WordPress Plugin Development Cheat Sheet

access_timepersonjunaidte14folderTech, Wordpress

WordPress plugins are used to extend the functionality of a WordPress website. There are about 51,000+ plugins available in WordPress’s official plugins repository at the writing of this post. There are scenarios when you need to develop your own WordPress plugin for some specific task/requirement. In this blog post, we present some useful functions, hooks, filters, and best practices for custom WordPress plugin development.

Built-In Functions:

wp_email('example@example.com', 'Subject', 'Message');
wp_die('The message here');

function_exists() - for functions
isset() - for variables
class_exists() - for classes
defined() - for constants

is_admin()
is_singular()
is_page()
is_archive()

//data validation
is_email() // check if email is valid
term_exists() checks if term exists
username_exists() checks if the username exists

//data sanitization
sanitize_email()
sanitize_text_field()
sanitize_user() // sanitize data as username

//nonces
wp_nonce_field('myplugin_form_action', 'myplugin_nonce_field', false);
wp_verify_nonce($nonce, 'myplugin_form_action');

Pluggable Functions:

https://codex.wordpress.org/Pluggable_Functions

Wp Security Techniques:

Plugin Security
  • Data Validation
  • Sanitizing input – make sure input is safe
  • Sanitizing output – make sure output is safe
  • Using nonces – make sure submitted forms are secure
  • Checking users

Best Practices:

  • File organization
  • Plugin architecture
  • Avoid naming collisions
  • Choose a good name for your plugin
  • Write great documentation
  • Plugin boilerplates

Common Best Practices:

  • Add blank index files in each directory of the plugin so that the contents of the plugin directories are not directly accessible (excluding the images, css and js folders)
  • Make sure to check the constant ABSPATH is defined to prevent direct access to the PHP files of the plugin

Hooks:

Example

function myplugin_action_hook_example(){
    wp_email('example@example.com', 'Subject', 'Message');
}
add_action('init', 'myplugin_action_hook_example');

References:
https://codex.wordpress.org/Plugin_API/Action_Reference

Important Hooks

register_activation_hook() // runs when the plugin is activated
if(! current_user_can('activate_plugins')) return;
//do things like adding options, creating tables etc.
register_deactivation_hook() // runs when the plugin is deactivated
if(! current_user_can('activate_plugins')) return;
//do things like 
flush_rewrite_rules();

register_uninstall_hook() // runs when the plugin is uninstalled
if(! current_user_can('activate_plugins')) return; 
//do things like
delete_option('myplugin_posts_per_page', 10);

Filters:

function myplugin_filter_hook_example($content){
    $content = $content . '<p>Custom Content Here...</p>';
    return $content;
}
add_filter('the_content', 'myplugin_filter_hook_example');

References:
https://codex.wordpress.org/Plugin_API/Filter_Reference

Leave a Comment