MU Code in WordPress is a super powerful tool. a few lines of code can replace an entire plugin.

As standard, MU Code is a bit difficult to reach and edit so I have created a handy plugin to allow you to edit and publish all of these snippets from inside your WP Admin Dashboard.

Snippets:

Here is a sneak peek of the handy code snippets to come which you can add to your own WP instance and tweak to suit your own needs:

Stop Spam Carts

<?php
// STOP SPAM CARTS !
    add_filter( 'woocommerce_add_to_cart_validation', 'prevent_get_request_add_cart_item', 10, 5 );
    function prevent_get_request_add_cart_item( $passed, $product_id, $quantity, $variation_id = '', $variations = '' ) {
      if ( isset( $_GET['add-to-cart'] ) ) {
        return false;
      }
      return $passed;
    }

Bot Trap Product

<?php
 404]);
}

/**
 * Block add-to-cart via classic flows (button, form POST, ?add-to-cart, AJAX).
 */
add_filter('woocommerce_add_to_cart_validation', function(
    $passed,
    $product_id,
    $quantity,
    $variation_id = 0,
    $variations = []
){
    if ( ! $product_id ) return $passed;

    $check_id = $variation_id ?: $product_id;
    $product  = function_exists('wc_get_product') ? wc_get_product($check_id) : null;

    if ( $product && $product->get_sku() === TCR_TRAP_SKU ) {
        tcr_send_404_and_die();
    }

    return $passed;
}, 0, 5);

/**
 * Extra guard: if someone hits ?add-to-cart=ID directly.
 */
add_action('init', function() {
    if ( empty($_REQUEST['add-to-cart']) ) return;

    $id      = absint($_REQUEST['add-to-cart']);
    $product = function_exists('wc_get_product') ? wc_get_product($id) : null;

    if ( $product && $product->get_sku() === TCR_TRAP_SKU ) {
        tcr_send_404_and_die();
    }
});

/**
 * Store API / headless guard: block /wp-json/wc/store/cart/add-item payloads.
 * We avoid theme templates and return the same 404 response body.
 */
add_action('rest_api_init', function () {
    $uri = $_SERVER['REQUEST_URI'] ?? '';
    if (strpos($uri, '/wp-json/wc/store/cart') === false) return;

    // Read once; REST calls send JSON bodies.
    $raw  = file_get_contents('php://input');
    $body = $raw ? json_decode($raw, true) : [];

    // Handle both single add and batch structures.
    $maybe_items = [];
    if (isset($body['id'])) {
        $maybe_items[] = $body;
    } elseif (!empty($body['items']) && is_array($body['items'])) {
        $maybe_items = $body['items'];
    }

    foreach ($maybe_items as $item) {
        $pid = isset($item['id']) ? absint($item['id']) : 0;
        if ( ! $pid ) continue;

        $product = function_exists('wc_get_product') ? wc_get_product($pid) : null;
        if ( $product && $product->get_sku() === TCR_TRAP_SKU ) {
            tcr_send_404_and_die();
        }
    }
});

Performance & Cleanup

1. Disable Emojis & Embeds – “Speed Up WP: Remove Emojis & Embeds”
2. Limit Revisions & Autosave – “Stop DB Bloat: Revisions/Autosave Tweak”
3. Dequeue Unused Block Styles – “Faster Frontend: Trim Block CSS”
4. Remove Query Strings from Assets – “Cache Better: Strip ?ver from CSS/JS”
5. Preload/Preconnect Hints – “Instant Speed: Preload Fonts & CDN”
6. Defer/Async JS (safe list) – “Defer Scripts for Faster Paints”
7. Heartbeat Rate Control – “Save CPU: Tame WP Heartbeat”
8. Disable XML-RPC – “Secure & Faster: Kill XML-RPC”
9. Tidy wp_head() Output – “Clean Head: Remove RSD/WLManifest/Shortlink”

Security & Hardening

10. Force Strong Passwords (non-admins) – “Stronger Passwords in 1 Minute”
11. Block User Enumeration – “Stop /?author= Scans”
12. Disallow File Editing – “Safer WP: Disable Theme/Plugin Editor”
13. Restrict REST Endpoints – “Lock Down REST: Public vs Private”
14. Auto-Logout Inactive Users – “Security: Auto-Logout Idle Users”
15. Limit Login Attempts (lightweight) – “Soft Rate Limit: Stop Brute Force”

Admin UX & Workflow

16. Custom Admin Menu Cleanup – “Declutter Admin: Hide Menu Items”
17. Custom Dashboard Widget – “Your Dashboard, Your Metrics”
18. Change Login Logo/URL/Title – “Brand Your Login Screen”
19. Auto-Assign Default Categories – “No ‘Uncategorized’ Ever Again”
20. Force Media Upload Limits (size/MIME) – “Control Uploads: Types & Sizes”
21. SVG Uploads (sanitized) – “Enable Safe SVG Uploads”

Content & SEO

22. Auto Nofollow External Links – “SEO Safety: Nofollow External Links”
23. Open External Links in New Tab – “UX Tweak: External Links Target=_blank”
24. Fallback ALT Text for Images – “Accessibility: Auto ALT Fallbacks”
25. Exclude Pages from Search – “Cleaner Search: Posts Only”
26. Canonical Tweaks on Archives – “Fix Duplicate Content Canonicals”
27. Auto-Set Featured Image (first image) – “No More Missing Thumbs”
28. Custom 404 Suggestions (popular posts) – “Smarter 404: Keep Users On-Site”
29. Disable RSS or Customize Feeds – “Control Feeds: Disable or Beautify”

Comments & Spam Control

30. Auto-Close Comments After X Days – “Kill Old Comment Spam”
31. Disable Comments on Media – “Stop Attachment Comment Spam”
32. Keyword/URL Count Filters – “Comment Filter: Fewer Spammy Links”
33. Nightly Spam Trash via Cron – “Auto-Clean Spam while You Sleep”

WooCommerce Practical Wins

34. Change “Add to Cart” Text – “Custom Add-to-Cart Text in 60s”
35. Min Order Amount + Notice – “Minimum Order with Friendly Message”
36. Hide Shipping Until Address – “Cleaner Checkout: Hide Shipping Early”
37. Auto-Complete Virtual Orders – “Instant Delivery: Virtual Orders Auto-Complete”
38. Block Spam Add-to-Cart via GET – (you planned this) “Stop Bot Carts (MU Code)”
39. Cart Item Limits/Blacklist – “Limit Quantities or Block SKUs”
40. Stock Threshold Alerts (custom) – “Smarter Low-Stock Email Triggers”

Scheduling / Automation

41. Custom Cron for DB Cleanup – “Weekly Tidy: Options/Transients”
42. Post-Publish Pings (e.g., webhook) – “Trigger Webhooks on Publish”
43. Auto-Expire Old Posts – “Set Content Expiry Dates”

Multisite / User Management

44. Force Site Language/Timezone – “Consistent Locale Settings”
45. Role/Capability Tweaks – “Create a Custom Editor+ Role”
46. Redirect After Login by Role – “Send Users Where They Belong”