PHP code snippets (Insert PHP)


This plugin helps to use php code snippets in admin area without adding this code to function.php. You can use snippets shortcodes in posts, pages and widgets.

Description of the new plugin (PHP code snippets) version 2.x.x

PHP code snippets is a new version of the popular Insert Php plugin. Insert php used to execute code inside [insert_php][/insert_php] tags on WordPress pages and posts. For now, old [insert_php] shortcodes are still supported, and you can use them. Still, we recommend you to use the code inside special snippets visible and available to administrators only.

Snippet is a small piece of php code helping to extend your WordPress capabilities. It’s a common thing in bloggers world – they usually add these pieces to the articles or write tutorials on how to solve a particular problem without plugins. However, you should know that placing the code to function.php is not the only option, and there is a better and cleaner way – to add snippets through the PHP code snippets plugin.

Our plugin has a very friendly interface helping you to place and execute fragments of code. You should add your code to the code editor, comment it and save the snippet. This snippet can be executed on all website or on the particular page where the shortcode is placed.

Example of using shortcodes:
if( is_user_logged_in() ) {
echo ‘Download file‘;
} else {
echo “You must be logged in to download the file.”;

Example of executing code for the whole website (global):
remove_action(‘wp_head’, ‘wp_generator’);
remove_action(‘wp_head’, ‘rsd_link’);
remove_action( ‘wp_head’, ‘wlwmanifest_link’);
remove_action( ‘wp_head’, ‘wp_shortlink_wp_head’);

Description of the old plugin (Insert php) version 1.3

This plugin helps to use php code snippets in Admin panel without adding this code to function.php. You can use snippets shortcodes in posts, pages and website widgets.

Run PHP code inserted into WordPress posts and pages.

The PHP code is between special tags (“[insert_php]” instead of “<?php” and “[/insert_php]” instead of “?>”).

The PHP code runs as the page is sent to the browser. Output of the PHP code is published directly onto the post or page where the PHP code between the special tags is located.

The code between the tags must be complete in and of itself. References to variables or code blocks outside the area between the tags will fail. See the “more information” URL for an explanation of this.

Examples of use:

  • Publish local time (users’ computer clock settings being unreliable).

  • Insert output of a PHP script, or just to run a script whether or not it generates output.

  • Check/manipulate cookies or other actions that JavaScript can accomplish when using JavaScript is undesirable.

More information about the Insert PHP plugin can be found here:


  • Snippets list
  • Edit snippet
  • Run snippet by a shortcode
  • Run snippet in widget
  • Old way to use the plugin


  1. Upload the plugin files to the /wp-content/plugins/plugin-name directory, or install the plugin through the WordPress plugins screen directly.

  2. Activate the plugin through the ‘Plugins’ screen in WordPress

  3. Use the PHP Snippets -> Add snippet, to create a new snippet


Installation Instructions
  1. Upload the plugin files to the /wp-content/plugins/plugin-name directory, or install the plugin through the WordPress plugins screen directly.

  2. Activate the plugin through the ‘Plugins’ screen in WordPress

  3. Use the PHP Snippets -> Add snippet, to create a new snippet

Why is it better to use PHP code snippets plugin instead of function.php? (For last version)

With a new update of WordPress theme, you can lose all changes in the function.php file. Our plugin stores snippets in the database, so all data is safe until you remove the plugin. Also a huge amount of snippets in function.php looks messy and confusing; it is really hard to find something when the file is quite big.

How to use other plugins’ shortcodes in PHP snippets? (For last version)

You should call a shortcode using the following function:

if ( is_user_logged_in() ) {
echo do_shortcode(‘[contact_form id=”297″]’);
} else {
echo “You must log in.”;

The snippet code executed with an error and I cannot change it, what should I do? (For last version)

Do not despair! Even an experienced person can make mistakes. We created a secure mode for this case. Go into it and your snippets code will not be executed.

  1. Go to the safe mode by this link:
  2. Edit the snippet in which you made a mistake;
  3. Leave safe mode by clicking the link:

Great, now you should not have any issues!

Do I need to include the < ?php, tags in my snippet? (For last version)

No, just copy all the content inside those tags. If you accidentally forget (or just like being lazy), the tags will be stripped from the beginning and end of the snippet when you save it. You can, however, use those tags inside your snippets to start and end HTML sections

Can the plugin be completely uninstalled? (For last version)

Yes, when you delete PHP code snippets (Insert PHP) using the ‘Plugins’ menu in WordPress it will clean up the database table and a few other bits of data. Be careful not to remove PHP code snippets (Insert PHP) by deleting it from the Plugins menu unless you want this to happen.

Will I lose my snippets if I change the theme or upgrade WordPress? (For last version)

No, the snippets are stored in the WordPress database and are independent of the theme and unaffected by WordPress upgrades.

Does plugin work with multisite? (For last version)

No plugin does not support multisites. This is temporary and we will try to add support for networks in the future.

How do I use this thing? (For old version)

Make a copy of the working PHP code to be used in a post or a page.

Replace “<?php” on the first line with “[insert_php]”. Replace “?>” on the last line with “[/insert_php]”.

Paste the code into your post or page.

Examples are here:

Can I have more than one place with PHP code on individual posts and pages? (For old version)

Yes. I have found no limit to the number of places PHP code can be inserted into a post or page. Probably there is no WordPress software limit. There may be a server memory limit of your PHP code uses a lot of memory.

Does the PHP output need to have paragraph and line break HTML formatting codes? (For old version)

No. HTML paragraph and line break formatting are applied to PHP output.

Do I put the PHP code into content at the “Visual” tab or the “HTML/Text” tab? (For old version)

Use the HTML/Text tab. While the Visual tab will, sometimes, the HTML/Text tab allows working with the code without the visual formatting.

Why can’t I set cookies or do a browser redirect? (For old version)

With PHP, cookies are set in the web page header lines, before any page content is processed. Redirects, too, are done in the header lines. When PHP code is within a post or a page, all the header lines have already been sent, along with part of the content. At that point, it is too late to set cookies or redirect with PHP.

I get a “Parse error: …” What do I do now? (For old version)

Unless the source code of the plugin has been changed or somehow became corrupted, the parse error is likely to be in the PHP code inserted into the post or page. Example:

Parse error: syntax error, unexpected T_STRING, expecting ‘,’ or ‘;’ in /public_html/wp331/wp-content/plugins/insert_php.php(48) : eval()’d code on line 5

Either within or at the end of the parse error message you’ll find something like this:

eval()’d code on line 5

The error is on the indicated eval()’d code line number of the PHP code you are inserting (“5” in the example). At the PHP code you inserted, count down the number of lines indicated. You’ll find the error at that line.

If you have PHP code inserted in more than one place, the error message may apply to any of those places. Temporarily remove or disable them, one at a time, until you determine which one the error message applies to.

If Insert PHP is used with an include() function, the include()’d file may be spawning the error message. In that case, the file name being include()’d and the line number of the error should be somewhere within the error message.

When the error is located, correct it and try again.


Updates are appreciated!

I’m not a php developer, I’m just a wordpress/design/front-end guy. This plugin is very useful for those who, like me, are using page building software on their WordPress sites such as Divi builder. Adding php through shortcodes allows me to turn regular modules into smart modules that can call information dynamically. I don’t have to figure out how to build a page as a template, instead I can still use the page builder on-the-fly and paste the shortcodes as content in buttons or whatever I need.

I used to run into problems with tinyMCE swapping out logical operators (like greater than >) with their HTML entity but now that the software has upgraded to snippets instead of a straight insertion that problem has gone away. If there was more documentation I would give it five-stars, but as it gives me the power I need to make smarter modules directly in my design I give it four!

Big change. Few instructions

I’ve been using insert php for ages. I understand this change for security and portability. I’m thankful for and appreciate your willingness to implement. However, I do not understand why instructions are not clear for users needing to migrate. There are also a few counter-intuitive things.

(1) If a snippet doesn’t immediately activate or is changed, it seems you need to go back to the list of snippets to activate it. It would be more useful to have the option to activate from the editing window.

(2) It isn’t obvious how having the snippet everywhere vs having a specific reference to it works from your description. I assumed I needed it everywhere because I wanted to reference it from a non-standard post-type. Instead I needed to have it only in specific places.

(3) It isn’t documented where to find the snippet ID. I figured it out, but…I would think this should be clearly displayed in the editing screen and not just the snippet list.

Great support

Had a problem where my editor had mangled my php so it wouldn’t run anymore. Support helped me work out the problem and fixed it for me.
Would thoroughly recommend this plugin.

Great support!

I am almost embarrassed for having asked the developer of this free plugin for support in using the shortcodes. He went much beyond simply supporting the plugin; he showed me the proper code for my integration.

Code Works – Security An Issue?

I’ve used this to sucessfully put in a small piece of PHP code to idenfity and re-direct mobile users to my site. While other methods exist, this was the way I could customise without having to change templates, or be limited to other plug in’s settings. I’ve no idea on the secruity aspects of using this plug in, but the latest update has changed some of the shortcode, so am assuming this is safe to use.

Do not EVER install this entirely irresponsible plugin

This is hands down the most irresponsible plugin ever developed for WordPress. PHP should not EVER be run from any frontend module. The point of server side code is that it runs ON THE SERVER, not from a browser. This should not even be available, because it has helped thousands of sites get hacked by malicious sources in the most convenient way possible to hackers.

Let me explain for the uninitiated. PHP has access to EVERY SINGLE THING your site does. Your database, your WooCommerce accounts and payment gateway, any and all information in your site, your passwords, etc, etc. Using this plugin makes it childs play for anyone with even a tiny little bit of programming knowledge to steal anything and everything on your site. They can erase your entire site. They can steal money from your customers which you are legally liable to reimburse. They can hack any other sites on your host besides the one running this plugin. They can literally have a field day with everything accessible to any part of your server. DO NOT INSTALL THIS. If you can’t figure out how to use FTP and write a plugin properly, you should NOT BE WRITING PHP.

Shame on the developer for submitting this, and also shame on anyone dumb enough to actually install it.

Using this plugin entirely invalidates ALL other security you have in place. Your SSL is useless, Wordfence/Sucuri/etc is useless, your login is useless, your database password is useless, all of it may as well not even be there at all. Not only does this make everything on your site hackable, it also makes everything connected to your site hackable. Got social media accounts connected? Congratulations, those are getting hacked too. Got your Google calendar account connected? Yep, your gmail is also getting hacked, which means that all of your password resets to every other account you have can also be hacked, including your bank account, student loan account, etc. This is the digital equivalent of storing your life savings out in the street during a looting spree.

Read all 74 reviews

Contributors & Developers

“PHP code snippets (Insert PHP)” is open source software. The following people have contributed to this plugin.




  • Changed the way to safely save snippets. Now in case of an error, you will not lose the snippet changes. And also now there is no verification for snippets created for shortcodes, because of what many users had a problem with saving their old code.
  • You can get the values of the variables from the shortcode attributes. For example, if you set the my_type attribute for the shortcode [wbcr_php_snippet id=”2864″ my_type=”button”], you can get the value of the my_type attribute in the snippet by calling $my_type var.
  • Added feature to set tags for snippets
  • Added an instruction on how to export and import your own snippets
  • Some bugs fixed.


  • Fixed critical bug with $wp_query. It was a conflict with some plugins that overwritten the global variable $wp_query.
  • All created and updated snippets by default, are now active.


Fixed a bug where you do not have enough permissions to view the page.


Attention! This new 2.0 plugin version, we added the ability to insert php code using snippets. This is a more convenient and secure way than using shortcodes [insert_php] code execute [/ insert_php]. However, for compatibility reasons, we left support for [insert_php] shortcodes, but we will depreciate them in the next versions of the plugin.

We strongly recommend you to transfer your php code to snippets and call them in your posts/pages and widgets using [wbcr_php_snippet id = “000”] shortcodes.


Fixed issue with str_replace() when haystack contained a slash character.


Changed handling of content.


Bug fix. Added ob_end_flush(); and changed variable names to remove opportunity for conflict with user-provided PHP code.


First public distribution version.