anatomy of a wordpress plugin
DESCRIPTION
Slide-deck of my talk on WordPress plugin development at Barcamp Delhi 9 - April 2013TRANSCRIPT
Anatomy of a WordPress plugin
The Whats, Hows & Why nots
by:
Amit Guptahttp://amitgupta.in/@amitgupta
Amit Gupta@amitgupta
http://igeek.info/
https://github.com/coolamit
http://amitgupta.in/
WordPress is a Content Management System, aka, a CMS.
It is a flexible and extendable publishing platform which allows you get a website up and about easily.
It takes 5 minutes (or less) to installhttp://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install
It has a vast API to make it do what you want (even if it doesn’t want to)
You control the content, it doesn’t control you
WordPress has a very well documented plugin API - http://codex.wordpress.org/Plugin_API
Hooks – entry points that lead inside WordPress & make it do what you want
Actions – Waypoints that are executed at specific times or events Filters – Hooks that allow you to manipulate data
Plugin Initialization
register_activation_hook( __FILE__, function(){//dance away to glory, WordPress calls moi
} );
?Limits the playing field for the plugin:
No bundling with themes No use on a controlled platform like WordPress.com VIP, WP-Engine etc.
ACTDon’t react!
Detect the first run of the plugin and initialize
Handle new installation & upgrade routines when plugin is loaded
Use ‘init’ hook if your plugin doesn’t need to initialize earlier
Credits:Clipart image sourced from FreeDigitalPhotos.net
In WordPress Admin
Create settings page(s) for your plugin Hook into the navigation menu & add your navigation items
You can :
Don't create a high level menu if not absolutely necessary.
Create a submenu in Settings or where appropriate
In WordPress Admin Use Settings API as much as possible. It'll keep your UI & UX consistent with WordPress. http://codex.wordpress.org/Settings_API
But if your UI is complex, don't hesitate to think outside the box.
Data Never trust user input, even of a logged in user or administrator.
Always validate and sanitize data. http://codex.wordpress.org/Data_Validation
When sending data to browser, esc_*() functions are your best friends, use themeg. esc_url(), esc_attr()
Security Avoid using SQL directly in WordPress, use the API & vast trove of functions instead
If you must then use wpdb::prepare() to construct your SQL http://codex.wordpress.org/Class_Reference/wpdb
Use nonces to avoid CSRF – http://codex.wordpress.org/WordPress_Nonces
Performance Avoid running SQL directly on database
Use WordPress API for data fetching, WordPress might have it already cached
If you generate data, then cache it
Caches with variable life are slightly complex but give best performance
End of the day, its just PHP code, so optimize it for performance
Resources http://codex.wordpress.org/
http://codex.wordpress.org/Plugin_API
http://codex.wordpress.org/Writing_a_Plugin
http://codex.wordpress.org/Settings_API
http://codex.wordpress.org/Data_Validation
http://codex.wordpress.org/Class_Reference/wpdb
http://codex.wordpress.org/WordPress_Nonces
Questions
Credits:Clipart image sourced from FreeDigitalPhotos.net