Skip to content

BryanH/Wordpress_add-code-to-head

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
add-code-to-head.php
add-code-to-head.php
 
 
screenshot-1.png
screenshot-1.png
 
 
uninstall.php
uninstall.php
 
 

Repository files navigation

Add Code To Head

Contributors: HBJitney LLC
Tags: code, javascript, css, template
Requires at least: 6.1
Tested up to: 6.9.0
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.html
Stable tag: trunk

Add custom Javascript/HTML/CSS codes to the page head without editing the template.

Description

Intended users: Template Designers, Developer, Admins

If you wish to add any custom HTML to each page's header, then this plugin is for you.

This is useful for verifying you are the owner of the website to services such as Mailchimp or Google. You can quickly add the verification codes to your page header without having to edit your site's template.

In general, you can add custom CSS, a link to an external javascript file or something else. While it is generally recommended to create a child template if you're going to make extensive, permanent changes to a template, there may be instances where a small change or two is needed that wouldn't justify the creation of a child template—or your current template might not support child templates. You should nearly always avoid editing a template directly, because your changes will be lost when you next update the template.

This plugin is not affected by template changes.

Installation

Via the Wordpress install plugin option

  • Click the big 'Install Plugin' button in the plugin description window

Upload

If you have a single file (ending in ".zip"), then use this method.

  1. From the plugins, add new, click on the upload button
  2. Navigate to where the .zip file is located and select it
  3. Make sure to activate the plugin once it is installed

Files

If you have multiple files in a directory, use this method.

  1. Upload the entire directory (not just the files) to the /wp-content/plugins/ directory
  2. Activate the plugin through the 'Plugins' menu in WordPress

Frequently Asked Questions

Q. Will the latest changes resolve CVE-2025-48314?

The plugin now normalizes and sanitizes saved head code for users who do not have the unfiltered_html capability before it is stored, closing the stored XSS vector described in CVE-2025-48314 for untrusted roles. Site owners who intentionally grant unfiltered_html (such as administrators on single-site installs) still bypass this sanitization by design so they can insert arbitrary code.

Bottom line: the vulnerability of executing arbitrary code in the admin screens should be eliminated, however the functionality exists for public pages and is intentional. Only advanced users who know what they are doing should use this plugin.

Q. Why aren't my codes being added to the absolute end of the head?

Another plugin or the theme is adding their own codes to the head after this plugin runs.

Q. I don't know HTML/Javascript/CSS; can I still use this plugin?

You can, but you shouldn't. It is far too easy to break your site if you don't know what you are doing.

Q. Wordfence says something like "A potentially unsafe operation has been detected in your request to this site."

If you try to add a script or some other potentially-dangerous code (even if it isn't), Wordfence might complain. Double check your code and if it is okay, mark it as a false positive in Wordfence.

Q. Help! I messed up my whole site!

Disable the plugin. If your site is still messed up, then there's some other problem.

Q. I disabled your plugin and the problem went away. Now what?

The problem lies in whatever you typed/pasted into this plugin's option screen. If you're really stuck, then try clearing out the code and starting over.

Q. Help! I accidentally erased the code and I didn't mean to do that.

Similar to how widgets work, that data is stored in your database. If you made a backup before you deleted the data, then you can restore it that way, otherwise it is gone.

Q. How do I apply code to only a certain page or pages?

Right now you cannot. If there is sufficient demand, then we'll add it.

Q. Can I ask for additional functionality?

Absolutely!

Screenshots

1. Options screen

1. Options screen

Acknowledgements

Plugin Icon (CC BY 3.0) by DeniShop

Changelog

1.19

  • Fix for cross-site scripting vulnerability in admin pages (reported as CVE‑2025‑48314).
  • Note: arbitrary code insertion on public pages remains intentional (and is the point of this plugin).

1.17

  • Tested compatibility up to WP 6.7.1
  • Added note about Wordfence error that might be encountered

1.15

  • Tested compatibility up to WP 5.7.2
  • Reformatted script: converted tabs to spaces

1.13

  • Tested compatibility up to WP 4.6.1

1.11

  • Name changed to (hopefully) reduce confusion.

1.10

  • Screenshot updated
  • Compatibility with latest Wordpress

1.09

  • Readme file added

1.07

  • Original release

1.19

  • Fix for CVE ID: CVE‑2025‑48314
  • Stored head code is sanitized for users without unfiltered_html, mitigating the cross-site scripting (XSS) issue for untrusted roles

Upgrade Notice

1.21

  • Fixed bug that caused extra space to be added to head contents.
  • Code quality and best-practice pass. No database schema changes; existing saved code is unaffected.

About

A plugin to easily add any html code to the head of every page

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.21 Latest
Apr 11, 2026

Packages

 
 
 

Contributors

Languages