WP Snippet Studio runs header, body and footer code without touching functions.php. PHP goes through the real parser before it saves, and a watchdog switches off any snippet that kills the request. You find out from a notice in wp-admin, not from a client.
FROM $49/YEAR · LIFETIME OPTION · 14-DAY GUARANTEE
“I pasted one line into a snippet plugin on a Friday and the whole site went white. Including wp-admin.”— Everyone who has used a snippet plugin for long enough
The code was three lines and the recovery was an hour of FTP. WP Snippet Studio checks PHP with the parser before it can be saved, and keeps a record of the snippet that is running so a crash names its own cause. The next request switches that snippet off and tells you what happened.
Snippets run from the database, on the hook you choose, at the priority you set. Nothing is written into a theme file, so deactivating the plugin removes every effect at once.
Three insertion points, each of which can run site-wide or in the admin only. Tracking tags, verification meta, chat widgets, the pixel the marketing agency emailed over on a Friday. Set it here and it survives the next theme switch.
HTML, CSS, JavaScript, PHP and plain text. Each type is handled as what it is, so CSS is enqueued as CSS and PHP is executed as PHP rather than being wrapped in a script tag and hoped over.
A shortcode snippet gets a shortcode instead of a hook. Drop it into one page and it runs on that page alone, rather than loading on every request so it can appear in one place. Good for calculators, embeds the block editor refuses, and anything tied to a single piece of content.
Run a snippet only on the contexts you name: front page, singular views, archives, a post type, specific post IDs, a URL path, a user role, a device, or logged-in visitors. The checkout tracking tag stops loading on 400 blog posts.
Tracking tags, security hardening and housekeeping snippets, each with its code in full. Everything arrives switched off, so you read it before it runs. A library that goes live on click is how a site ends up running code nobody agreed to.
The whole collection exports as JSON and imports on the next site. Imported snippets always arrive inactive whatever the file says, so a JSON file from a stranger cannot start executing the moment you load it.
Two snippets on the same hook need a defined sequence, and a low priority is often the difference between a filter working and a filter being overwritten. Set the number yourself rather than guessing at the order rows came out of a table.
Every snippet carries a note field. Write down why you added it and what breaks without it. In two years that note is the difference between deleting something safely and deleting it on a hunch, which is how a plugin nobody trusts ends up with forty snippets nobody dares switch off.
Every snippet plugin lets you run PHP. The question is what it does at the moment your PHP fails, because that is when you find out what you bought.
PHP snippets go through the real PHP parser on save. Code that will not compile is rejected there and never reaches the database, so a missing brace cannot take the site down at all.
Syntax is the easy half. Before a snippet runs, the plugin records which one it is about to run, then clears the record once the snippet survives. If PHP dies mid-snippet, that record outlives the crash.
The following page load reads the record, switches that snippet off, and leaves a notice in wp-admin naming the snippet and the error. This is verified against memory exhaustion, which PHP cannot catch. The site was serving on the next request.
A settings toggle, a secret URL key, or define( 'WSS_SAFE_MODE', true ); in wp-config.php. Each suspends every snippet. The wp-config line needs no admin login and no database, which is the state you are in when it matters.
Writing PHP needs manage_options plus edit_plugins or unfiltered_html. Where wp-config.php sets DISALLOW_FILE_EDIT, PHP snippets are blocked for everybody.
Snippets are rows in a dedicated table, not posts. Executable code in the posts table is reachable by the REST API, the search index, feeds, and any plugin that walks posts. Out here, it is reachable by this plugin.
Export your standard set as JSON and import it on the next build. Every snippet arrives inactive and carries its note, so the developer after you knows what each one does.
GA4, a Meta pixel, a chat widget, two verification meta tags. All in one place with a toggle each, instead of buried in a theme file that updates next month.
Somebody put PHP in functions.php and left. Move it here, add a note, set a priority. The next theme update stops being a risk.
A price filter, a checkout field tweak, a shipping rule. Conditional logic keeps each one on the pages it belongs to, and the watchdog means testing on the live site costs one page load rather than a lost morning.
DISALLOW_FILE_EDIT is set and nobody edits code on this site. PHP snippets stay blocked, and HTML, CSS and JavaScript keep working for the people who need them.
You know you should not. Everybody does it anyway. Safe mode is one line in wp-config.php, so the worst case is a rollback rather than a support ticket.
Most custom code on most sites ends up in the theme's functions.php or in an mu-plugin somebody wrote once. Both work until the day the code fails. Here is what changes.
| WP Snippet Studio (us) | functions.php | mu-plugin | |
|---|---|---|---|
| Header, body & footer scripts | ✓ Site-wide or admin only | ◐ If you write the hook yourself | ◐ Same, in a file nobody sees |
| HTML, CSS, JS, PHP & text snippets | ✓ All five, handled as their own type | ✗ PHP, and whatever you echo | ✗ PHP only |
| Toggle one piece of code off | ✓ One click, no files touched | ✗ Comment it out and re-upload | ✗ Rename the file |
| PHP checked by the real parser on save | ✓ Broken code never reaches the database | ✗ Save it and find out | ✗ Save it and find out |
| Records which code is running | ✓ Watchdog, cleared once it survives | ✗ No | ✗ No |
| Survives an uncatchable fatal | ✓ Verified against memory exhaustion | ✗ White screen | ✗ White screen |
| Safe mode from wp-config.php | ✓ One define, works with no admin access | ✗ FTP | ✗ FTP |
| Survives a theme switch or update | ✓ Nothing lives in the theme | ✗ Gone, or overwritten | ✓ Yes |
| PHP needs more than administrator | ✓ Plus edit_plugins or unfiltered_html | ◐ Whoever has the file editor | ◐ Whoever has server access |
| A note saying why the code exists | ✓ Note field on every snippet | ◐ If somebody wrote a comment | ◐ If somebody wrote a comment |
| Conditional logic | ✓ Context, post type, ID, path, role, device (Pro) | ◐ Whatever you write by hand | ◐ Whatever you write by hand |
| Free to run | ◐ Free tier covers scripts, HTML, CSS, JS, safe mode and the watchdog | ✓ Free, plus the afternoon | ✓ Free, plus the afternoon |
Other snippet plugins cover the everyday job, and if one already works on your sites there is no crisis here. What we build for is the day a snippet takes the site down. Full comparison →
Every plan includes every Pro feature: PHP snippets, conditional logic, the starter library, and JSON import and export. You are only choosing how many sites.
Up to 10 sites
25 sites · for agencies
Up to 100 sites
Up to 100 sites, forever
Prices in USD. Licence keys are domain-based, with no accounts and no phoning home. Your snippets stay on your own server. VAT invoices available.
Two things stop it. Before the snippet can be saved, the code goes through the real PHP parser, so anything that will not compile is rejected at the point you press Save and never reaches the database. That covers syntax. For the errors that only show up at runtime, a watchdog writes down which snippet is about to run and clears that record once the snippet finishes. If PHP dies mid-snippet, the record survives the crash. The next request reads it, switches that snippet off, and shows you a notice naming the snippet and the error. We tested this against memory exhaustion, which PHP cannot catch, and the site was serving normally on the very next request.
Add define( 'WSS_SAFE_MODE', true ); to wp-config.php. Every snippet stops running, including the one that broke the site, and you get back into wp-admin to fix or delete it. There are two lighter versions of the same switch: a toggle in settings, and a secret URL key you can append to any admin URL when you can still load a page. The wp-config line is the one that works when nothing else does, and it needs no database access.
A snippet in functions.php belongs to the theme, so it leaves on the day someone switches theme and it comes back on the day the theme updates over your edits. It has no off switch short of FTP, no note explaining why it is there, and no record of who added it. Snippets here have a toggle, a priority, a note field and a watchdog behind them. Deactivate the plugin and every snippet stops at once, because nothing was ever written into a theme file.
In their own database table. Plugins that store executable code as a custom post type put that code inside the posts table, where the REST API, the search index, feeds, sitemaps and every plugin that walks posts can reach it. One misconfigured endpoint or one over-eager query and your PHP is readable. A dedicated table keeps snippet code out of all of that, and it means a snippet cannot be revealed by a plugin that had no idea it existed.
A user needs manage_options plus either edit_plugins or unfiltered_html. Adding PHP to a site is equivalent to installing a plugin, so it asks for the same level of trust. If wp-config.php sets DISALLOW_FILE_EDIT, PHP snippets are blocked outright for everybody, because that constant is how a host or an agency says nobody edits code on this site. HTML, CSS, JavaScript and text snippets sit behind the normal administrator capability.
Tracking tags, security hardening and housekeeping snippets, each written out in full so you can read the code before you use it. Everything from the library arrives switched off. You open it, read it, decide, then turn it on. A library that installs live code on click is how sites end up running things nobody remembers agreeing to.
Export the whole set to JSON and import it on the next site. Imported snippets always arrive inactive whatever the file claims, so a JSON file from a colleague, a client or a download cannot start executing on your site the moment you import it. You review the set, then switch on what you want.
Running a snippet only where it belongs. Target page contexts such as the front page, singular views or archives, specific post types, specific post IDs, URL paths, user roles, device type, or logged-in state. A tracking tag on the checkout page has no reason to load on 400 blog posts, and a fix for one broken page has no reason to run site-wide.
A snippet that runs where you place it. Instead of executing on every request, it gets a shortcode you drop into a page, a post or a widget, and it only runs when that content renders. Use it for anything tied to one piece of content: a calculator on a single page, a formatted block of data, an embed the block editor will not accept.
Free covers header, body-open and footer scripts, snippets in HTML, CSS, JavaScript and plain text, priority control, note fields, safe mode and the watchdog. All the safety work is in the free edition, because safety is not a feature to sell you. Pro adds PHP snippets, conditional logic, the starter library, and JSON import and export.
Order through the form and your licence key and invoice arrive by email, usually within the hour. Keys are long codes starting VPC1. so paste the whole thing into the licence box rather than typing it. Domain-based, no account, no phoning home, no lock-in.
14-day money-back guarantee, no questions. Email us and we refund you.
Order below and your licence key and invoice arrive by email, usually within the hour. Install it, move one snippet out of functions.php, and add the note explaining why it is there.
14-DAY MONEY-BACK GUARANTEE · SUPPORT BY ACTUAL HUMANS