Categories
WordPress

Add `phpinfo()` to Your WordPress Site

Enable the viewing of your server’s phpinfo() output within your WordPress installation, without leaving the information open to public viewing.

From time to time, you may find it necessary to check out phpinfo() in order to see your server’s capabilities, limitations, or whatever. While it’s tempting to upload a file to your serve containing only <?php phpinfo(); ?>, it’s not a good idea to leave that file there for the world to see; likewise, it’s a pain to delete it and upload it repeatedly, as it’s needed.

You can add phpinfo() capabilities right to WordPress by adding the following code to your Thesis custom_functions.php file, appropriate theme custom file, or site customization plugin. The code will allow you to access phpinfo() by appending ?phpinfo=1 (or &phpinfo=1 if there are already parameters present) to any address on your site, front or backend.

There will also be a link to the phpinfo() added to the Tools section of the WordPress admin panel menu for your convenience.

And you can easily control which of your registered users by modifying the PHPINFO_ACCESS variable near the top of the code; possible values for it are available on the WordPress Codex.

/**
 * Enable phpinfo() viewing from within WordPress
 */
function custom_do_phpinfo_page() {
	# Define access level
	define( 'PHPINFO_ACCESS', 'remove_users' );

	if ( current_user_can( PHPINFO_ACCESS ) && isset( $_GET['phpinfo'] ) &&  true == $_GET['phpinfo'] ) {
		phpinfo();
		exit;
	}
}
add_action( 'init', 'custom_do_phpinfo_page' );

/**
 * Add phpinfo() link to WordPress admin menu
 */
function custom_add_phpinfo_menu_item() {
	global $submenu;

	$submenu[ 'tools.php' ][ 500 ] = array( 'phpinfo()', PHPINFO_ACCESS , get_home_url() . '/?phpinfo=1' ); 
}  
add_action( 'admin_menu', 'custom_add_phpinfo_menu_item' );

Did you know you can add arbitrary links to the WordsPress admin menu? Sure can!

4 replies on “Add `phpinfo()` to Your WordPress Site”

David, none that I can see. Even if anyone else thinks to visit your info page, it won’t do anything special for them unless they are logged in to your blog with the ability to delete users.

Join the Discussion

Your email address will not be published. Required fields are marked *

Comments must be made in accordance with the comment policy. Use your Gravatar-enabled email address while commenting to automatically enhance your comment with some of Gravatar's open profile data.

You may use Markdown to format your comments; additionally, these HTML tags and attributes may be used: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>