• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Damien Carbery - Website Development

Getting You Online & Keeping You There

Getting You Online & Keeping You There Get Started
  • Home
  • Services
  • Maintenance Plans
  • Portfolio
  • Blog
  • About Me
  • Contact
You are here: Home / Website Development / Standalone WordPress scripts – what do they do & how to secure them

Standalone WordPress scripts – what do they do & how to secure them

Published: January 30, 2017 (Updated: October 18, 2017)

Standalone scripts give you access to the WordPress API to do things without the burden of a theme. You can do anything you want. See how easy it is.

I frequently write scripts that can be run outside of WordPress but still have access to the WordPress API. These can be used for many tasks where you do not want to associate them with a page or post view e.g. automating the update of a meta value or changing something in an existing post – the options are endless.

All of these scripts start the same way – set WP_USE_THEMES to false and then load wp-blog-header.php. This is almost identical to WordPress’ index.php file, with WP_USE_THEMES reversed.

Basic Example

Here is a very basic script to display the site name. Put the file in the root directory of the site, in the same directory as wp-blog-header.php, and open the page in your browser.

Secure the Script

You can now query, add or edit posts, upload files, create, edit or delete users and much more. You have admin access to the site!! For this reason we need to secure the file.

I start my scripts off with an array of IP addresses that are allowed access the script. Other IPs receive a 403/Forbidden header response.

I also add the same IP addresses to a .htaccess file, similar to how I limited access to debug.log in Debugging with WordPress and being secure.

Example Uses

As you have full access to the WordPress API and plugins you can do an endless number of things. Here are some examples of what I have done.

Create Events and Upload Images

On Cork Entertainment, a client site that lists events in Cork in Ireland, I run such a script each night to scrape data from the website of one venue (with the owner’s permission).

The site uses Events Manager so the script starts off by retrieving a list of forthcoming events for that venue. Then it downloads the venue’s event listing page, parses it (regular expressions FTW!) and determines whether the event is already listed. For new events it adds a new EM_Event(). If there is an image associated with the event it downloads it from the venue site, uploads it to the client site and sets it as the event’s featured image. And then it emails me a list of added events.

Count Custom Field Data and Cache

Another client site listed the various services available to people planning their wedding – florists, photographers, venues etc. The site used Woocommerce (each service was a ‘product’) and Advanced Custom Fields. The client required a pair of dynamically populated drop downs. The first one listed regions in the target country and the second would display the number of each service available there. The second drop down was loaded using ajax when the first one changed.

Initially I was calculating the service count on the fly (the region was a custom field in each product) but this was slow. I extracted the code to a standalone script that ran each hour. It counted the services by region and stored all the data as a single custom fields in the database. The ajax code simply returned this custom field value to browser – nice and quick.

Access Woocommerce Data

When using a standalone script Woocommerce doesn’t start automatically so the script needs a few extra steps to get it going.

This script retrieves the product IDs of the latest products. Note that there is no ‘loop’ – because it only requests the IDs. This uses less memory than a regular loop.

This script generates a html page and includes some timer and memory stats, for demonstration purposes.

From this starting point you can do many things e.g query orders to count sales for scenarios not covered by the built in reports, or update stock levels to or from another system.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Blog Categories

  • Being Green
  • Food
  • Grammar
  • Just Strange
  • Laziness
  • Personal
  • Portfolio
  • Race Reports
  • Shudder
  • Typo
  • Website Development
  • WooCommerce Tips
  • Facebook
  • Twitter

Copyright © 2013–2023 Damien Carbery · Using Genesis Framework · Privacy Policy