Celebrating 20 years online :)
Web Dev + WordPress + Security

WP Core Hacks Used at Perishable Press

[ WordPress Core Hacks ] One of the necessary evils associated with creating a highly customized WordPress-powered site involves the inevitable necessity to hack the WordPress core. WordPress is built for mass-consumption and tends to cater to the largest audience possible, making it necessary to bend and poke around the corners to get WordPress to function in a more specific or specialized capacity.

Update: This post was written over 10 years ago, back when WordPress was just getting started. Back then, WP users had to hack just about everything. These days, WordPress is “all grown up”, so you never really need to modify or “hack” the WP core, for any reason. Basically this is just a disclaimer: Don’t hack the WP core, unless you really know what you are doing, and have good reason for doing it. And even then, it’s best if you don’t hack the WP core. This article remains online for reference purposes only.</update>

Of course, there is a major downside to tweaking core WordPress files: upgrading. The overambitious WordPress peeps are constantly rolling out upgrade after upgrade, many of which are required security fixes, patches, or whatever. The point is that editing the WordPress core on your current version of WordPress requires that you edit each and every subsequent upgrade, for each and every one of your sites.

Over time, I have realized the importance of documenting core changes for any sites that require them. Having a concise record of the files and code involved with each hack greatly facilitates the entire upgrade process. Without such a reference, subtle changes may be forgotten and key hacks may be overlooked. Here at Perishable Press, my former Core Hacks Log served me well from WordPress 1.5 to 2.0, however, much of it no longer applies to the new WordPress 2.3 configuration. Since the latest site overhaul, I have dramatically reduced the overall number of required core edits.

In this post, I have created a new list of WordPress core hacks used here at Perishable Press. Every effort has been made to keep the presentation of the hacks clear and concise, assuming a working knowledge of the WordPress core. Although this list is intended as an internal resource, the techniques may prove beneficial to others, and thus are presented here as a general reference. Please don’t hesitate to ask if something isn’t entirely clear.

Customize the default more link

The default WordPress more link is produced when explicitly called via the <!--more--> quicktag, or whenever post excerpts are displayed instead of full post content. Depending on the context in which it is used, the more link generally reads something like, “Continue reading »”, and links to its own location in single view. Thus, when the more link is clicked, the browser displays the lower portion of the target article. Needless to say, I don’t really appreciate this behavior, so I hack the WordPress core to remove the “#more-$id” portion of the more link (located in wp-includes/post-template.php around line #124):

// change this:
$output .= ' <a href="'. get_permalink() . "#more-$id\" class=\"more-link\">$more_link_text</a>";

// to this:
$output .= ' <a href="'. get_permalink() . "\" class=\"more-link\">$more_link_text</a>";

Customize password-protected posts

I was having a hard time styling the default form markup for password-protected posts. Specifically, I needed some class attributes for some double-tuf CSS customization. Thus, I replaced the default password form code (located in wp-includes/post-template.php around line #485) with the following slab of PHP/(X)HTML goodness:

// customized form for password-protected posts
function get_the_password_form() {
	$output = '<form action="' . get_settings('siteurl') . '/wp-pass.php" method="post">
	<p>' . __("This post is password protected. To view it please enter your password below:") . '</p>
	<p><label class="h">' . __("Password: ") . ' </label><input class="postpassword" name="post_password" type="password" size="11" /><input class="passwordsubmit" type="submit" name="Submit" value="' . __("Submit »") . '" /></p>
	<div class="clear"> </div>
	return $output;

Customize default links for individual post-comment feeds

By default, WordPress generates a very basic link for individual post-comment links. You know the ones, after reading a post, you see a link that says something like, “Subscribe to comments on this post” or whatever. Well, that’s all fine and good for the average WordPress blogger, but I demand a bit more from my comment-feed links. Specifically, I wanted to nofollow the comment-feed links, and also add a nice descriptive title for usability purposes. Easy enough, just open up wp-includes/feed.php (around line #101), and throw down as follows:

// replace this default function
function comments_rss_link($link_text = 'Comments RSS', $commentsrssfilename = 'nolongerused') {
	$url = get_post_comments_feed_link();
	echo "<a href='$url'>$link_text</a>";

// with this customized version
function comments_rss_link($link_text = 'Comments RSS', $commentsrssfilename = 'nolongerused') {
	$url = get_post_comments_feed_link();
	echo "<a href=\"$url\" title=\"Subscribe to comments on this post via RSS\" rel=\"nofollow\">$link_text</a>";

Getting obsessive about source-code presentation, part 1

I am crazy about source code. I think it is poetry when well written, and art when it is well formatted. The formatting of the underlying source code of websites often leaves something to be desired, especially when it comes to sites powered by WordPress. In this hack, I add a couple of PHP tabs (\t\t) in order to get the newly implemented wlwmanifest link to line up with other elements in the document <head> (located in wp-includes/general-template.php around line #832):

// ocd is my best friend
function wlwmanifest_link() {
	echo "\t\t".'<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="'
		. get_bloginfo('wpurl') . '/wp-includes/wlwmanifest.xml" /> ';

Getting obsessive about source-code presentation, part 2

Continuing from the previous argument, this hack produces properly aligned source code for 99% of post and comment content. Here at Perishable Press, content paragraphs and other post and comment elements are offset 5 tabs from the left edge of the browser window. Of course, the number of tabs may be changed to suit your particular needs. To use, open wp-includes/formatting.php (around line #71) and dig into the infamous wpautop formatting function as follows:

// replace this:
	$pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end

// with this:
	$pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "\t\t\t\t\t<p>$1</p>\n", $pee); // make paragraphs, including one at the end

Getting obsessive about source-code presentation, part 3

Another completely self-indulgent and format-obsessive core hack that I employ here at Perishable Press involves a simple edit to the wp-includes/bookmark-template.php file in order to get the markup output of my random blogroll links to appear in properly indented fashion. At around line 6, I add a series of tabs like so:

'show_images' => 1, 'before' => "\t\t\t\t\t\t".'<li>',

Enhance parse_url Functionality

File: wp-includes/functions.php (~ lines #508): insert "@" before parse_url and praise the Lord!

// $test = parse_url($link_test); 

$test = @parse_url($link_test);

Limit PHP memory for cache.php

This trick isn’t guaranteed to stop all PHP memory errors, but it certainly seems to help reduce their overall occurrence. For some reason, after my host upgraded their servers to Apache 1.3.41, I began logging an extremely high number of fatal PHP “memory exhausted” errors resulting from my WordPress cache.php file. After researching online and learning that I am not alone with this issue, I deployed a threefold defense strategy to eliminate future memory conflicts related to the now-infamous cache.php. First, open the file wp-includes/cache.php and place the following code immediately after the opening <?php tag:

ini_set('memory_limit','32M'); // set memory to prevent fatal errors

After that, create an htaccess file for the wp-includes directory and insert the following directive:

# set memory limit for cache.php
php_value memory_limit 32M

Finally, create a local php.ini file in the same directory (wp-includes) and insert this:

;; set memory limit for cache.php
memory_limit = 32M

And that’s it. Save, upload, test and check for additional errors. Like I said, it doesn’t always work, but it definitely seems to help reduce the overall volume of memory-related errors. To facilitate this part of the WordPress upgrade process, I have zipped a complete set of the three required files in their respective formats. Simply unzip, upload and done:

Download PHP Memory Control PackVersion 1.0 ( 597 bytes ZIP )

Customize quicktag buttons

Here, I have customized the set of defualt WordPress quicktags to accommodate my specific blogging requirements. To implement this hack, open up wp-includes/js/quicktags.js and replace the default set of quicktags (beginning ataround line #37) with the following (note: remove the empty spaces from the precode button):


edButtons[edButtons.length] = new edButton('ed_authent'

edButtons[edButtons.length] = new edButton('ed_quotes'

edButtons[edButtons.length] = new edButton('ed_dash'

edButtons[edButtons.length] = new edButton('ed_rsquo'
edButtons[edButtons.length] = new edButton('ed_lsquo'

edButtons[edButtons.length] = new edButton('ed_acronym'
,'<acronym title="">'

edButtons[edButtons.length] = new edButton('ed_clearspace'
,'<div class="clear vspace"> </div>'
edButtons[edButtons.length] = new edButton('ed_follow'
,'follow link'
,'<a href="" title="">'
edButtons[edButtons.length] = new edButton('ed_nofollow'
,'nofollow link'
,'<a href="http://" title="" rel="nofollow">'
edButtons[edButtons.length] = new edButton('ed_press-link'
,'press link'
,'<a href="https://perishablepress.com/" title="Perishable Press">'
edButtons[edButtons.length] = new edButton('ed_reflist'
,'ref list'
,'<h3 class="references"></h3>\n\t<ul class="refs">\n\t<li><sup>1</sup> <a href="http://" title=""></a></li>\n\t<li><sup>2</sup> <a href="http://" title=""></a></li>\n'
edButtons[edButtons.length] = new edButton('ed_content-link'
,'<a href="https://perishablepress.com/press/wp-content/online/" title="Perishable Press">'
edButtons[edButtons.length] = new edButton('ed_press-image'
,'press image'
,'<img src="https://perishablepress.com/press/wp-content/images/" title="" alt="" />'
edButtons[edButtons.length] = new edButton('ed_pre-code'
,'pre code'
,'< pre>< code>'
,'< /code>< /pre>'
edButtons[edButtons.length] = new edButton('ed_sup'
edButtons[edButtons.length] = new edButton('ed_quot'
edButtons[edButtons.length] = new edButton('ed_<'
edButtons[edButtons.length] = new edButton('ed_>'


And that’s a wrap (for now). As discussed, this article serves as an ongoing core-hack reference for each and every WordPress upgrade executed here at Perishable Press, and is thus subject to change according to the file and code structure of future WP versions.

About the Author
Jeff Starr = Designer. Developer. Producer. Writer. Editor. Etc.
SAC Pro: Unlimited chats.

11 responses to “WP Core Hacks Used at Perishable Press”

  1. Anthony Cases 2008/06/17 1:40 am

    I was just googling and came across your site, i found it very interesting and will spread the word to my friends, cheers ant.

  2. Perishable 2008/06/17 9:45 am

    Thank you — it is greatly appreciated! :)

  3. Hi! I have a trouble with writing post, because i am typing the symbol (&quot) “, but once published it appears as (&rdquo) or (&ldquo) how can i resolve this trouble?

  4. Jeff Starr 2008/09/21 8:30 am

    If you need straight double quotes, type ". If you need left double quotes, type . If you need right double quotes, type . Notice the semicolon at the end of each these — very important.

  5. Yes i’m typing both forms: (“) and (&quot) with semicolon but when i publish the post, for example i made a textarea tag with codes and when i published the post all symbols (“) had appeared as left double quotes and right double quote. See the image here please: http://img184.imageshack.us/my.php?image=img123xb5.png

    So, i need only (“) symbol just because in other case the code snippet will be wrong.

    Thanx a lot

  6. Jeff Starr 2008/09/24 3:08 pm

    This sounds like an issue with a code-formatting or syntax-highlighting plugin. By default, WordPress does not covert these characters, but there are many overzealous syntax highlighters and other similar plugins that are known to interfere, cause problems, etc. Without diving into your site, it is difficult to guess what the issue might be.. hopefully this will provide some ideas! :)

  7. Bridgend Web Design 2010/11/01 10:52 am

    Just came across this while looking up how to change the default password-protected post form.

    Of course, these days you can hook into the password form with:

    add_filter( 'the_password_form', 'custom_password_form' );

    Just thought I’d mention it in case anyone else comes here for the same thing.

  8. Hi Jeff,

    You’re very familiar in modifying wp-includes files and I’m just wondering if you think its possible to change the default upload directory to a specific subdomain in wp-includes/function.php?

    I use WP 3.05 and I want to load the images directly to my subdomain? Right now, I have 1000+ images and had to manually transfer new images to the subdomain.

    Thanks and looking forward to your reply.

  9. Hi marion,

    It looks like there is some useful information at the WP Support Forums:


    Also, it looked like a few good pages found Googling for “wordpress change default upload directory”.

    Good luck :)

  10. Thanks for the reply Jeff. I actually have tried all those tutorials found in Google. I notice though that WordPress doesn’t actually let you physically store images outside the WP installation. In order for the subdomain to work, I have to point it to my WP /img folder, and use a mod rewrite so my files will pointing back to http://img.domain.tld.

    This didn’t make any significance to my site, so now I just manually transfer any new uploaded files to the subdomain.

  11. Violet Tabar 2011/07/03 3:51 am

    Hello! I’ve been following your web site for some time now and finally got the courage to go ahead and give you a shout out from Porter Texas! Just wanted to tell you keep up the excellent work!

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Blackhole Pro: Trap bad bots in a virtual black hole.
Crazy that we’re almost halfway thru 2024.
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.