WordPress Theme Plugins Development

Best Practices

Tareq HasanSoftware Engineer, Leevio

http://tareq.weDevs.com@tareq_cse

Use WordPress Coding Standards

http://codex.wordpress.org/WordPress_Coding_Standards

Add Scripts/Styles Intelligently ..(1)

WRONG

http://codex.wordpress.org/Function_Reference/wp_enqueue_scripthttp://codex.wordpress.org/Function_Reference/wp_enqueue_style

RIGHT

Add Scripts/Styles Intelligently ..(2)

WRONG

Use escape functions in forms..(1)

RIGHT

Use escape functions in forms..(2)

esc_html()

esc_attr()

Use escape functions in forms..(3)

esc_attr()esc_url()esc_js()

esc_html()

More validation functionshttp://codex.wordpress.org/Data_Validation

Prevent CSRF AttackUse Nonces

http://codex.wordpress.org/WordPress_Nonces

wp_nonce_field()

Prevent CSRF AttackUse Nonces

http://codex.wordpress.org/WordPress_Nonces

wp_nonce_field()wp_nonce_url()

wp_verify_nonce()wp_create_nonce()

check_admin_referer()check_ajax_referer()

Let developers extendyour code without touching your code

http://codex.wordpress.org/Plugin_API

do_action()apply_filters()

Ensure Theme/Plugins generate no errors with

WP_DEBUG enabled

Do not hard code WordPress paths

$plugin_path = get_bloginfo('wpurl')."/wp-content/plugins/wp-codebox";

$plugin_path = plugins_url('', __FILE__);

WRONG

RIGHT

Use database securely..(1)Insert

Good

Bad

http://codex.wordpress.org/Class_Reference/wpdb

Good

Bad

Use database securely..(1)Update

Good

Bad

Use database securely..(1)Prepared Statement

Make your theme child theme awareget_template_directory_uri()

get_stylesheet_directory_uri()

For parent theme

For child theme

Localization is important

load_theme_textdomain()load_plugin_textdomain()

http://codex.wordpress.org/I18n_for_WordPress_Developers

Use the settings API

Store theme and pluginoption settings efficiently

http://codex.wordpress.org/Settings_API

Make your plugin cache aware

http://codex.wordpress.org/Class_Reference/WP_Object_Cache

Thanks

Questions?