Allow PHP in WordPress Pages and security issue (2 posts)

  1. bloggingandwb
    Posted 2 years ago #

    I want to add PHP codes for pages to a big project.

    I am going to use http://wordpress.org/plugins/allow-php-in-posts-and-pages/ plugin.

    Read 2 comment in this post (http://www.wpbeginner.com/plugins/how-to-allow-php-in-wordpress-posts-and-pages/)

    Comment 1 : No, for obvious reasons this would be an invitation to be hacked. Its very simple to create a shortcode instead (with your own plugin) or use something like the “post snippets” plugin instead.

    Comment 2: For the love of Christ, don’t execute PHP from the CMS, probably the single worst thing apart from publishing your FTP details as far as security goes.

    Is it true?

    How I add PHP codes to WordPress pages?

  2. catacaustic
    very awesome
    Posted 2 years ago #

    Very true. I know that plugin is good and does it's job well, but I would never trust PHP code inside my pages/posts. It's just to much of a risk for someone to try and hack something in where it's not meant to be. Shortcodes are difinately the answer to what you're looking for. They let you add in extra functionality and let you keep control of the code, not your editors.

Topic Closed

This topic has been closed to new replies.

About this Topic