2 March 2005

WordPress PHP Exec Plugin

Posted under: at 11:19

This plugin lets you execute dynamic PHP code in posts. It masks PHP code before balanceTags, and unmask them afterwards, so it should be safe to use PHP code that has literal HTML tags in it, for example: code which print out HTML.


WordPress 1.5. Version 1.2 is not supported. You will also need PHP version 4.3.0 or later.

Do NOT use this plugin if you can’t trust people who make posts in your WordPress installation, it is a HUGE security hole. User level is now supported! By default the plugin only operates on level 9 user.


  1. Download the plugin: phpexec.txt
  2. Rename the plugin to phpexec.php and put it into your wp-content/plugins directory
  3. Activate the plugin from WordPress administration menu


In posts, enclose any PHP code you want to execute with <phpcode> … </phpcode>. Only real PHP code allowed, no <?php … ?> blocks allowed. The block will then be replaced by the output of PHP code. In <phpcode> blocks, you will need to start any PHP command with <?php and end it with ?> as usual.

From the WordPress admin menu, you can change minimum user level that is allowed to use the plugin. It is available from Options – PHPExec menu.


echo "Current date and time: ";
echo date("l dS of F Y h:i:s A");


Output of the above code:

Current date and time: Saturday 23rd 2021f October 2021 02:50:07 PM


This plugin is inspired by RunPHP, another plugin which accomplishes the same thing but did not work for me. Thanks to iang for tricks to make embedded PHP code feels more like a real PHP code. Some code are borrowed from WordPress source code. Thanks to Beau Collins for the user level code.



  • First public release


  • Non backward compatible change: now you need to enclose PHP code with <?php … ?> as you would do in real PHP script.


  • Added filters to handle excerpts.


  • Fixed a small error in evaled code, thanks to AJ for spotting this.


  • Added user level security feature.


  • Try to avoid using common variable names (thanks to David H. Brown)


  • Removing debugging comments should fix the problem with automatic tag insertion done by WordPress.

420 Responses

Trackback: Use this URI to trackback this entry. Use your web browser's function to copy it to your blog posting.

Comment RSS: You can track conversation in this page by using this page's Comments RSS (XML)

Gravatar: You can have a picture next to each of your comments by getting a Gravatar.

Leave a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Warning: Comments carrying links to questionable sites will be removed!