Lessons learned releasing my first WordPress plugin
Jamie Bergen
WordCamp Sacramento 2018
Who is Jamie?
Currently in-house dev at:
Previously at:
In a previous life:
Biomedical research scientist
Can you relate to this story?
You want to build a website.
You discover WordPress.
Lots of Googling...
You build your first site!!!
Except there’s one thing it can’t do...
More Googling...
There’s a PLUGIN for that!!!
You continue building sites.
Until one day...
There’s NOT a plugin for that...
You decide to build your own plugin.
8 lessons learned releasing my first WordPress plugin
Scratch your own itch.
LESSON 1
Dude, why did I install this plugin?
Wouldn’t it be nice to have plugin notes?
But first, some research.
Let’s do this!
What to consider when building a plugin
Tools/techniques
Data handling
Security considerations
Additional considerations
User capabilities
Data validation
Data sanitization
Nonces
Data storage
A11y
OOP PHP
Git/SVN
Safe database queries
Custom tables
I18n
Multisite
xdebug/
PHPCS
Actions and Filters
API
Operating system
jQuery/Ajax
I’m not sure if I can do this.
If it’s worth doing,
it’s worth doing badly.
LESSON 2
Hallway Chats, Episode 8
Let’s take this one step at a time.
Step 1: Adding a new column to the Plugins table
• Knew of another plugin that did something similar
• Discovered that they were using these hooks:
• Found documentation on how to use the hooks
If you’re not uncomfortable,
you’re not learning.
LESSON 3
Some of my favorite resources
• WordPress Plugin Handbook
• Pippin’s Plugins blog
• Delicious Brains blog
• Other plugins
• Google, Stack Overflow, etc.
• Reach out on Slack, etc.
knowthecode.io
wpsessions.com
Data handling
Additional considerations
Security considerations
Tools/techniques
How I built it: WP Plugin Boilerplate for OOP PHP
Data storage
A11y
Safe database queries
Custom tables
I18n
Multisite
API
Operating system
User capabilities
Data validation
Data sanitization
Nonces
Git/SVN
xdebug/
PHPCS
Actions and Filters
jQuery/Ajax
OOP PHP
Data handling
Additional considerations
Security considerations
Tools/techniques
How I built it: UI uses jQuery and Ajax
Git/SVN
OOP PHP
Data storage
A11y
Safe database queries
GDPR
Custom tables
I18n
Multisite
API
Operating system
User capabilities
Data validation
Data sanitization
Nonces
xdebug/
PHPCS
Actions and Filters
jQuery/Ajax
developer.wordpress.org/plugins/javascript/ajax/
Data handling
Additional considerations
Security considerations
Tools/techniques
How I built it: Security
Git/SVN
OOP PHP
Data storage
A11y
Safe database queries
Custom tables
I18n
Multisite
API
Operating system
xdebug/
PHPCS
Actions and Filters
jQuery/Ajax
User capabilities
Data validation
Data sanitization
Nonces
• if ( current_user_can( 'activate_plugins' ) ) { … }
• wp_kses() to filter notes (strip evil scripts)
• wp_create_nonce() and check_ajax_referer()
Data handling
Additional considerations
Security considerations
Tools/techniques
How I built it: Data handling
Git/SVN
OOP PHP
A11y
I18n
Multisite
API
Operating system
User capabilities
Data validation
Data sanitization
Nonces
xdebug/
PHPCS
Actions and Filters
jQuery/Ajax
Data storage
Safe database queries
Custom tables
• Stored plugin notes in a custom table
• Used WP’s built-in helper functions for safe database queries.
Data handling
Additional considerations
Security considerations
Tools/techniques
How I built it: Internationalization
Git/SVN
OOP PHP
Data storage
A11y
Safe database queries
Custom tables
Multisite
API
Operating system
User capabilities
Data validation
Data sanitization
Nonces
xdebug/
PHPCS
Actions and Filters
jQuery/Ajax
I18n
• __(), _e()
• esc_html__(), esc_html_e()
• Poedit to create the translation file
Data handling
Additional considerations
Security considerations
Tools/techniques
How I built it: Multisite
Git/SVN
OOP PHP
Data storage
A11y
Safe database queries
Custom tables
API
Operating system
User capabilities
Data validation
Data sanitization
Nonces
xdebug/
PHPCS
Actions and Filters
jQuery/Ajax
I18n
• Each site maintains its own plugin notes.
• Additional hooks required to display notes on super admin plugins page:
manage_plugins-network_columns
manage_plugins-network_custom_column
Multisite
It’s working!
Test, test, and test some more.
LESSON 4
How should I test my plugin?
The basics:
• Does the thing(s) you want it to do
• Doesn’t do the things you don’t want it to do
* Consider bribery.
And also:
• Different user roles (author, subscriber, etc.)
• Different browsers
• Different operating systems (esp. Windows)
• Multisite, Translations, Accessibility
• Ask others to test – encourage them to look for edge cases*
Time to release it to the world!
What is the process for submitting a plugin to the repo?
Review process:
• Upload your plugin as a zip file: wordpress.org/plugins/developers/add/
• Unique slug will be derived from plugin name
Once approved:
• Refer to links provided in the email about using Subversion, readme.txt, and plugin assets.
NOTE: Plugin reviewers check for common errors and guideline adherence.
Plugin Notes Plus
wordpress.org/plugins/plugin-notes-plus/
Wow! People are actually using my plugin!
Time passes.
You are getting more users!
Maybe even some positive reviews!
Bugs will surface at the worst possible times. Remain calm.
It’s going to be okay.
LESSON 5
A funny story
Support request vs. birthday cupcakes?
Cupcakes first!
1
2
What went wrong?
The solution:
wp_normalize_path()
You’re going to make mistakes.
Treat them as learning opportunities.
LESSON 6
You’re not going to be able to please everyone.
LESSON 7
Reflections
• Wasn’t easy, but was worth it
• Single most effective activity to help me grow as a developer
• Gratifying to give back to the community
• Validating for a new developer - good for imposter syndrome
Prerequisites for building a plugin:
LESSON 8
Just Build Plugins.
@shoptalkshow
Where to find me
Want to join the Stanford Law School Web Team?
We’re hiring a UX Designer and Content Manager.
law.stanford.edu/ux-designer