As a security precaution, running PHP inside WordPress content is forbidden; to allow dynamic interactions with the content, Shortcodes were presented in WordPress version 2.5.
Shortcodes are macros that can be used to perform dynamic interactions with the content. i.e creating a gallery from images attached to the post or rendering a video.
Shortcodes are a valuable way of keeping content clean and semantic while allowing end users some ability to programmatically alter the presentation of their content.
When the end user adds a photo gallery to their post using a shortcode, they’re using the least data possible to indicate how the gallery should be presented.
- No markup is added to the post content, which means that markup and styling can easily be manipulated on the fly or at a later state.
- Shortcodes can also accept parameters, allowing users to modify how the shortcode behaves on an instance by instance basis.
By default, WordPress includes the following shortcodes:
[caption]– allows you to wrap captions around content
[gallery]– allows you to show image galleries
[audio]– allows you to embed and play audio files
[video]– allows you to embed and play video files
[playlist]– allows you to display collection of audio or video files
[embed]– allows you to wrap embedded items
Best practices for developing shortcodes include the plugin development best practices and the list below:
- Always return!
Shortcodes are essentially filters, so creating “side effects” will lead to unexpected bugs.
- Prefix your shortcode names to avoid collisions with other plugins.
- Sanitize the input and escape the output.
- Provide users with clear documentation on all shortcode attributes.
See the complete example of using a basic shortcode structure, taking care of self-closing and enclosing scenarios, shortcodes within shortcodes and securing output.