed]
  90. My title is showing after the shortcode
  91. A next page function with shortcode?
  92. WP Custom tables query
  93. Display terms on product page with shotrcode
  94. How call WordPress shortcode inside function file
  95. Show Login Errors In WordPress/Elementor (Code “works”, but breaks site)
  96. Incorrect amount of posts returned when filtering related Woo products by custom taxonomy
  97. How to put a form with php code into a variable or shortcode?
  98. How to add custom text near category/tag title in WordPress Twenty Fifteen Theme?
  99. Show contact 7 form in popup
  100. Issues separating my Plugin pages into different files