WordPress shortcodes, which are part of WordPress Core and many plugins, can be a source of confusion for new WordPress users.
Shortcodes look like this:
Let’s take a look at the problems shortcodes solve and how they’re used.
The average WordPress page is a mixture of text and images entered into the content management system’s editor. But many also offer extra functionality like forms, media embeds, maps, and other dynamic content. Shortcodes allow WordPress users to add new dynamic content to posts and pages safely without requiring them to know how to code.
This is what gives WordPress its power: because the pages are built when they are loaded, the content can be dynamically changed for every page-load depending on a multitude of factors, such as when the page is loaded or which user is logged-in.
Firstly, it creates a massive security vulnerability; this is how cross-site scripting attacks are born. Secondly, there’s every chance that arbitrary code will stop the page, or the whole site, from working properly. And thirdly, most WordPress users can’t code, so there needs to be an easier way for them to add dynamic content.
Allowing users to add new features to WordPress pages is essential, but allowing them to add their own code is irresponsible. Shortcodes are the solution to this dilemma. A shortcode is essentially a macro: a snippet of text that is expanded into a larger code snippet.
Let’s say you wanted to embed a video using the default video shortcode.
Shortcodes start and end with square brackets. The first bracket is followed by the name of the shortcode, which is followed by a series of attributes of the form attribute=”string”.
Adding new shortcodes to WordPress isn’t all that difficult if you have some knowledge of PHP. Each shortcode is defined in the site’s PHP code using the Shortcode API. Theme and plugin developers use this API to add functionality so that users can inject dynamic content within pages.