plugin dev 101.key
TRANSCRIPT
PLUGIN DEV 101CHRIS FLANNAGAN @CHRISFLANNY
WhoIsChris.com WP/MrFlannagan
An introduction to WordPress plugin development
WHOISCHRIS.COM - @CHRISFLANNY
WHO IS CHRIS?Chris Flannagan - PHP Dev & WordPress Engineer
UNCA Graduate - B.A. Interactive Design Syracuse U - M.S. New Media Management
Director of Digital Technology - Quasar Bio-Tech, Inc.https://www.babyquasar.com
http://profiles.WordPress.org/MrFlannagan
Husband & Father (x2 in November :)
WHOISCHRIS.COM - @CHRISFLANNY
PLUGIN DEV 101 SESSIONWhat you should already know to get something out of this session
What you need to develop WordPress Plugins
What plugins are good for and what you should make
Building a plugin
Q & A
WHOISCHRIS.COM - @CHRISFLANNY
WHAT YOU SHOULD KNOW
How Websites Work
- User Request -> Server Stuff (like WordPress Core/php) —> Server Response
WordPress Basics
- You’re here aren’t you? - installing plugins, navigating admin, etc.
HTML & PHP Basics
- <!— <?php echo ‘This is executed but not seen’; ?> //—>
WHOISCHRIS.COM - @CHRISFLANNY
TOOLS NEEDEDA WordPress Install
Notepad or TextEdit
… that’s it, remember building your first website?
USEFUL TOOLSAn IDE such as PHPStorm - WordPress Formatting - git - Code Completion - Code Errors - FTP
Local Environment such as Primary Vagrant - VVV: nginx - Primary: apache
Hi Chris!
WHOISCHRIS.COM - @CHRISFLANNY
PLUGINS ARE POWERFULCommon Uses
e-commerce form buildinguser management/social systems
SO WHAT SHOULD YOU BUILD? WHAT DO YOU NEED?Things I’ve Needed
Raw HTML Form ImporterWP People Pop Block All User Registration & CommentsWP File HidePaint Color DatabaseJackrabbit Scheduler
WHOISCHRIS.COM - @CHRISFLANNY
DON’T REINVENT THE WHEELUnless the wheel is square… why are there so many plugins that do the “same thing?”
FormsGravity FormsCaldera FormsNinja Forms
Moneywoo commerceGIVEshopifyEcwidWP eCommerce
WHOISCHRIS.COM - @CHRISFLANNY
WHAT MAKES A PLUGINfile: wp-content/plugins/righteous-plugin/righteous-plugin.php
<?php /** * Plugin Name: Righteous Plugin */
WHOISCHRIS.COM - @CHRISFLANNY
README.TXT=== Block & Disable All New User Registrations & Comments Completely ===
Contributors: MrFlannagan Plugin URI: http://whoischris/Tags: block, disable, comments, user registration, new users, self register, all comments, all registrationRequires at least: 2.0 Tested up to: 4.5
This simple plugin blocks all users from being able to register no matter what, this also blocks comments from being able to be inserted into the database.
== Description ==
Whether your site has been compromised or hackers have just found a new method of hitting core functions to add users, the problem is consistent and regular. If you would like to make it nearly impossible for a new comment or user to register then this plugin will help you.
WHOISCHRIS.COM - @CHRISFLANNY
HOOKING IN - HAVE YOU EVER COPIED CODE TO FUNCTIONS.PHP?
// Hide existing comments
function disable_comments_hide_existing_comments( $comments ) { $comments = array(); return $comments;}
add_filter( 'comments_array', 'disable_comments_hide_existing_comments', 10, 1 );
Hooks allow you to attach your code into specific areas of the WordPress code
Actions: Run your own function during specific points of WordPress core execution
Filters: (Typically) Filter data between browser and database using your own function
WHOISCHRIS.COM - @CHRISFLANNY
CLASS BASED OR NOTClasses are advanced - I’m still learning
Classes are not required
Classes are awesome and I highlyencourage you to take the time tolearn and use them. The best wayto learn, in my experience, is to justdive right in.
Carl Alexander’s Free Coursehttps://carlalexander.ca/discover-object-oriented-programming/
STAPLER OBJECT
Properties - color: black - state: loaded - size: 6”Methods - staple() - open_load_tray() - load_staples() - close_load_tray()
WHOISCHRIS.COM - @CHRISFLANNY
NO CLASS, ONE PHP FILE, MOST POPULAR//block any chance of user registering, still allow admins though function prevent_any_registration( $user_login, $user_email, $errors ) { if ( ! current_user_can( 'manage_options' ) ) { $errors->add('no_registration_allowed', '<strong>ERROR</strong>: Registration is disabled for this website.'); } } add_action( 'register_post', 'prevent_any_registration', 10, 3 );
//when a comment is added if through some back door this will immediately delete it function remove_any_new_comments( $comment_ID, $comment_approved ) { global $wpdb; $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_ID = %d", $comment_ID ) ); $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->commentmeta WHERE comment_id = %d", $comment_ID ) ); } add_action( 'comment_post', 'remove_any_new_comments', 10, 2 ); // Disable support for comments and trackbacks in post types function df_disable_comments_post_types_support() { $post_types = get_post_types(); foreach ($post_types as $post_type) { if(post_type_supports($post_type, 'comments')) { remove_post_type_support($post_type, 'comments'); remove_post_type_support($post_type, 'trackbacks'); } } } add_action( 'admin_init', 'df_disable_comments_post_types_support' ); add_action('admin_init', 'df_disable_comments_dashboard');
// Remove comments links from admin bar function df_disable_comments_admin_bar() { if ( is_admin_bar_showing() ) { remove_action( 'admin_bar_menu', 'wp_admin_bar_comments_menu', 60 ); } } add_action( 'init', 'df_disable_comments_admin_bar' );
// Close comments on the front-end function df_disable_comments_status() { return false; } add_filter( 'comments_open', 'df_disable_comments_status', 20, 2 ); add_filter( 'pings_open', 'df_disable_comments_status', 20, 2 );
// Hide existing comments function df_disable_comments_hide_existing_comments( $comments ) { $comments = array(); return $comments; } add_filter( 'comments_array', 'df_disable_comments_hide_existing_comments', 10, 2 );
// Remove comments page in menu function df_disable_comments_admin_menu() { remove_menu_page( 'edit-comments.php' ); } add_action( 'admin_menu', 'df_disable_comments_admin_menu' );
// Redirect any user trying to access comments page function df_disable_comments_admin_menu_redirect() { global $pagenow; if ( $pagenow === 'edit-comments.php' ) { wp_redirect(admin_url()); exit; } } add_action( 'admin_init', 'df_disable_comments_admin_menu_redirect' );
// Remove comments metabox from dashboard function df_disable_comments_dashboard() { remove_meta_box( 'dashboard_recent_comments', 'dashboard', 'normal' ); }
WHOISCHRIS.COM - @CHRISFLANNY
SIDE NOTE: BRAND IT, OWN IT, DO IT RIGHT
Details are important
Icons
WordPress Coding Standards - It Matters!
README Details
Keep it updated! (better listings, less support)
WHOISCHRIS.COM - @CHRISFLANNY
ESCAPE, ESCAPE, ESCAPE
It’s very VERY easy to create a plugin that will allow malicious code.
USE WORDPRESS HELPER FUNCTIONShttps://codex.wordpress.org/Data_Validation#Output_Sanitation
WHOISCHRIS.COM - @CHRISFLANNY
LINKSPHPStorm: https://www.jetbrains.com/phpstorm/download/
WP Coding Standards: https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/
Securing data helper functions
Sanitizing: https://codex.wordpress.org/Data_Validation#Input_ValidationEscaping: https://codex.wordpress.org/Data_Validation#Output_Sanitation
Object Oriented Programming Free Coursehttps://carlalexander.ca/discover-object-oriented-programming/
LIVE DEMO
I’m going to regret this …