You can put your code in a plugin, then create a REST API endpoint.
For example lets create a plugin, just put a PHP file wp-content/plugins/ahmedsplugin.php or wp-content/plugins/ahmedsplugin/plugin.php with a comment in it at the top like this:
<?php
/**
* Plugin Name: Ahmeds Plugin
**/
... your code goes here ...
Now you’ll see “Ahmeds Plugin” in the plugins folder. A plugin is just a PHP file in the plugins folder, or a subfolder of the plugins folder, that has that comment at the top.
You can put WP code in here that will run such as filters, actions, classes, etc. Some people put these things in their themes functions.php, but themes are for visuals/presentation, and you lose it all when you switch a theme.
Note this code will run before a theme template is loaded, and before the init hook. You should try to put all your code in hooks for better control of when it runs.
Now lets make an endpoint that your javascript can make a request to. Start by telling WP you want to create an endpoint:
add_action( 'rest_api_init', function () { // when WP sets up the REST API
register_rest_route( // tell it we want an endpoint
'ahmed/v1', '/test/', // at example.com/wp-json/ahmed/v1/test
[
'methods' => 'GET', // that it handles GET requests
'callback' => 'ahmed_test_endpoint' // and calls this function when hit
]
);
} );
When you visit /wp-json/ahmed/v1/test it will run the function ahmed_test_endpoint, so lets create that function:
function ahmed_test_endpoint( $request ) {
return 'Hello World';
}
The REST API will take whatever you return, JSON encode it, and send it out.
You can return a WP_Error object if something goes wrong and it will change the HTTP codes etc and output the message. If you need any of the parameters, use the $request object, e.g. if you added ?bananas=yummy to the URL, then $request['bananas'] will contain "yummy", just like $_GET.
Remember to flush/resave your permalinks when you add a new endpoint!
Now when we go to yoursite.com/wp-json/ahmed/v1/test you’ll see "Hello World"
If you like, you can expand register_rest_route to add more information, such as which parameters your code expects, how to validate them, checking if the user is logged in and has permission to do what they want to do, etc.
If you do this, the REST API will even help you out, so if you tell it there’s going to be an ID parameter, but none is given, it’ll tell you the ID parameter is missing. Admin AJAX, or stand alone PHP files won’t do this, and it makes debugging very difficult. It also greatly improves security
Why Not A Standalone PHP File?
- WP APIs won’t be available so you’ll need to bootstrap WP manually, which is painful
- The endpoint is available even if your plugin/theme is deactivated which can pose a security issue
- Other plugins can’t hook into it, so no benefits from caching or optimisation plugins, so there’s a possible performance penalty
- You’ll need to roll out all the security checks yourself, building them manually, and that’s not easy. WP will do them for you if you use the REST API
In the olden days, the solution was to use the Admin AJAX API, but it doesn’t do a lot for you. Also, it’s very unforgiving, if you don’t match your AJAX actions correctly, you get a cryptic response. It also does no checking beyond logged in/out, no validation or sanitisation, and no discovery mechanisms