1 of 53

Lessons learned releasing my first WordPress plugin

Jamie Bergen

WordCamp Sacramento 2018

2 of 53

Who is Jamie?

Currently in-house dev at:

law.stanford.edu

Previously at:

redearthdesign.com

In a previous life:

Biomedical research scientist

3 of 53

Can you relate to this story?

4 of 53

You want to build a website.

5 of 53

You discover WordPress.

6 of 53

Lots of Googling...

7 of 53

You build your first site!!!

8 of 53

Except there’s one thing it can’t do...

9 of 53

More Googling...

10 of 53

There’s a PLUGIN for that!!!

11 of 53

You continue building sites.

12 of 53

Until one day...

13 of 53

There’s NOT a plugin for that...

14 of 53

You decide to build your own plugin.

15 of 53

8 lessons learned releasing my first WordPress plugin

16 of 53

Scratch your own itch.

LESSON 1

17 of 53

Dude, why did I install this plugin?

18 of 53

Wouldn’t it be nice to have plugin notes?

19 of 53

But first, some research.

20 of 53

Let’s do this!

21 of 53

What to consider when building a plugin

Tools/techniques

Data handling

Security considerations

Additional considerations

User capabilities

Data validation

Data sanitization

Nonces

Data storage

A11y

OOP PHP

Git/SVN

Safe database queries

Custom tables

I18n

Multisite

xdebug/

PHPCS

Actions and Filters

API

Operating system

jQuery/Ajax

22 of 53

I’m not sure if I can do this.

23 of 53

If it’s worth doing,

it’s worth doing badly.

LESSON 2

Hallway Chats, Episode 8

24 of 53

Let’s take this one step at a time.

25 of 53

Step 1: Adding a new column to the Plugins table

• Knew of another plugin that did something similar

• Discovered that they were using these hooks:

  • manage_plugins_custom_column
  • manage_plugins_columns

• Found documentation on how to use the hooks

26 of 53

If you’re not uncomfortable,

you’re not learning.

LESSON 3

27 of 53

Some of my favorite resources

• WordPress Plugin Handbook

• Pippin’s Plugins blog

• Delicious Brains blog

• Other plugins

• Google, Stack Overflow, etc.

• Reach out on Slack, etc.

knowthecode.io

wpsessions.com

28 of 53

Data handling

Additional considerations

Security considerations

Tools/techniques

How I built it: WP Plugin Boilerplate for OOP PHP

Data storage

A11y

Safe database queries

Custom tables

I18n

Multisite

API

Operating system

User capabilities

Data validation

Data sanitization

Nonces

Git/SVN

xdebug/

PHPCS

Actions and Filters

jQuery/Ajax

OOP PHP

29 of 53

Data handling

Additional considerations

Security considerations

Tools/techniques

How I built it: UI uses jQuery and Ajax

Git/SVN

OOP PHP

Data storage

A11y

Safe database queries

GDPR

Custom tables

I18n

Multisite

API

Operating system

User capabilities

Data validation

Data sanitization

Nonces

xdebug/

PHPCS

Actions and Filters

jQuery/Ajax

developer.wordpress.org/plugins/javascript/ajax/

30 of 53

Data handling

Additional considerations

Security considerations

Tools/techniques

How I built it: Security

Git/SVN

OOP PHP

Data storage

A11y

Safe database queries

Custom tables

I18n

Multisite

API

Operating system

xdebug/

PHPCS

Actions and Filters

jQuery/Ajax

User capabilities

Data validation

Data sanitization

Nonces

• if ( current_user_can( 'activate_plugins' ) ) { … }

• wp_kses() to filter notes (strip evil scripts)

• wp_create_nonce() and check_ajax_referer()

31 of 53

Data handling

Additional considerations

Security considerations

Tools/techniques

How I built it: Data handling

Git/SVN

OOP PHP

A11y

I18n

Multisite

API

Operating system

User capabilities

Data validation

Data sanitization

Nonces

xdebug/

PHPCS

Actions and Filters

jQuery/Ajax

Data storage

Safe database queries

Custom tables

• Stored plugin notes in a custom table

• Used WP’s built-in helper functions for safe database queries.

32 of 53

Data handling

Additional considerations

Security considerations

Tools/techniques

How I built it: Internationalization

Git/SVN

OOP PHP

Data storage

A11y

Safe database queries

Custom tables

Multisite

API

Operating system

User capabilities

Data validation

Data sanitization

Nonces

xdebug/

PHPCS

Actions and Filters

jQuery/Ajax

I18n

• __(), _e()

• esc_html__(), esc_html_e()

• Poedit to create the translation file

33 of 53

Data handling

Additional considerations

Security considerations

Tools/techniques

How I built it: Multisite

Git/SVN

OOP PHP

Data storage

A11y

Safe database queries

Custom tables

API

Operating system

User capabilities

Data validation

Data sanitization

Nonces

xdebug/

PHPCS

Actions and Filters

jQuery/Ajax

I18n

• Each site maintains its own plugin notes.

• Additional hooks required to display notes on super admin plugins page:

manage_plugins-network_columns

manage_plugins-network_custom_column

Multisite

34 of 53

It’s working!

35 of 53

Test, test, and test some more.

LESSON 4

36 of 53

How should I test my plugin?

The basics:

• Does the thing(s) you want it to do

• Doesn’t do the things you don’t want it to do

* Consider bribery.

And also:

• Different user roles (author, subscriber, etc.)

• Different browsers

• Different operating systems (esp. Windows)

• Multisite, Translations, Accessibility

• Ask others to test – encourage them to look for edge cases*

37 of 53

Time to release it to the world!

38 of 53

What is the process for submitting a plugin to the repo?

Review process:

• Upload your plugin as a zip file: wordpress.org/plugins/developers/add/

• Unique slug will be derived from plugin name

Once approved:

• Refer to links provided in the email about using Subversion, readme.txt, and plugin assets.

NOTE: Plugin reviewers check for common errors and guideline adherence.

39 of 53

Plugin Notes Plus

wordpress.org/plugins/plugin-notes-plus/

40 of 53

Wow! People are actually using my plugin!

41 of 53

Time passes.

You are getting more users!

Maybe even some positive reviews!

42 of 53

Bugs will surface at the worst possible times. Remain calm.

It’s going to be okay.

LESSON 5

43 of 53

A funny story

44 of 53

Support request vs. birthday cupcakes?

45 of 53

Cupcakes first!

1

2

46 of 53

What went wrong?

The solution:

wp_normalize_path()

47 of 53

You’re going to make mistakes.

Treat them as learning opportunities.

LESSON 6

48 of 53

You’re not going to be able to please everyone.

LESSON 7

49 of 53

Reflections

• Wasn’t easy, but was worth it

• Single most effective activity to help me grow as a developer

• Gratifying to give back to the community

• Validating for a new developer - good for imposter syndrome

50 of 53

Prerequisites for building a plugin:

LESSON 8

  1. An idea for a plugin
  2. The desire to learn to build a plugin
  3. The time to do it well

51 of 53

Just Build Plugins.

@shoptalkshow

52 of 53

Where to find me

53 of 53

Want to join the Stanford Law School Web Team?

We’re hiring a UX Designer and Content Manager.

law.stanford.edu/ux-designer