The document outlines best practices for WordPress theme and plugin development, including adherence to coding standards and proper script/style management. It emphasizes the importance of security measures like escaping functions and using nonces to prevent CSRF attacks, as well as ensuring compatibility and no errors when debugging. Additionally, it suggests making themes and plugins localization-ready, cache-aware, and efficiently managing settings through the settings API.

1. WordPress Theme
Plugins Development
Best Practices
http://tareq.weDevs.com Tareq Hasan
@tareq_cse
Software Engineer, Leevio

2. Use WordPress Coding
Standards
http://codex.wordpress.org/WordPress_Coding_Standards

3. Add Scripts/Styles
Intelligently ..(1)
WRONG
http://codex.wordpress.org/Function_Reference/wp_enqueue_script
http://codex.wordpress.org/Function_Reference/wp_enqueue_style

4. Add Scripts/Styles
Intelligently ..(2)
RIGHT

5. Use escape functions in
forms..(1)
WRONG

6. Use escape functions in
forms..(2)
esc_attr()
esc_html()
RIGHT

7. Use escape functions in
forms..(3)
esc_attr()
esc_url()
esc_js()
esc_html()
More validation functions
http://codex.wordpress.org/Data_Validation

8. Prevent CSRF Attack
Use Nonces
wp_nonce_field()
http://codex.wordpress.org/WordPress_Nonces

9. Prevent CSRF Attack
Use Nonces
wp_nonce_field()
wp_nonce_url()
wp_verify_nonce()
wp_create_nonce()
check_admin_referer()
check_ajax_referer()
http://codex.wordpress.org/WordPress_Nonces

10. Let developers extend
your code without
touching your code
do_action()
apply_filters()
http://codex.wordpress.org/Plugin_API

11. Ensure Theme/Plugins
generate no errors with
WP_DEBUG enabled

12. Do not hard code
WordPress paths
$plugin_path = get_bloginfo('wpurl')."/wp-content/plugins/wp-
codebox";
WRONG
$plugin_path = plugins_url('', __FILE__);
RIGHT

13. Use database securely..(1)
Insert
Bad
Good
http://codex.wordpress.org/Class_Reference/wpdb

14. Use database securely..(1)
Update
Bad
Good

15. Use database securely..(1)
Prepared Statement
Bad
Good

16. Make your theme child
theme aware
get_template_directory_uri()
For parent theme
get_stylesheet_directory_uri()
For child theme

17. Localization is important
load_theme_textdomain()
load_plugin_textdomain()
http://codex.wordpress.org/I18n_for_WordPress_Developers

18. Use the settings API
Store theme and plugin
option settings efficiently
http://codex.wordpress.org/Settings_API

19. Make your plugin
cache aware
http://codex.wordpress.org/Class_Reference/WP_Object_Cache

20. Thanks
Questions?