Support » Plugins » Hacks » Call an external functions file from functions.php

  • Tom



    For each clients site I work on, I find myself adding certain functions to the functions.php file – there’s around 12 different hacks that I add to all sites.

    However if I need to change the code of one of these hacks, I then need to go & edit all functions.php files on each website individually.

    What I’d like to do is on the clients sites, have just one function added which calls a php file on my own website. This file will contain all the hacks.

    This way, when I need to update any of the hacks, I’ll only need to make the changes to the php file on my server.

    Can anyone help me?


Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugins.



    I’d like to say that’s helpful, Cynnie – but it’s not.

    What I’m looking to do is something like this:


    What you described is exactly what a plugin is, and what they are for.



    I have been using WordPress for many years and I’m quite aware what plugins are & what they’re for.

    They are not what I’m looking for here.

    I have certain hacks in the themes’ functions.php files, and I’d like to keep it this way.

    If I created a plugin (or pluginS), I would still need to update them on all the sites each time a change is made.

    What I want to do is have just ONE file on my own domain which I will update as & when needed. All the other sites will call this file from their own functions.php file, so when I update the PHP file on MY site, all the OTHER sites will be running the latest code.

    This way there’s no need to go & edit every site, or re-upload plugins to each site individually.

    I wouldn’t mind if it was just a handful of sites, but it’s more like 45 sites..

    You could try a curl with the file.

    But this will slow down the server response time for every site, as it has to wait for this file to be transfered.

    Moderator bcworkz


    cURL could work. Script could just do a HEAD request to see if there’s a newer file to download. Could be done as a daily scheduled task so that normal server requests are not affected.

    Be sure your script can’t be exploited to download somebody else’s file!

    No, CURL won’t work. Not for what Tom wants anyway. I you “include” a file through CURL it will be the actual returned HTML genereated from that file, not the source code from the file.

    The only way to get around this is save the file as another file extension like .txt and as soon as someone that’s not quite as nice as the rest of us finds out about this file, there’s a good chance that they’ll try to hack either your site, or try some hijacking to over-write that file on any request to it. Imagine what would happen if the code gets intercepted somewhere, and replaced with something nasty. If you’re clients sites are executing that code you could be in for a world of problems.

    In short, it’s very dangerous for your clients to do this. That’s why it’s not done as a regular practice.

    The only way that I’d suggest that this might work will only be good if all of the sites are hosted on the same server. That way you can have the file in a central place, and the sites can all include that file. There’s still a few security issues, but they are a lot less then some publicy available file.



    Thanks Michael – about 99% of the sites in question are all hosted on the same server (ours).

    In which case if I wanted to do this, how would I go about doing so?
    Would I just call the .php file (as in the 3rd post of this thread)?

    Also, what security risks are there if doing this? Is it not just the same as calling any other .php file, although it’d be called from a different domain?


    You cannot include a PHP file from another server into your site and make it run/function. What you will get is the final result of the processed PHP page, so you will get source code and not the PHP code that you expect.

    If the file is stored as a .phps (PHP source) file then it will come over as straight PHP code, but the security problems that are around with that is that if someone gets to redirect traffic from your server to point to their server and inserts some malicious code that you have requested to include, they will have full PHP access to your system, and all of your clients systems as well. This means that they can have full database access, full file system access and they can do pretty much anything that they want to your sits, and your clients sites.

    The best way to actually do this is to serve the content as HTML. You can write a script that can perform anything that you need it to before you send the output back, and then you are keeping everything safe. Do not ever parse and use PHP code from an outside source – ever.

    cynnie88 is correct. The best way to approach this is to create a plugin that can simply be uploaded to each site.



    Thanks Michael, that’s most helpful. I think perhaps it’s best I get one of my more knowledgeable Dev’s to dig into this further.

    Thanks again

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Call an external functions file from functions.php’ is closed to new replies.