Your SlideShare is downloading. ×
WordPress Plugins: ur doin it wrong
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

WordPress Plugins: ur doin it wrong

2,445
views

Published on

Slides from presentation at WordCamp Portland

Slides from presentation at WordCamp Portland

Published in: Technology, Business

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,445
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
43
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • started from my personal pet peeves in plugins Andrew Ozz wrote great post two weeks ago Simplicity of WP plugins is double edged sword - low barrier to entry (even if you ride the PHP Short Bus...) - deceptively simple -- easy to learn, hard to master
  • Plugins break WP Upgrades - Scoble didn’t upgrade
  • suffix is optional, and only available for html and attr contexts
  • delay expensive operations until they’re actually needed
  • Goal of WordPress core nor plugins is to add every feature possible standard install makes 1200 filter calls, 20 action calls MySpaceID plugin extends OpenID plugin
  • no registration necessary, just call them just in time extensions for your own plugins ex: Activity Streams - ‘register service’ model - just in time adding of new services
  • Transcript

    • 1. WordPress Plugins: ur doin it wrong ur doin it wrong
      • Will Norris < http://willnorris.com />
    • 2.  
    • 3.  
    • 4.  
    • 5. Effect of Plugins
      • Upgradability
      • Performance
      • Security
      • Extensibility
    • 6. Unique Function Names
    • 7. Function Name Prefix
      • wcsea_activate()
      • wcsea_deactivate()
      • wcsea_uninstall()
    • 8. Class
      • class WordCampSEA {
      • function activate()
      • function deactivate()
      • function uninstall()
      • }
    • 9. Escape Values
    • 10. What do these have in common?
      • XSS
      • CSRF
      • SQL-injection
    • 11. Escape Values
      • 1. Standard prefix
      • 2. Context (attr, html, js, sql, url, url_raw)
      • 3. Optional translation suffix
      http://markjaquith.wordpress.com/2009/06/12/escaping-api-updates-for-wordpress-2-8/
    • 12. Never Assume File Location
    • 13. Traditional Directory Layout
      • example.com/
      • wordpress/
      • wp-config.php
      • wp-content/
      • plugins/
      • themes/
    • 14. Non-Traditional Layout (since WP 2.6)
      • example.com/
      • wordpress/
      • wp-config.php
      • wordpress-content/
      • plugins/
      • themes/
    • 15. Plugin URL
      • ur doin it wrong:
      • <img src=”<?php bloginfo(‘wpurl’) ?>/wp-content/plugins/wcsea/logo.png” ?>
      • dats bedder:
      • <img src=”<?php echo WP_PLUGIN_URL ?>/wcsea/logo.png ?>”/>
      • you haz it:
      • <img src=”<?php echo plugins_url(‘logo.png’, __FILE__) ?>” />
    • 16. Plugin URL
      • plugins_url()
          • supports WPMU plugin directory
          • auto detects SSL
          • supports renamed plugin directory
          • calls ‘plugins_url’ filter
    • 17. Friends of plugins_url()
      • site_url()
      • admin_url()
      • includes_url()
      • content_url()
      • no home_url() (why not?)
    • 18. Including Files
      • ur doin it wrong:
      • include ‘../../wp-content/...’
      • dats bedder:
      • include ABSPATH . ‘wp-content/...’
      • you haz it:
      • include WP_CONTENT_DIR . ‘/...’
    • 19. Find the Right Hook
      • Load as late as possible, but no later
    • 20. Admin Hooks
      • ur doin it wrong:
      • add_action(‘admin_init’, ‘wcsea_admin_init’)
      • add_action(‘admin_head’, ‘wcsea_admin_head’)
      • you haz it:
      • $hookname = add_options_page( ... )
      • add_action(“admin_load-$hookname”, ‘wcsea_admin_init’)
      • add_action(“admin_head-$hookname”, ‘wcsea_admin_head’)
    • 21. Styles and Scripts
      • ur doin it wrong:
      • <script rel=”<?php echo plugins_url(‘wcsea.js’, __FILE__) ?>”></script>
      • you haz it:
      • wp_enqueue_script(‘wcsea’, plugins_url(‘wcsea.js’, __FILE__))
      • wp_enqueue_style(‘wcsea’, plugins_url(‘wcsea.css’, __FILE__))
    • 22. Styles and Scripts
      • wp_register_* and wp_enqueue_*
          • support dependencies
          • push scripts to footer
          • caching support based on version
          • (one day) server side concatenation
    • 23. Add your own hooks
      • A strategically placed hook covers a multitude of sins.
    • 24. Custom Hooks
      • Can do everything core WP hooks do:
          • event notification (actions)
          • massage data (the_content)
          • replace values (stylesheet)
          • extend functionality (http_api_curl)
          • replace functionality
    • 25. Custom Hooks
      • do_action(‘my-action’)
      • do_action(‘my-action’, $a, $b)
      • do_action_ref_array(‘my-action’, array($wcsea))
      • apply_filters(‘my-filter’, $wcsea)
      • apply_filters(‘my-filter’, $wcsea, $a, $b)
    • 26. Custom Tables
    • 27. Designed for Flexibility
      • WordPress database supports
          • custom options
          • arbitrary metadata for posts, users, and comments (2.9)
          • custom taxonomies
          • custom post types
    • 28. Custom Post Types
      • Used by WordPress core for
          • posts
          • pages
          • revisions
          • attachments
    • 29. If it walks like a duck...
      • author
      • date and time
      • title
      • content
      • comments
      • categories and tags
      • permalink
      • order
      • hierarchy
      • (additional arbitrary metadata)
    • 30. Admin Settings Pages
    • 31. Admin Settings Pages
      • Don’t waste time processing manually
      • register_setting( ‘wcsea’, ‘my-option’ )
      • http://codex.wordpress.org/Settings_API
      • http://codex.wordpress.org/Creating_Options_Pages# Register_Settings
    • 32. Admin Settings Pages
      • Do you really need a dedicated page?
      • Add options to any built-in settings page
      • add_settings_field( ... )
    • 33. Direct Plugin Files
    • 34. Direct Plugin File Calls
      • Direct HTTP request to plugin file ajax.php:
      • echo ‘<script type=”text/javascript”>
      • jQuery.get(“‘ . plugins_url(‘ajax.php’, __FILE__) . ‘”);
      • // do something with AJAX data
      • </script>’;
    • 35. Direct Plugin File Calls
      • If ajax.php includes anything similar to:
      • require_once(‘../../../wp-load.php’);
      • ur doin it wrong
    • 36. WordPress Requests
      • Permalink URL:
      • http://example.com/2009/01/hello-world
      • becomes:
      • http://example.com/index.php?
      • year=2009&
      • monthnum=01&
      • name=hello-world
    • 37. Custom WP Request
      • Instead of making an AJAX call to:
      • http://example.com/wp-content/plugins/wcsea/ajax.php
      • we want a URL like:
      • http://example.com/index.php?wcsea=ajax-handler
    • 38. Custom WP Requests
      • function wcsea_parse_request($wp) {
      • // only process requests with &quot;wcsea=ajax-handler&quot;
      • if (array_key_exists('wcsea', $wp->query_vars)
      • && $wp->query_vars['wcsea'] == 'ajax-handler') {
      • // process the request.
      • }
      • }
      • add_action('parse_request', 'wcsea_parse_request');
      • function wcsea_query_vars($vars) {
      • $vars[] = 'wcsea';
      • return $vars;
      • }
      • add_filter('query_vars', 'wcsea_query_vars');