22 Ready-to-Use Custom WordPress Functions to Supercharge Your Website

A curated collection of 22 battle-tested WordPress functions covering performance, security, admin customisation and frontend tweaks. Each snippet is ready to drop into your theme's functions.php or a site-specific plugin. Updated for WordPress 6.x and 2025 best practices.

Table of Contents

1. How to use WordPress functions
2. Functions to optimise your WordPress website
3. Functions to customise your WordPress admin dashboard
4. Functions to help make your WordPress website more secure
5. Functions to customise your WordPress frontend

How to use WordPress functions

These WordPress functions are pieces of PHP code you can add to your website to enhance or modify WordPress functionality. There are two main ways to implement them.

Adding functions via a theme

Every WordPress theme contains a functions.php file. You can add your custom code to the end of this file at /wp-content/themes/YOUR_THEME_NAME/functions.php.

If you are using a pre-built theme, it is highly recommended that you create a child theme to avoid your customisations being overwritten during theme updates.

Pros: Simple, the file already exists. Cons: Theme-specific — switching themes means moving your code.

Adding functions via a site-specific plugin

A site-specific plugin keeps your functions independent of your theme. To create one:

1. FTP into your site and navigate to /wp-content/plugins/
2. Create a folder called custom-functions
3. Inside it, create custom-functions.php with the following header:

<?php
/*
Plugin Name: Custom Functions
Description: My custom WordPress functions
*/

/* Add your functions below this line */


/* Don't edit below this line */
?>

Activate the plugin from the admin panel and you're good to go.

A word of warning

Always test new code on a staging or development site first. Adding custom functions has the potential to cause fatal errors. Never implement code from untrusted sources, and always maintain backups.

Functions to optimise your WordPress website

1. Disable WordPress emoji scripts

WordPress loads emoji scripts on every page by default. If you don't need them (most sites don't), remove them to save HTTP requests.

/**
 * Disable WordPress emoji scripts and styles
 */
function disable_wp_emoji() {
    remove_action('admin_print_styles', 'print_emoji_styles');
    remove_action('wp_head', 'print_emoji_detection_script', 7);
    remove_action('admin_print_scripts', 'print_emoji_detection_script');
    remove_action('wp_print_styles', 'print_emoji_styles');
    remove_filter('wp_mail', 'wp_staticize_emoji_for_email');
    remove_filter('the_content_feed', 'wp_staticize_emoji');
    remove_filter('comment_text_rss', 'wp_staticize_emoji');
    add_filter('emoji_svg_url', '__return_false');
}
add_action('init', 'disable_wp_emoji');

2. Disable RSS feeds

If your site doesn't use RSS, disable the feeds entirely.

/**
 * Disable RSS feeds
 */
function disable_rss_feeds() {
    wp_die(
        __('RSS feeds are not available. Please visit our <a href="' . esc_url(home_url('/')) . '">website</a> instead.')
    );
}
add_action('do_feed', 'disable_rss_feeds', 1);
add_action('do_feed_rdf', 'disable_rss_feeds', 1);
add_action('do_feed_rss', 'disable_rss_feeds', 1);
add_action('do_feed_rss2', 'disable_rss_feeds', 1);
add_action('do_feed_atom', 'disable_rss_feeds', 1);

3. Remove RSD link

RSD (Really Simple Discovery) is required for XML-RPC clients and pingbacks. If you don't use those, remove it.

remove_action('wp_head', 'rsd_link');

4. Remove shortlink tag

WordPress adds a shortlink in your header code. Remove it if you're not using it.

remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);

5. Disable oEmbed

Prevent other sites from embedding your posts and stop the extra JS from loading.

/**
 * Disable oEmbed scripts
 */
function disable_embed_scripts() {
    wp_dequeue_script('wp-embed');
}
add_action('wp_footer', 'disable_embed_scripts');

6. Remove Windows Live Writer manifest

Nobody uses Windows Live Writer any more. Remove the manifest link from your header.

remove_action('wp_head', 'wlwmanifest_link');

Functions to customise your WordPress admin dashboard

7. Customise the login page

Brand your WordPress login page with your own CSS and links.

/**
 * Customise the WordPress login page
 */
function custom_login_css() {
    wp_enqueue_style(
        'custom-login',
        get_template_directory_uri() . '/assets/css/login.css',
        [],
        '1.0'
    );
}
add_action('login_enqueue_scripts', 'custom_login_css');

function custom_login_url() {
    return home_url('/');
}
add_filter('login_headerurl', 'custom_login_url');

function custom_login_title() {
    return get_option('blogname');
}
add_filter('login_headertext', 'custom_login_title');

2025 note: The login_headertitle filter was deprecated in WordPress 5.2. Use login_headertext instead.

8. Hide Comments from the admin

If your site doesn't use comments, declutter the admin by removing all comment-related UI.

/**
 * Remove comments from admin sidebar, toolbar & post types
 */
function remove_comments_admin_menu() {
    remove_menu_page('edit-comments.php');
}
add_action('admin_menu', 'remove_comments_admin_menu');

function remove_comments_admin_bar($wp_admin_bar) {
    $wp_admin_bar->remove_menu('comments');
}
add_action('admin_bar_menu', 'remove_comments_admin_bar', 999);

function remove_comment_support() {
    remove_post_type_support('post', 'comments');
    remove_post_type_support('page', 'comments');
}
add_action('init', 'remove_comment_support', 100);

9. Custom admin footer text

Replace the default "Thank you for creating with WordPress" text.

/**
 * Custom admin footer message
 */
function custom_admin_footer() {
    echo '<span id="footer-thankyou">Built by <a href="https://example.com" target="_blank" rel="noopener">Your Name</a></span>';
}
add_filter('admin_footer_text', 'custom_admin_footer');

10. Show update notices to admins only

Prevent non-admin users from seeing WordPress update nags.

/**
 * Show update notices to administrators only
 */
function show_updates_admin_only() {
    if (!current_user_can('update_core')) {
        remove_action('admin_notices', 'update_nag', 3);
    }
}
add_action('admin_head', 'show_updates_admin_only', 1);

11. Add a custom dashboard widget

/**
 * Custom dashboard widget
 */
function my_dashboard_widget_content() {
    echo '<p>Welcome to your custom dashboard! Add quick links, notes or stats here.</p>';
}

function register_custom_dashboard_widget() {
    wp_add_dashboard_widget(
        'custom_dashboard_widget',
        'My Custom Widget',
        'my_dashboard_widget_content'
    );
}
add_action('wp_dashboard_setup', 'register_custom_dashboard_widget');

12. Create a custom settings page

Create a theme settings page using the Settings API.

/**
 * Create a custom theme settings page
 */
function custom_settings_page() {
    ?>
    <div class="wrap">
        <h1>Custom Settings</h1>
        <form method="post" action="options.php">
            <?php
                settings_fields('custom_settings_section');
                do_settings_sections('theme-options');
                submit_button();
            ?>
        </form>
    </div>
    <?php
}

function custom_settings_add_menu() {
    add_theme_page('Custom Settings', 'Custom Settings', 'manage_options', 'custom-settings', 'custom_settings_page');
}
add_action('admin_menu', 'custom_settings_add_menu');

function setting_social_field() {
    ?>
    <input type="text" name="social_handle" id="social_handle" value="<?php echo esc_attr(get_option('social_handle')); ?>" />
    <?php
}

function custom_settings_init() {
    add_settings_section('custom_settings_section', 'All Settings', null, 'theme-options');
    add_settings_field('social_handle', 'Social Handle', 'setting_social_field', 'theme-options', 'custom_settings_section');
    register_setting('custom_settings_section', 'social_handle', ['sanitize_callback' => 'sanitize_text_field']);
}
add_action('admin_init', 'custom_settings_init');

Retrieve in your theme:

echo esc_html(get_option('social_handle'));

13. Remove the admin toolbar on the frontend

/**
 * Remove admin bar from frontend
 */
function remove_admin_bar() {
    if (!is_admin()) {
        show_admin_bar(false);
    }
}
add_action('after_setup_theme', 'remove_admin_bar');

2025 note: Using show_admin_bar(false) is preferred over the old remove_action('wp_head', '_admin_bar_bump_cb') approach.

14. Add thumbnail column to post listing

Add a handy thumbnail preview column to your posts list in the admin.

/**
 * Add thumbnail column to post listing
 */
add_image_size('admin-list-thumb', 80, 80, false);

function add_thumbnail_column($columns) {
    $new = [];
    foreach ($columns as $key => $title) {
        if ($key === 'title') {
            $new['featured_thumb'] = __('Image');
        }
        $new[$key] = $title;
    }
    return $new;
}
add_filter('manage_posts_columns', 'add_thumbnail_column');

function display_thumbnail_column($column, $post_id) {
    if ($column === 'featured_thumb') {
        echo '<a href="' . esc_url(get_edit_post_link($post_id)) . '">';
        echo get_the_post_thumbnail($post_id, 'admin-list-thumb');
        echo '</a>';
    }
}
add_action('manage_posts_custom_column', 'display_thumbnail_column', 10, 2);

Functions to help make your WordPress website more secure

15. Hide login errors

Prevent WordPress from revealing whether a username exists when a login attempt fails.

/**
 * Generic login error message
 */
function hide_login_errors() {
    return 'Invalid credentials. Please try again.';
}
add_filter('login_errors', 'hide_login_errors');

16. Disable XML-RPC

XML-RPC is a legacy feature that's commonly exploited in brute-force attacks. Disable it if you don't need it.

/**
 * Disable XML-RPC
 */
add_filter('xmlrpc_enabled', '__return_false');
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');

17. Disable file editing from the dashboard

Prevent theme and plugin code editing from within wp-admin.

/**
 * Disable file editing from WordPress admin
 * Add this to wp-config.php
 */
define('DISALLOW_FILE_EDIT', true);

18. Remove WordPress version from the head

Don't advertise your WordPress version to potential attackers.

/**
 * Remove WordPress version number
 */
function remove_wp_version() {
    return '';
}
add_filter('the_generator', 'remove_wp_version');

19. Disable login via email

Force users to log in with their username only.

/**
 * Disable email login
 */
remove_filter('authenticate', 'wp_authenticate_email_password', 20);

Functions to customise your WordPress frontend

20. Change the excerpt length

Customise the default excerpt word count.

/**
 * Custom excerpt length
 */
function custom_excerpt_length($length) {
    return 25;
}
add_filter('excerpt_length', 'custom_excerpt_length', 999);

21. Custom 'Read More' link

Replace the default [...] excerpt suffix with a styled "Read More" link.

/**
 * Custom read more link
 */
function custom_read_more($more) {
    global $post;
    return '… <a href="' . esc_url(get_permalink($post->ID)) . '" class="read-more">Read More →</a>';
}
add_filter('excerpt_more', 'custom_read_more');

22. Enqueue a Google Font

Load a Google Font the WordPress way.

/**
 * Enqueue Google Fonts
 */
function enqueue_google_fonts() {
    wp_enqueue_style(
        'google-fonts',
        'https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap',
        [],
        null
    );
}
add_action('wp_enqueue_scripts', 'enqueue_google_fonts');

2025 note: Consider using display=swap for better performance, and explore self-hosting fonts via google-webfonts-helper for improved privacy and speed.

Wrapping up

These functions have served me well across dozens of client projects over the years. WordPress remains one of the most flexible platforms out there, and a handful of well-placed functions can make a real difference to performance, security and the overall editing experience.

Got questions or want to share your own favourite functions? Feel free to get in touch.