Wordpress Plugin Development Tips

Chittaranjan PattnaikMindfire Solutions

Agenda Files/Folder Structure Naming Conventions/ Coding Practices Improving Form Database Interaction Loading CSS, JavaScript, Image Files Making Proper Ajax Calls Miscellaneous Conclusion References

Files/Folder Structure

Always use – (hyphen) as a separator for file and folder names.

Files should be named descriptively using lowercase letters.

Have dedicated folders for files like configuration, javascript, css, images etc.

Ex:mfs-mailbox

mfs-mailbox/scripts/mfs-mailbox.js

Naming Conventions/ Coding Practices• Follow wordpress coding standards and use proper

comments. • Have consistent coding and use proper file and

function headers.Ex:

Plugin Name: MFS Mailbox

Description: This plugin plugin will allow registered users to send mail(s)

to other registered users.

Version: 1.1

Author: Mindfire Solutions

Author URI: http://www.mindfiresolutions.com/

Contd…

Naming Conventions/ Coding Practices• Always use your plugin name as a prefix to all the

functions, variables you define. Adopting OOPS concept will better serve this purpose. Ex:

function mfs_mailbox_send_mail( $mail_data ) {

}

class Mfs_Mailbox {

function send_mail ( $mail_data ) {

}

}Contd…

Naming Conventions/ Coding Practices

• Dependency: If your plugin depends on any other plugin(s), then always check for existence of such plugin(s). Ex:Let’s say the parent plugin has a class, then first check for existence of the class. If it DOES NOT exist, then show some message.

if (!class_exists(' Wordpress_Mail ')) {

echo __('Wordpress mail plugin must be installed before using this plugin ', 'mfs-mailbox');

exit;

}Contd…

Naming Conventions/ Coding Practices

• Separate Plugin Admin Code: If you want to have any code/functionality meant only for admin end, then you can check for admin section by using is_admin and have the respective code inside that block.Ex:if ( is_admin() ) {

// Add the functionality for the admin end

} else {

// Add the functionality for the frontend

}

Naming Conventions/ Coding Practices

• DO NOT make unnecessary repetitive function calls. Ex:

Let’s say you have to repeatedly cross check whether a user is logged in or not. Wordpress has a function is_user_logged_in to verify this. Instead of calling this function again and again, you can store this function return value in a variable and compare that variable instead.

• DO NOT use end php tag.

Improving Form

• Permalink: Use proper action attribute, DO NOT hardcode with specific type page url. Use get_permalink method to collect the proper url irrespective of permalink settings.Ex:

site_url/?page_id=10

site_url/process-mail

Preferred Approach

get_permalink(10);

Improving Form

• Nonce: Always use nonce for security purpose and validate with this nonce first before processing the form data.Ex:

wp_nonce_field('mfsbox', 'mfs_mailbox_nonce');

if (!wp_verify_nonce($_POST['mfs_mailbox_nonce'], 'mfsbox')) {

// Invalid access

} else {

// Process form data

}

Database Interaction• Database version: Record database version for each

version of the plugin you have. You can cross check with this version in case you need to make any modifications to the related tables in the plugin’s updated version.Ex:$mfs_mailbox_db_version = '1.1';

if (get_option('mfs_mailbox_db_version') != $mfs_mailbox_db_version) {

// Update tables

}

update_option('mfs_mailbox_db_version', $mfs_mailbox_db_version);

Database Interaction

• Table Prefix: Always use table prefix for interacting with wordpress tables. Ex:Let’s say your plugin uses a table called wp_mfs_mailbox where wp_ is the table prefix for your wordpress installation. It’s always good to refer to this table as {$wpdb->prefix}mfs_mailbox.

"SELECT * FROM {$wpdb->prefix}mfs_mailbox";

Database Interaction

• Proper data: Use prepared statements for database operations. You should also sanitize the data to the maximum extent.Ex:$admin_mails = $wpdb->get_results("SELECT * FROM

{$wpdb->prefix}mfs_mailbox WHERE mail_status = 'publish' AND mail_author = 1");

Preferred Approach

$admin_mails = $wpdb->get_results($wpdb->prepare("SELECT * FROM {$wpdb->prefix}mfs_mailbox WHERE mail_status = %s AND mail_author = %d", 'publish', 1));

Loading CSS, JavaScript, Image Files

• First register your javascript files using wp_register_script.

• Use wp_localize_script to declare any javascript variables which you need.

• Use wp_enqueue_script to load your script files.Ex:wp_register_script( 'mfs_mailbox_script', plugins_url( 'scripts/mfs-mailbox.js', __FILE__ ), array('jquery') );

wp_localize_script( 'mfs_mailbox_script', 'mfs_ajax', array('url' => admin_url( 'admin-ajax.php' )));

wp_enqueue_script( 'mfs_mailbox_script' );Contd…

Loading CSS, JavaScript, Image Files

• Prefer using jQuery instead of $.• If you are using any jQuery event function, prefer using

live function for handling such events.Ex: jQuery('.mfs_link').click(function(){

});

Preferred Approach

jQuery('.mfs_link').live('click', function(){

});Contd…

Loading CSS, JavaScript, Image Files

• We have similar functions for loading css files like wp_enqueue_style to load css files. Ex:wp_register_style( 'mfs_mailbox_style', plugins_url('css/mfs-mailbox.css', __FILE__) );

wp_enqueue_style( 'mfs_mailbox_style' );

• Always use plugins_url function to get the correct url for javascript, css, image files. This function is really handy when SSL is enabled.Ex:

echo "<img src='" . plugins_url( 'images/pixel.gif', __FILE__ ) . "' />";

Loading CSS, JavaScript, Image Files

• Prefer loading javascript and css files in footer so that they will load after all javascript and css files get loaded. This is helpful if there is any dependency among the files.Ex:wp_register_script( $handle, $src, $deps, $ver, $in_footer );

wp_register_script( 'mfs_mailbox_script', plugins_url( 'scripts/mfs-mailbox.js', __FILE__ ), array('jquery'), '1.1', true );

Making Proper Ajax Calls

• DO NOT load wp-config or wp-load file for processing your data inside the ajax files.

• DO NOT refer to the url of the file for processing ajax calls.

• Call to admin-ajax file with proper action for carrying out ajax operation. Use admin_url function to find proper url for this.

• Always attach nonce to each ajax call even if you are making calls from admin end.

Making Proper Ajax Calls

Ex:

$nonce = wp_create_nonce('mfs_mailbox_nonce');

Create the url to the admin-ajax file with proper action and nonce.

$ajax_mail_link = admin_url('admin-ajax.php?action=mfs_mailbox_process&task=send_mail&nonce=' . $nonce);

Attach a function which will be called for the above action.

add_action('wp_ajax_mfs_mailbox_process', 'mfs_mailbox_send_mail');

Making Proper Ajax Calls

Ex:if (!wp_verify_nonce( $_REQUEST['nonce'], 'mfs_mailbox_nonce')) {

// Invalid access

} else {

// Valid access, so go ahead with processing the data

}

Miscellaneous

• Make your plugin capable of working in a multisite environment.

• Always use language files so that it can easily be translated to other languages.Ex:

load_plugin_textdomain( 'mfs-mailbox', false, 'mfs-mailbox/lang' );

Here is how you will write to show the message which can be later translated.

echo __( 'Mail sent successfully', 'mfs-mailbox' );

Miscellaneous

• Have a proper readme.txt file having all the details about the plugin specifically when you want to submit this to wordpress plugin repository.

• Always have FAQ section for your plugin so that users will get answers to some basic questions.

• You can also add screenshots to showcase the functionalities those are provided by your plugin.

Conclusion

Your plugin will work even if you do not follow the above points to the full extent. But when we consider ourselves as professional wordpress developers, we should take each and every possible approach to write better plugin code. You should adopt the best practices and take pride in whatever you develop.

References

• http://codex.wordpress.org/Getting_Started_with_WordPress• http://codex.wordpress.org/WordPress_Coding_Standards