Code snippets for WordPress

A bad snippet should cost you one page load. Not an afternoon.

WP Snippet Studio runs header, body and footer code without touching functions.php. PHP goes through the real parser before it saves, and a watchdog switches off any snippet that kills the request. You find out from a notice in wp-admin, not from a client.

FROM $49/YEAR · LIFETIME OPTION · 14-DAY GUARANTEE

Parsed before it saves · broken PHP never lands Watchdog disables the snippet that crashed Safe mode from wp-config.php, no admin needed Own database table, out of reach of the REST API
“I pasted one line into a snippet plugin on a Friday and the whole site went white. Including wp-admin.”
— Everyone who has used a snippet plugin for long enough

The code was three lines and the recovery was an hour of FTP. WP Snippet Studio checks PHP with the parser before it can be saved, and keeps a record of the snippet that is running so a crash names its own cause. The next request switches that snippet off and tells you what happened.

How it works

Write it once. Put it where it belongs.

Snippets run from the database, on the hook you choose, at the priority you set. Nothing is written into a theme file, so deactivating the plugin removes every effect at once.

PLACE

Header, body open, footer

Three insertion points, each of which can run site-wide or in the admin only. Tracking tags, verification meta, chat widgets, the pixel the marketing agency emailed over on a Friday. Set it here and it survives the next theme switch.

TYPES

Five kinds of snippet

HTML, CSS, JavaScript, PHP and plain text. Each type is handled as what it is, so CSS is enqueued as CSS and PHP is executed as PHP rather than being wrapped in a script tag and hoped over.

SHORTCODE

Runs where you put it

A shortcode snippet gets a shortcode instead of a hook. Drop it into one page and it runs on that page alone, rather than loading on every request so it can appear in one place. Good for calculators, embeds the block editor refuses, and anything tied to a single piece of content.

TARGET

Conditional logic · Pro

Run a snippet only on the contexts you name: front page, singular views, archives, a post type, specific post IDs, a URL path, a user role, a device, or logged-in visitors. The checkout tracking tag stops loading on 400 blog posts.

LIBRARY

A starter library that stays off · Pro

Tracking tags, security hardening and housekeeping snippets, each with its code in full. Everything arrives switched off, so you read it before it runs. A library that goes live on click is how a site ends up running code nobody agreed to.

MOVE

Export the set, import it next door · Pro

The whole collection exports as JSON and imports on the next site. Imported snippets always arrive inactive whatever the file says, so a JSON file from a stranger cannot start executing the moment you load it.

ORDER

Priority, when order matters

Two snippets on the same hook need a defined sequence, and a low priority is often the difference between a filter working and a filter being overwritten. Set the number yourself rather than guessing at the order rows came out of a table.

NOTE

Why it exists, written down

Every snippet carries a note field. Write down why you added it and what breaks without it. In two years that note is the difference between deleting something safely and deleting it on a hunch, which is how a plugin nobody trusts ends up with forty snippets nobody dares switch off.

The safety story

What happens when a snippet goes wrong.

Every snippet plugin lets you run PHP. The question is what it does at the moment your PHP fails, because that is when you find out what you bought.

AThe parser runs before the save

PHP snippets go through the real PHP parser on save. Code that will not compile is rejected there and never reaches the database, so a missing brace cannot take the site down at all.

BThe watchdog covers the rest

Syntax is the easy half. Before a snippet runs, the plugin records which one it is about to run, then clears the record once the snippet survives. If PHP dies mid-snippet, that record outlives the crash.

CThe next request cleans up

The following page load reads the record, switches that snippet off, and leaves a notice in wp-admin naming the snippet and the error. This is verified against memory exhaustion, which PHP cannot catch. The site was serving on the next request.

DSafe mode, three ways in

A settings toggle, a secret URL key, or define( 'WSS_SAFE_MODE', true ); in wp-config.php. Each suspends every snippet. The wp-config line needs no admin login and no database, which is the state you are in when it matters.

EPHP asks for real permission

Writing PHP needs manage_options plus edit_plugins or unfiltered_html. Where wp-config.php sets DISALLOW_FILE_EDIT, PHP snippets are blocked for everybody.

FCode lives in its own table

Snippets are rows in a dedicated table, not posts. Executable code in the posts table is reachable by the REST API, the search index, feeds, and any plugin that walks posts. Out here, it is reachable by this plugin.

Who it's for

Anyone who has pasted code into a live site.

</>The agency with 40 client sites

Export your standard set as JSON and import it on the next build. Every snippet arrives inactive and carries its note, so the developer after you knows what each one does.

The marketing tag pile-up

GA4, a Meta pixel, a chat widget, two verification meta tags. All in one place with a toggle each, instead of buried in a theme file that updates next month.

The site you just inherited

Somebody put PHP in functions.php and left. Move it here, add a note, set a priority. The next theme update stops being a risk.

The WooCommerce store

A price filter, a checkout field tweak, a shipping rule. Conditional logic keeps each one on the pages it belongs to, and the watchdog means testing on the live site costs one page load rather than a lost morning.

The locked-down host

DISALLOW_FILE_EDIT is set and nobody edits code on this site. PHP snippets stay blocked, and HTML, CSS and JavaScript keep working for the people who need them.

?The developer testing on production

You know you should not. Everybody does it anyway. Safe mode is one line in wp-config.php, so the worst case is a rollback rather than a support ticket.

Against the usual home for custom code

The alternative is the theme, and the theme loses.

Most custom code on most sites ends up in the theme's functions.php or in an mu-plugin somebody wrote once. Both work until the day the code fails. Here is what changes.

WP Snippet Studio (us)functions.phpmu-plugin
Header, body & footer scripts✓ Site-wide or admin only◐ If you write the hook yourself◐ Same, in a file nobody sees
HTML, CSS, JS, PHP & text snippets✓ All five, handled as their own type✗ PHP, and whatever you echo✗ PHP only
Toggle one piece of code off✓ One click, no files touched✗ Comment it out and re-upload✗ Rename the file
PHP checked by the real parser on save✓ Broken code never reaches the database✗ Save it and find out✗ Save it and find out
Records which code is running✓ Watchdog, cleared once it survives✗ No✗ No
Survives an uncatchable fatal✓ Verified against memory exhaustion✗ White screen✗ White screen
Safe mode from wp-config.php✓ One define, works with no admin access✗ FTP✗ FTP
Survives a theme switch or update✓ Nothing lives in the theme✗ Gone, or overwritten✓ Yes
PHP needs more than administrator✓ Plus edit_plugins or unfiltered_html◐ Whoever has the file editor◐ Whoever has server access
A note saying why the code exists✓ Note field on every snippet◐ If somebody wrote a comment◐ If somebody wrote a comment
Conditional logic✓ Context, post type, ID, path, role, device (Pro)◐ Whatever you write by hand◐ Whatever you write by hand
Free to run◐ Free tier covers scripts, HTML, CSS, JS, safe mode and the watchdog✓ Free, plus the afternoon✓ Free, plus the afternoon

Other snippet plugins cover the everyday job, and if one already works on your sites there is no crisis here. What we build for is the day a snippet takes the site down. Full comparison →

Pricing

Simple prices. One is forever.

Every plan includes every Pro feature: PHP snippets, conditional logic, the starter library, and JSON import and export. You are only choosing how many sites.

10 Sites
$49/yr

Up to 10 sites

  • All features included
  • Updates & support for a year
  • 14-day guarantee
Choose 10 Sites
Agency
$99/yr

25 sites · for agencies

  • All features included
  • Updates & support for a year
  • 14-day guarantee
Choose Agency
100 Sites
$149/yr

Up to 100 sites

  • All features included
  • Updates & support for a year
  • 14-day guarantee
Choose 100 Sites
Lifetime
$599 once

Up to 100 sites, forever

  • All features, all future updates
  • Never renew, never re-buy
  • 14-day guarantee
Own it forever

Prices in USD. Licence keys are domain-based, with no accounts and no phoning home. Your snippets stay on your own server. VAT invoices available.

Questions

Asked and answered.

What happens if a PHP snippet has a fatal error in it?

Two things stop it. Before the snippet can be saved, the code goes through the real PHP parser, so anything that will not compile is rejected at the point you press Save and never reaches the database. That covers syntax. For the errors that only show up at runtime, a watchdog writes down which snippet is about to run and clears that record once the snippet finishes. If PHP dies mid-snippet, the record survives the crash. The next request reads it, switches that snippet off, and shows you a notice naming the snippet and the error. We tested this against memory exhaustion, which PHP cannot catch, and the site was serving normally on the very next request.

What if the admin is already down and I cannot get in?

Add define( 'WSS_SAFE_MODE', true ); to wp-config.php. Every snippet stops running, including the one that broke the site, and you get back into wp-admin to fix or delete it. There are two lighter versions of the same switch: a toggle in settings, and a secret URL key you can append to any admin URL when you can still load a page. The wp-config line is the one that works when nothing else does, and it needs no database access.

How is this different from editing functions.php?

A snippet in functions.php belongs to the theme, so it leaves on the day someone switches theme and it comes back on the day the theme updates over your edits. It has no off switch short of FTP, no note explaining why it is there, and no record of who added it. Snippets here have a toggle, a priority, a note field and a watchdog behind them. Deactivate the plugin and every snippet stops at once, because nothing was ever written into a theme file.

Where are snippets stored?

In their own database table. Plugins that store executable code as a custom post type put that code inside the posts table, where the REST API, the search index, feeds, sitemaps and every plugin that walks posts can reach it. One misconfigured endpoint or one over-eager query and your PHP is readable. A dedicated table keeps snippet code out of all of that, and it means a snippet cannot be revealed by a plugin that had no idea it existed.

Who is allowed to write PHP?

A user needs manage_options plus either edit_plugins or unfiltered_html. Adding PHP to a site is equivalent to installing a plugin, so it asks for the same level of trust. If wp-config.php sets DISALLOW_FILE_EDIT, PHP snippets are blocked outright for everybody, because that constant is how a host or an agency says nobody edits code on this site. HTML, CSS, JavaScript and text snippets sit behind the normal administrator capability.

What does the starter library contain?

Tracking tags, security hardening and housekeeping snippets, each written out in full so you can read the code before you use it. Everything from the library arrives switched off. You open it, read it, decide, then turn it on. A library that installs live code on click is how sites end up running things nobody remembers agreeing to.

Can I move snippets between sites?

Export the whole set to JSON and import it on the next site. Imported snippets always arrive inactive whatever the file claims, so a JSON file from a colleague, a client or a download cannot start executing on your site the moment you import it. You review the set, then switch on what you want.

What is conditional logic for?

Running a snippet only where it belongs. Target page contexts such as the front page, singular views or archives, specific post types, specific post IDs, URL paths, user roles, device type, or logged-in state. A tracking tag on the checkout page has no reason to load on 400 blog posts, and a fix for one broken page has no reason to run site-wide.

What is a shortcode snippet?

A snippet that runs where you place it. Instead of executing on every request, it gets a shortcode you drop into a page, a post or a widget, and it only runs when that content renders. Use it for anything tied to one piece of content: a calculator on a single page, a formatted block of data, an embed the block editor will not accept.

What is in the free edition, and what does Pro add?

Free covers header, body-open and footer scripts, snippets in HTML, CSS, JavaScript and plain text, priority control, note fields, safe mode and the watchdog. All the safety work is in the free edition, because safety is not a feature to sell you. Pro adds PHP snippets, conditional logic, the starter library, and JSON import and export.

How is the licence delivered?

Order through the form and your licence key and invoice arrive by email, usually within the hour. Keys are long codes starting VPC1. so paste the whole thing into the licence box rather than typing it. Domain-based, no account, no phoning home, no lock-in.

What if it is not for me?

14-day money-back guarantee, no questions. Email us and we refund you.

Get started

Requires WordPress 6.0+ and PHP 7.4+.

Order below and your licence key and invoice arrive by email, usually within the hour. Install it, move one snippet out of functions.php, and add the note explaining why it is there.

14-DAY MONEY-BACK GUARANTEE · SUPPORT BY ACTUAL HUMANS

You'll receive an invoice by email, payable by card or bank transfer. Nothing is charged on this page.