fbpx

Get the Official WPSaviour App Now!

BlogTutorials

WordPress Pluggable Functions

Have you ever heard of WordPress Pluggable Functions? If not, then this article should draw your attention. In two words pluggable functions are WordPress core functions that you can override. All these functions are located into one single file: “wp-includes/pluggable.php“. Pluggable functions were introduced in WordPress 1.5.1, but in the most recent versions of WordPress this method isn’t used anymore. Recent functions now use filters on their output. But you can still override pluggable functions, and this is what I would like to cover in this post.

Which Functions?

Pluggable functions are:

  • auth_redirect
  • check_admin_referer
  • check_ajax_referer
  • get_avatar
  • get_currentuserinfo
  • get_user_by_email
  • get_user_by
  • get_userdatabylogin
  • get_userdata
  • is_user_logged_in
  • wp_authenticate
  • wp_check_password
  • wp_clear_auth_cookie
  • wp_create_nonce
  • wp_generate_auth_cookie
  • wp_generate_password
  • wp_get_current_user
  • wp_hash_password
  • wp_hash
  • wp_logout
  • wp_mail
  • wp_new_user_notification
  • wp_nonce_tick
  • wp_notify_moderator
  • wp_notify_postauthor
  • wp_parse_auth_cookie
  • wp_password_change_notification
  • wp_rand
  • wp_redirect
  • wp_safe_redirect
  • wp_salt
  • wp_sanitize_redirect
  • wp_set_auth_cookie
  • wp_set_current_user
  • wp_set_password
  • wp_text_diff
  • wp_validate_auth_cookie
  • wp_validate_redirect
  • wp_verify_nonce

You can click on the each function’s name to access its codex page.

How to Override Pluggable Functions

Well this is pretty simple, all you have to do is to create a file within your plugins containing an “if ( !function_exists() )…” statement and then re-define the function. I strongly recommend you to copy and paste the original function when you start. This is way you’re sure that the function will work. Here is an empty example:

if ( ! function_exists('wp_notify_postauthor') ) :
/**
 * Notify an author of a comment/trackback/pingback to one of their posts.
 *
 * @since 1.0.0
 *
 * @param int $comment_id Comment ID
 * @param string $comment_type Optional. The comment type either 'comment' (default), 'trackback', or 'pingback'
 * @return bool False if user email does not exist. True on completion.
 */
function wp_notify_postauthor( $comment_id, $comment_type = '' ) {

/* This is where you redefine the function */

}
endif;

I’d like to talk about the “wp_notify_postauthor()” function. This is the one responsible of sending an email to post’s authors when a new comment is added. In one of my plugin, the WordPress Issues Manager, i needed to disable this notification, but a specific custom post type only. So, i copied the whole function, and simply added this:

if ( ! function_exists('wp_notify_postauthor') ) :
/**
 * Notify an author of a comment/trackback/pingback to one of their posts.
 *
 * @since 1.0.0
 *
 * @param int $comment_id Comment ID
 * @param string $comment_type Optional. The comment type either 'comment' (default), 'trackback', or 'pingback'
 * @return bool False if user email does not exist. True on completion.
 */
function wp_notify_postauthor( $comment_id, $comment_type = '' ) {

if( $post->post_type != 'issue'):

/* content of the original function */

endif;

}
endif;

That’s simple, but that works great without having to make huge changes or to create a full custom function hooked to a custom action.

wp_mail()

As you saw in the pluggable functions list, wp_mail() is a pluggable function. This function is the one used for sending emails. Anywhere in WordPress when an email is sent it uses this function. That’s why customizing it can be very interesting. For example you could use an html default template for all emails sent from your WordPress install.

You could also send an hidden copy of every message to a specific email to have a kind of backup (trust me this can be useful when someone tells you he did not receive the message!).

wp_authenticate()

You could also modify wp_authenticate() and add some extra parameters to enforce security on your site (brute force attacks for example).

auth_redirect()

This function is the one that checks if a user is logged in, and if not it redirects them to the login page. That would be pretty easy to override the function and redirect the user to a custom page, instead of the default login page (for example if you want to hide the wp-admin folder).

wp_generate_password()

This function is the one that auto-generates passwords. Honestly you don’t really need to modify it, but now that you know what brute force attacks are, you could be interested in creating stronger passwords. Well, this is the function to improve.

Conclusion

To conclude this short post about WordPress pluggable functions, I’d like to point the fact that new functions don’t work like that anymore. As I wrote above they are now using filters. But pluggable functions are important functions in particular when creating really specific plugins. But be careful when using pluggable functions. If the newly created function isn’t working perfectly it can break a part of your website (in terms of functionality), so please test them in all conditions.

Related posts
BlogTutorials

Install WordPress On Ubuntu Locally With LAMP

BlogTutorials

Theme Customizer Boilerplate – Conditional Options, Child Themes and Plugins

BlogTutorials

WooCommerce Recently Viewed Products Shortcode Plugin

BlogTutorials

Make A WordPress Dashboard Widget Configurable

Sign up for our Newsletter and
stay informed