WordPress Theme & Plugin development best practices - phpXperts seminar 2011
-
Upload
tareq-hasan -
Category
Technology
-
view
107 -
download
0
description
Transcript of WordPress Theme & Plugin development best practices - phpXperts seminar 2011
WordPress Theme Plugins Development
Best Practices
Tareq HasanSoftware Engineer, Leevio
http://tareq.weDevs.com@tareq_cse
Use WordPress Coding Standards
http://codex.wordpress.org/WordPress_Coding_Standards
Add Scripts/Styles Intelligently ..(1)
WRONG
http://codex.wordpress.org/Function_Reference/wp_enqueue_scripthttp://codex.wordpress.org/Function_Reference/wp_enqueue_style
RIGHT
Add Scripts/Styles Intelligently ..(2)
WRONG
Use escape functions in forms..(1)
RIGHT
Use escape functions in forms..(2)
esc_html()
esc_attr()
Use escape functions in forms..(3)
esc_attr()esc_url()esc_js()
esc_html()
More validation functionshttp://codex.wordpress.org/Data_Validation
Prevent CSRF AttackUse Nonces
http://codex.wordpress.org/WordPress_Nonces
wp_nonce_field()
Prevent CSRF AttackUse Nonces
http://codex.wordpress.org/WordPress_Nonces
wp_nonce_field()wp_nonce_url()
wp_verify_nonce()wp_create_nonce()
check_admin_referer()check_ajax_referer()
Let developers extendyour code without touching your code
http://codex.wordpress.org/Plugin_API
do_action()apply_filters()
Ensure Theme/Plugins generate no errors with
WP_DEBUG enabled
Do not hard code WordPress paths
$plugin_path = get_bloginfo('wpurl')."/wp-content/plugins/wp-codebox";
$plugin_path = plugins_url('', __FILE__);
WRONG
RIGHT
Use database securely..(1)Insert
Good
Bad
http://codex.wordpress.org/Class_Reference/wpdb
Good
Bad
Use database securely..(1)Update
Good
Bad
Use database securely..(1)Prepared Statement
Make your theme child theme awareget_template_directory_uri()
get_stylesheet_directory_uri()
For parent theme
For child theme
Localization is important
load_theme_textdomain()load_plugin_textdomain()
http://codex.wordpress.org/I18n_for_WordPress_Developers
Use the settings API
Store theme and pluginoption settings efficiently
http://codex.wordpress.org/Settings_API
Make your plugin cache aware
http://codex.wordpress.org/Class_Reference/WP_Object_Cache
Thanks
Questions?