If you’ve been working with WordPress for a while, you’ve probably done this at least once — copy a code snippet and drop it into the functions.php file. It works, so you move on. The problem shows up later.
As soon as you switch themes or run an update, those changes are gone. I’ve run into this more than once, and it’s frustrating to lose something you already set up.
A better approach is to move those snippets into a simple site-specific plugin. It’s lightweight, it stays intact even if you change themes, and it keeps everything in one place. Setting it up only takes a few minutes.
Why is a custom plugin better than functions.php?
The biggest advantage is that your code is no longer tied to a theme. You can switch themes anytime and nothing breaks. It’s also safer. If something goes wrong, you can just rename the plugin folder using FTP and your site will come back.
Another bonus — you can reuse it. Just zip the folder and use it on another project.
Step 1: Create the Plugin Folder
Open your site files using FTP or your hosting file manager.
- Go to:
/wp-content/plugins/folder. - Create a new folder named
get-cool-tricks-functionsor something unique to your site. - Inside that folder, create a file named
custom-functions.php.
Step 2: Add the Header
Every WordPress plugin needs a “header” so the system recognizes it. Open your PHP file and paste this code:
<?php
/*
Plugin Name: GetCoolTricks Site Functions
Description: Custom site tweaks and security functions.
Version: 1.1
Author: Pradeep Augustine
*/
// Prevent direct access to the file for security
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
// YOUR SNIPPETS GO BELOW THIS LINE
Save the file. Now go to the WordPress admin area click on plugins and activate the plugin. You now have a working custom plugin.
I added the ABSPATH check above which is a security best practice that prevents people from executing the file directly in their browser.
Here are the top 10 essential snippets for WordPress sites:
Here are the “tricks” I find most useful for modern WordPress sites.
1. The “Set and Forget” Copyright Year
Instead of manually updating your footer every January, use this shortcode.
function dynamic_year_shortcode() {
return date('Y');
}
add_shortcode('site_year', 'dynamic_year_shortcode');Usage: Just type © [site_year] in your footer widget.
2. Kill comment spam by removing the URL field.
Most spam comes through the website field in comments. This removes that field completely.
add_filter( 'comment_form_default_fields', function($fields) {
unset( $fields['url'] );
return $fields;
});3. Limit post revisions to improve database health.
By default WordPress saves every draft change, which bloats your database. Let’s cap it at 5.
if ( ! defined( 'WP_POST_REVISIONS' ) ) {
define( 'WP_POST_REVISIONS', 5 );
}4. Disable XML-RPC to improve security.
Unless you are using the WordPress app or Jetpack XML-RPC is just an open door for brute-force attacks. Shut it down.
add_filter( 'xmlrpc_enabled', '__return_false' );5. Smart 404 Redirects
If a user hits a dead link, send them back home instead of showing a frustrating error page.
add_action( 'template_redirect', function() {
if ( is_404() ) {
wp_redirect( home_url(), 301 );
exit;
}
});Use carefully. Not always recommended for SEO.
6. Add Featured Image to RSS Feed
function gct_rss_featured_image($content) {
global $post;
if ( has_post_thumbnail($post->ID) ) {
$content = '<p>' . get_the_post_thumbnail($post->ID, 'medium') . '</p>' . $content;
}
return $content;
}
add_filter('the_excerpt_rss', 'gct_rss_featured_image');
add_filter('the_content_feed', 'gct_rss_featured_image');7. Auto-Set Featured Image from First Image
If you often forget to set a featured image this trick automatically grabs the image inside your post and sets it as the thumbnail.
add_action( 'save_post', function($post_id) {
if ( has_post_thumbnail($post_id) ) return;
$images = get_children( array('post_parent' => $post_id, 'post_type' => 'attachment', 'post_mime_type' => 'image', 'numberposts' => 1) );
if ( $images ) {
foreach ( $images as $attachment_id => $attachment ) {
set_post_thumbnail( $post_id, $attachment_id );
}
}
});8. Restrict REST API for Public Users
The REST API is great. It can leak user data to anyone who knows the URL. This blocks access for anyone not logged in.
add_filter( 'rest_authentication_errors', function( $result ) {
if ( ! empty( $result ) ) return $result;
if ( ! is_user_logged_in() ) {
return new WP_Error( 'rest_not_logged_in', 'Unauthorized access.', array( 'status' => 401 ) );
}
return $result;
});9. Add Custom Login Logo
Branding matters, so this swaps the WordPress logo on the login page for your own.
add_action('login_enqueue_scripts', function() {
echo '<style type="text/css">
#login h1 a {
background-image: url(' . get_stylesheet_directory_uri() . '/images/login-logo.png) !important;
background-size: contain !important;
width: 100% !important;
}
</style>';
});10. Enable SVG Upload Support
WordPress blocks SVG files for safety. If you are the only one uploading you can safely enable them.
add_filter('upload_mimes', function($mimes) {
$mimes['svg'] = 'image/svg+xml';
return $mimes;
});Best Practices & When to Go Bigger
- Always comment your code. Leave a note above each snippet explaining what it does.
- Safety if you are building a massive feature, like a custom dashboard or API integration do not put it here. Build a standalone plugin for that.
Think of this custom functions plugin as a place to keep all your tweaks in one spot. Keep it clean and organized, and it will work with you no matter which theme you use.
