This document summarizes a presentation on plugin development for WordPress. The presentation covers topics like plugin architecture, coding standards, documentation, testing, security, internationalization, and more. It emphasizes best practices for WordPress plugin development like using the WordPress API, hooks and filters, object-oriented programming, documentation, testing, and security practices like sanitizing data.
2. Barry Kooij
•
Senior Web Developer @ Yoast
•
WordPress SEO (Premium),What The File, Sub Posts
•
Contributor EDD, EDD extensions
•
Moderator WPNL forum
•
Twitter: @cageNL
13. Open source
•
WordPress is open source
•
No really, literally OPEN SOURCE
•
The code and documentation is all in your project
•
Try command clicking a function
14. API
•
Dashboard Widgets API
•
Rewrite API
•
Database API
•
Settings API
•
HTTP API
•
Shortcode API
•
File Header API
•
Theme Modification API
•
Filesystem API
•
Theme Customization API
•
Metadata API
•
Transients API
•
Options API
•
Widgets API
•
Plugin API
•
XML-RPC WordPress API
•
Quicktags API
•
Image Manipulation API
34. WordPress repository
•
Use a header image
•
Have clear description what your plugin does
•
Non consumers rate by downloads combined with rating
35.
36. Ask for ratings
•
Users don’t mind rating your plugin
•
Don’t ask right away, let the user use your product first
•
Make it a optional, and make this very clear!
39. Conditional loading of code
•
Don’t load every class on every page load
•
Don’t initialise every class on every page load
•
Split frontend and backend classes - is_admin()
•
Use an autoloader
41. Code documentation
•
Write code documentation, people will love you for it!
•
Write inline documentation directly after the function declaration
•
•
•
You won’t ‘forget’ writing it afterwards
You’re making yourself rethink what you function should do
All good IDE’s will use the inline documentation for autocompletion
44. Sanitizing data
•
Checking if data is of an expected structure (e.g. email)
•
•
is_email
Reformatting data so it will be of expected structure (e.g. title)
•
sanitize_title
http://codex.wordpress.org/Data_Validation#Input_Validation
46. Capabilities
•
Is the user allowed to do this?
!
// Check capabilities
if ( ! current_user_can( 'manage_options' ) ) {
wp_die( __( 'Cheatin’ uh?' ) );
}
47. Direct file access
•
Don’t allow direct access to files
•
Place this at the top of your files:
if ( ! defined( 'ABSPATH' ) ) {
header( 'HTTP/1.0 403 Forbidden' );
die;
}
52. Register the AJAX action
•
Tell WordPress your plugin is accepting AJAX requests
•
add_action( ‘wp_ajax_my_ajax_action’, array( $this, ’callback’ ) );
•
add_action( ‘wp_ajax_nopriv_my_ajax_action’, array( $this, ’callback’ ) );
53. Use jQuery to do the POST
jQuery.post(
ajaxurl,
{
action
: 'my_ajax_action',
ajax_nonce
: jQuery(‘.wpseo_redirects_ajax_nonce').val(),
my_var
: my_val
},
function (response) {
// Do something
}
);