Yes — you can make this cleaner, safer, and a bit more correct (especially around globals and reset functions).
4. exit;
Because the constant isn’t defined, the script immediately stops executing.
In addition, WordPress includes hundreds of hooks, filters, and functions. Some have better documentation than others (and even that can be difficult to comprehend).
That’s all great and exciting stuff. However, we may be missing the boat regarding other use cases. AI has the potential to do more than perform menial tasks. We can also pick its virtual brain to learn more about WordPress and related technologies.
Explain What a Function or Code Snippet Does
That’s particularly true for well-documented software like WordPress. The content management system (CMS) is full of niche functions and settings. Not to mention a whole ecosystem of themes and plugins.
Let’s put that theory to the test by asking AI to review an old-school WordPress post query.
This is all valuable information. We now know the purpose of our snippet and have a step-by-step guide to explain what it does.
AI apps are easy to use when working with code – almost too easy. It’s tempting to copy the results and ignore the app’s explanation of what it just did. However, there’s value in slowing down and reading those details.
3. Escape output (security/hardening)
2. Use wp_reset_postdata() (not wp_reset_query())
Here’s a simple example, using a snippet commonly found in theme templates and plugins. We’ll ask ChatGPT to provide some details.
3. Direct access scenario
If someone tries to access the file directly in a browser, e.g.:
https://example.com/wp-content/plugins/my-plugin/my-file.php
- ABSPATH is a constant defined by WordPress in wp-config.php during the normal WordPress bootstrap process.
- It contains the absolute filesystem path to the WordPress installation.
This is the main “more secure” improvement.
- The code checks whether WordPress has already been loaded.
- If WordPress is running normally, ABSPATH will exist.
This snippet is a standard security guard used in WordPress PHP files, especially in plugins and themes.
"Build me a related posts plugin for WordPress."Also consider:
2. defined( ‘ABSPATH’ ) check
Artificial intelligence (AI) is a tool for getting things done. The WordPress community is already using it to write and troubleshoot code. Meanwhile, the WordPress project is in the midst of making AI integrations easier for all.
Read more articles by Eric Karkovack
Discover Different Approaches for Building a Feature
numberposts works, but posts_per_page is the more standard arg.
We can use this line of thinking when instructing AI to generate code. Let’s consider building a related posts plugin.
You may also want to share relevant documentation, such as the WordPress theme and plugin handbooks. That will ensure AI compares your code against best practices.
How it works
1. ABSPATH
What it does
It prevents the PHP file from being accessed directly via the browser.
So, what can AI teach us about WordPress? Let’s find out!
ChatGPT’s response was even more robust than what’s included above. It also gave specifics on where our snippet is typically found and advice on security best practices.
Research Improvements and Optimizations
The bottom line is that, if you want to learn more about WordPress, AI offers a simple way to do it. Even better, it (probably) won’t get mad if you keep asking questions!
As such, it’s worth weighing your options. There may be an approach that’s easier to maintain or extend later. This also comes in handy when a client inevitably changes their mind.
1. Don’t rely on global $post in the loop variable
Our first attempt to build a feature isn’t always the best one. After all, the goal is to find the best answer, not the quickest.
In addition, AI provided two revised snippets that include the above suggestions. It’s an easy way to modernize an old code snippet.
That overwrites the global $post reference inside the loop (and can confuse readers). Use a different variable name (e.g. $featured_post) and then pass it to setup_postdata().
"I want to build a related posts plugin for WordPress. Give me at least two approaches for achieving this, along with the pros and cons for each one."Why not ask AI for a few suggestions? Paste a code snippet or upload a file, then instruct the app to improve performance, efficiency, and security.
- Fetches 1 post from category ID 4
- Loops it, outputs a link with title
- Calls setup_postdata() so template tags like the_title() / the_permalink() work
- Resets something at the end
Our code may work, but is it the best it can be? Is it secure and performant? Will it be compatible with the next version of WordPress? All are important considerations.
"What does the following code snippet do?"You can use AI as a guide for understanding how everything works. It’s a way to dig deeper and experiment with building from scratch and reworking your existing code.
4. Prefer newer/clearer query args
AI can help you identify what a code snippet does in short order. Paste it into your favorite Large Language Model (LLM), and you’ll receive a detailed overview of what’s happening. You can even ask follow-up questions to narrow down a specific line.
- get_posts() does not modify the main query ($wp_query)
- wp_reset_query() resets the main query and is meant for query_posts() usage (which you should avoid)
- After setup_postdata(), the right cleanup is wp_reset_postdata()
You might start with a prompt like this:
- the_title() and the_permalink() generally output safe data, but in custom code it’s best practice to use the “get_” versions and escape yourself:
- esc_url( get_permalink( … ) )
- esc_html( get_the_title( … ) )
There’s something to be said for having a second set of eyes (or the virtual equivalent) review your work. That applies to proofing a new project or refactoring legacy code. You won’t have to look far to find room for improvement.
Right now you’re doing:
global $post;
foreach ( $myposts as $post ) :
Human knowledge still matters, and AI is only as effective as the person interacting with it. So, why not learn as much as we can? This new technology could be a goldmine of information, with the results improving our project outcomes and helping us develop better processes.
5. If you only need one post, you don’t need a foreach
- ‘no_found_rows’ => true (micro-optimization; avoids pagination counts)
- ‘ignore_sticky_posts’ => true (avoid sticky surprises)
- ‘post_status’ => ‘publish’ (explicit)
You can grab the first result and output it, reducing code and risk.
Issues / improvements
"Review this code snippet and tell me how to improve it. Could it be more secure or efficient?"
Code snippets aren’t always easy to understand, particularly when you’re unfamiliar with them. For example, you may inherit a website that includes a custom plugin or theme template. Likewise, you might not recall the purpose of something you wrote years ago.
What your snippet currently does
That’s why code typically undergoes several rounds of revisions. It seems like there is always something we didn’t account for in the initial try. For instance, there could be a missing detail or a feature that includes unnecessary bloat. Both humans and AI models make these mistakes.
Why this matters
Without this check:
-Someone could directly run the PHP file.
-Internal functions might run outside the WordPress environment.
-It could expose sensitive data, database queries, or admin functionality.
WordPress has not been loaded, so:
defined(‘ABSPATH’) === false
here. He recently started a writing service for WordPress products: WP Product Writeup. He also has an opinion on just about every subject. You can follow his rants on Bluesky @karks.com.
In some ways, using AI can be akin to having a seasoned developer by your side. You can learn a lot by paying attention.
