WordPress Coding Standards

Coding standards are extremely important to me and how I do my work. I believe that writing code with a high level of readability is sometimes better than writing the fewest lines of code. Having a consistent ruleset for indentation, tabbing, spacing and commenting is fundamental to creating quality software that is maintainable and extensible with larger development teams. Continue reading “WordPress Coding Standards”

Create Local Version Control in your WordPress Plugin

We think its best to start this post of with an example. Lets say you develop and publish version 1 of a plugin, and within this first version you create a custom table in the WordPress database. Your plugin becomes successful and you release version 2 with changes to the table schema. Finally you release version 3 with more changes to the table schema and add a new table that relates to the first table.

What is the Problem and How can we solve it?

If you don’t have local version control, then you cant know what version of your plugin the client currently has installed on their site. This is a problem because you have to make different changes in your plugin depending on which version the client currently has and which one they are updating to.  Look at the follow table schemas below for each hypothetical version of your plugin. Continue reading “Create Local Version Control in your WordPress Plugin”

Make Sure Your Plugin Protects Against SQL Injections with $wpdb->prepare()

What are SQL Injection attacks?

SQL injection attacks are things that every web developer should know about and should learn how to prevent.  Simply, a SQL injection attack is when a user inputs executable SQL code into an entry field that queries the database.  For example: instead of the user entering their username, they enter some executable SQL code that is most likely malicious.  Below is a generic example from Wikipedia:

What a normal user will enter:

"SELECT * FROM users WHERE name =‘username’;"

What is entered in an SQL injection attack:

"SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't’;”

So, as you can see, the second statement will drop the “users” table and then will display all the data in the “userinfo” table.  This is not good! Continue reading “Make Sure Your Plugin Protects Against SQL Injections with $wpdb->prepare()”

Always use Object-Oriented Programming in WordPress Plugins

As most of you know, WordPress is open-source and free to the public to use and build upon. This is great because its a platform that will constantly be updated by people that truly care about it, and it is also extremely easy to obtain and use as a website platform. Although having an open-source platform is great in many ways, it also means that anyone can publish free plugins that conflict with WordPress features. So how do we, the developers, create plugins that have the least probability of conflicting with WordPress? One simple and very effective way is to use Object-Oriented programming.

What is Object-Oriented Programming?

It is a programming style that aims at creating modular and reusable objects that interact with each other. This is basically just a logical programming technique that incorporates best practices of coding.

What’s the difference between Object-Oriented and Procedural code?

Procedural programming refers to the step by step way this programming style executes code. This is most commonly found in small easy plugins that only rely on functions to modularize the plugin. This means that all code is usually written into functions that call upon each other based off of events or triggers. On the other hand, Object-Oriented programming refers to structured objects that are instantiated and then used to perform tasks. This is very useful because code is now modular and easy to build upon and use.

Why you should always use Object-Oriented Programming in WordPress?

By using an Object-Oriented Programming style, you are insuring that all your functions will never conflict with WordPress or other plugins. Also, using this programming style makes your plugin modular and very easy to upgrade or reuse elsewhere. Finally, it makes your code look very neat and it is easily readable by other developers.

Overall, Object-Oriented Programming refers to structured objects that are instantiated and then used to perform tasks. It is the only type of programming style you should use while developing WordPress plugins since it makes your plugin modular, easy to read, and non-conflicting with other plugins.

Great File Structure for your WordPress Plugin

After you get your developing environment setup and you are ready to start coding, consider what type of file structure you should use for your plugin.  This could be a difficult task so I have decided to share with you my preferred file structure.


Continue reading “Great File Structure for your WordPress Plugin”

Start Debugging WordPress Plugins Today!

The very first thing you should do as a WordPress plugin developer is make sure your developing site has debug mode turned on.  This may seem like an obvious task but some developers forget to enable it.

When I first starting creating simple WordPress plugins, I actually didn’t have debug mode turned on.  This made it very difficult for me to determine if what I was doing was right or wrong.  After I turned debug mode on, it was like opening my eyes for the first time.  I saw all of my plugin’s errors as well as a bunch of errors from other plugins.  This made me think, how many developers out there actually have debug mode enabled and debug their code?  Granted, most of the errors from other plugins, were “PHP Notice” errors, which is basically saying that the code will run but there is still something wrong.  Most of the time these errors can be fixed very easily.  For example, if you have code like this:

if ($array["key"] == "value") {
    // do something

and $array does not have an index called “key”, then you will get an “Undefined Index” notice.  This can be fixed by making sure $array[“key”] is defined before trying to compare it to “value”. Continue reading “Start Debugging WordPress Plugins Today!”