WordPress 101
- Guillaume Molter
The golden rule: Do it the WordPress way.
Developers can argue for hours about the best way to do something. If WordPress has a documented opinionated way to do something, you should do it this way, even if you think that it's not ideal, slow or illogical.
A few important basics to understand before you start your first WordPress project.
1. Themes for layout and design, Plugins for logic and content management
You should split the design and layout from the logic and the content management to make it easy for your customer to update their website in the future without rebuilding everything or losing content. For example if your theme uses Custom Post Types, you will register the CPT in a plugin called a utility plugin but the templates and CSS for the CPT will be located in your theme. The same goes for most other WordPress features:
| Feature | Utility Plugin | Theme (functions.php) |
|---|---|---|
| Shortcodes | always | never |
| Custom Post Type | always | never |
| Custom Taxonomy | always | never |
| Custom Post Meta boxes | always | never |
| Customize Admin | always | never |
| Editor style | never | always |
| Customizer settings | depends | depends |
| JavaScript & CSS | depends | depends |
| Register Sidebars | never | always |
| Register Nav Menu | never | always |
| Templates | never | always |
Read more:
2. Understanding "The loop" and "Hooks: Filters and actions"
These 2 concepts are the keystone of any WordPress project. It is critical to understand them completely to create a well performing, secure and maintainable WordPress theme or plugin. The loop is how content is retrieved and displayed in WordPress. Hooks are allowing you to change almost any default behavior in WordPress. In fact you can change the behavior of the loop using hooks.
Read more:
3. Security, Security, Security
Like in any web project you should always: check user capabilities, validate and sanitize input, escape outputs as well as create and validate nonces.
You should also never make assumptions about data/function/parameters always sanitize early and escape late. Always validate data for what it should be not what it's not:
Wrong:
if ( $email )Correct:
if ( is_email( $email ) )Wrong:
if ( false !== $title )orif ( '' !== $title )Correct:
if ( is_string( $title ) && ! empty( $title ) )
Read more:
- https://developer.wordpress.org/plugins/security/
- https://code.tutsplus.com/articles/data-sanitization-and-validation-with-wordpress--wp-25536
- https://www.youtube.com/watch?v=Tmqiz6abxMs&t=38s
4. JavaScript and CSS
A few basic and simple rules:
- Add scripts and styles the WordPress way using wp_enqueue_script / wp_enqueue_style
- You should follow our versioning guidelines lines to avoid caching issues.
- Don't enqueue your own version of jQuery or another library already included in WordPress. Use the one included in WordPress by using the dependency parameter of wp_enqueue_script. Here is a full list of available scripts and libraries.
- Finally, you should use wp_localize_script to pass data from PHP to JavaScript.
Read more:
Related content
Copyright © 2024 The President and Fellows of Harvard College * Accessibility * Support * Request Access * Terms of Use