Anatomy of aWordPress pluginThe Whats, Hows & Why notsby:Amit Guptahttp://amitgupta.in/@amitgupta
Amit Gupta@amitguptahttp://igeek.info/https://github.com/coolamithttp://amitgupta.in/
WordPress is a Content Management System, aka, a CMS. It is a flexible and extendable publishing platform which allows yo...
Plugin Initializationregister_activation_hook( __FILE__, function(){//dance away to glory, WordPress calls moi} );?Limits ...
ACTDon’t react! Detect the first run of the plugin and initialize Handle new installation & upgrade routines when plugin...
In WordPress Admin Create settings page(s) for your plugin Hook into the navigation menu & add your navigation itemsYou ...
In WordPress Admin Use Settings API as much as possible. Itll keep your UI & UX consistentwith WordPress. http://codex.wo...
Data Never trust user input, even of a logged in user or administrator. Always validate and sanitize data. http://codex....
Security Avoid using SQL directly in WordPress, use the API & vast trove of functions instead If you must then use wpdb:...
Performance Avoid running SQL directly on database Use WordPress API for data fetching, WordPress might have it already ...
Resources http://codex.wordpress.org/ http://codex.wordpress.org/Plugin_API http://codex.wordpress.org/Writing_a_Plugin...
QuestionsCredits:Clipart image sourced from FreeDigitalPhotos.net
Anatomy of a WordPress plugin
Upcoming SlideShare
Loading in …5
×

Anatomy of a WordPress plugin

1,200 views
1,071 views

Published on

Slide-deck of my talk on WordPress plugin development at Barcamp Delhi 9 - April 2013

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,200
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Anatomy of a WordPress plugin

  1. 1. Anatomy of aWordPress pluginThe Whats, Hows & Why notsby:Amit Guptahttp://amitgupta.in/@amitgupta
  2. 2. Amit Gupta@amitguptahttp://igeek.info/https://github.com/coolamithttp://amitgupta.in/
  3. 3. WordPress is a Content Management System, aka, a CMS. It is a flexible and extendable publishing platform which allows you get a websiteup and about easily. It takes 5 minutes (or less) to installhttp://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install It has a vast API to make it do what you want (even if it doesn’t want to) You control the content, it doesn’t control youWordPress has a very well documented plugin API - http://codex.wordpress.org/Plugin_APIHooks – entry points that lead inside WordPress & make it do what you want Actions – Waypoints that are executed at specific times or events Filters – Hooks that allow you to manipulate data
  4. 4. Plugin Initializationregister_activation_hook( __FILE__, function(){//dance away to glory, WordPress calls moi} );?Limits the playing field for the plugin: No bundling with themes No use on a controlled platform like WordPress.com VIP, WP-Engine etc.
  5. 5. ACTDon’t react! Detect the first run of the plugin and initialize Handle new installation & upgrade routines when plugin is loaded Use ‘init’ hook if your plugin doesn’t need to initialize earlierCredits:Clipart image sourced from FreeDigitalPhotos.net
  6. 6. In WordPress Admin Create settings page(s) for your plugin Hook into the navigation menu & add your navigation itemsYou can :Dont create a highlevel menu if notabsolutely necessary.Create a submenu inSettings or whereappropriate
  7. 7. In WordPress Admin Use Settings API as much as possible. Itll keep your UI & UX consistentwith WordPress. http://codex.wordpress.org/Settings_API But if your UI is complex, dont hesitate to think outside the box.
  8. 8. Data Never trust user input, even of a logged in user or administrator. Always validate and sanitize data. http://codex.wordpress.org/Data_Validation When sending data to browser, esc_*() functions are your best friends, use themeg. esc_url(), esc_attr()
  9. 9. Security Avoid using SQL directly in WordPress, use the API & vast trove of functions instead If you must then use wpdb::prepare() to construct your SQLhttp://codex.wordpress.org/Class_Reference/wpdb Use nonces to avoid CSRF – http://codex.wordpress.org/WordPress_Nonces
  10. 10. Performance Avoid running SQL directly on database Use WordPress API for data fetching, WordPress might have it already cached If you generate data, then cache it Caches with variable life are slightly complex but give best performance End of the day, its just PHP code, so optimize it for performance
  11. 11. Resources http://codex.wordpress.org/ http://codex.wordpress.org/Plugin_API http://codex.wordpress.org/Writing_a_Plugin http://codex.wordpress.org/Settings_API http://codex.wordpress.org/Data_Validation http://codex.wordpress.org/Class_Reference/wpdb http://codex.wordpress.org/WordPress_Nonces
  12. 12. QuestionsCredits:Clipart image sourced from FreeDigitalPhotos.net

×