WordPress plugins development

WordPress plugins development
5 (100%) 1 vote

Why we need plugins on wordpress?

The plugins are used to extend default WordPress functionality without touching any core files.

Changing anything in the WordPress core files is a bad idea because you can break the site. In plus when WordPress is updated, any core modifications will be overwritten and lost.

At this moment are over 50k plugins available just in wordpress plugin directory, so if you’ve decided to a make a new wordpress plugin, before developing, do some research and see what’s already available.

All plugins hosted at the WordPress plugin directory are open source, so you are free to reuse the code according to the GPL license.

There also are many paid plugins, like ecommerce plugins, seo, galleries, social networking, forums etc available outside of the wordpress plugin directory, for example at codecanyon wordpress plugins

Also, it’s important to know that plugins from outside WordPress directory may or may not be entirely GPL licensed. So make sure to check the license terms before reusing any code.

How to create a simple wordpress plugin?

1. First create a directory with the plugin name and move it to the wordpress plugin directory.
Good to know, that the plugin name should match the main plugin file and the plugin name should match the main plugin folder.

Also, when choosing the plugin name is good to avoid conflicts with other wordpress exisiting plugins.

Every plugin must include a proper file header

The header need to be at the beginning of the main plugin file and will contains metadata about the plugin, like the plugin name, description, author and so fort.
Also we need to add a copying permission statement to the file headeer.

Plugin Name: WP Example Plugin
Description: Welcome to WordPress plugin development.
Plugin URI:  http://webpedia.net/
Author:      Mihai
Version:     1.0
License:     GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.txt

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version
2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
with this program. If not, visit: https://www.gnu.org/licenses/

Additionally, it should include a copy of the GNU license itself, so navigate to the WordPress plugins directory and add the license file to Your plugin.

Use WordPress APIs to build Your plugin

To build our plugin You should utilize the wordpress API. It is recommended when develop plugins to use the existing wordpress functionality whenever possible. That will keep your plugins code close to core which will make them fast and safe to use.

Before writing your own function check the wp documentation for any existing functions that can be used in your plugin.

Hooks: Actions and Filters

In WordPress, hooks are central to plugin development. We use hooks to interact with the WordPress core, to modify, extend or remove core functionalities.

There are two types of hooks, actions and filters.

Action hooks

In wordpress an Action is a PHP function that is executed at specific points throughout the wp core. Action hooks enable us to run custom code at specific points during the execution of WordPress. For example, we can use action hooks to echo a message or save a file etc

add_action(‘…’, ‘…’);
The first parameter specifies the hook and the second parameter specifies the callback

Filter hooks

Filter hooks enable us to modify data before it is sent to the database or browser. For example, we can use filters to modify post content before sending it to the browser.

add_filter(‘…’, ‘…’);
The first parameter specifies the hook and the second parameter specifies the callback

WordPress provides many filter hooks that help us to modify many aspects of WordPress core functionality. You can see complete list here.

Callback functions

To use either actions or filters, we need a callback function.

First, create a callback function which will be called when the action is run.
Second, add your callback to a hook which will perform the calling of the function.

Add_action hooks a function on to a specific action.

add_action( string $tag, callable $function_to_add, int $priority = 10, int $accepted_args = 1 )

    (string) (Required) The name of the action to which the $function_to_add is hooked.
    (callable) (Required) The name of the function you wish to be called.
    (int) (Optional) Used to specify the order in which the functions associated with a particular action are executed. Lower numbers correspond with earlier execution, and functions with the same priority are executed in the order in which they were added to the action.
    Default value: 10

Action hook Example

The example below will run a function that save the ip address of visitors in a file.
Because this function is registered with the init hook,the address will be written every time when wordpress is executed.

//This function will create a file, named ip.txt in plugin directory in wich will add visitors  IP's
function write_ip_address(){
    //Get the ip address
    $ipaddress = $_SERVER['REMOTE_ADDR'];
	//The file name where to put ip address
        //dirname(__FILE__) will return the directory part of that path.
	$file = dirname(__FILE__).DIRECTORY_SEPARATOR."ip.txt";
	//fopen — Opens file or URL
	//'a' parameter = Open for writing only; place the file pointer at the end of the file. If the file does not exist, attempt to create it. 
 	$open = fopen($file, "a"); 

	//The fputs() function returns the number of bytes written on success. It returns FALSE on failure.

//Hook into an Action
add_action('init', 'write_ip_address');

Filter hook Example

This function get the content variable and append “Hello world” text. The content will be appended to the content of every post.

function add_some_text($content){
	$content .= "<p>Hello world</p>";
	return $content;

//Hook into a Filter;

Hooks that we can use when creating our wp plugins

Register activation hook

register_activation_hook() – Run when the plugin is activated

For example, we can create a table when the plugin is activated.

The first parameter __FILE_ specify the path to the current file and the second parameter is the name of callback function.

function do_stuff_at_activation(){

//First we need to check if the user has permission to activate plugins
if(!current_user_can('activate_plugins')) return;


register_activation_hook(__FILE, 'do_stuff_at_activation');

Register deactivation hook

register_deactivation_hook() – Run when the plugin is deactivated

It’s useful to remove temporary data, clearing rewrite rules and so on.

function do_stuff_at_deactivation(){

//First we need to check if the user has permission to deactivate plugins
if(!current_user_can('activate_plugins')) return;


register_deactivation_hook(__FILE, 'do_stuff_at_deactivation');

Register uninstall hook

register_uninstall_hook() – Run when the plugin is uninstalled

Can be used to remove plugin data from the database when the plugin is deleted. For example, if the plugin adds options to the options table, you can use the uninstall hook to remove the data.

WordPress pluggable functions

What are pluggable functions?

WordPress provides a small set of Core functions that can be replaced by our custom functions. These functions let you override certain core functions via plugins. Check here the Full list of pluggable wp functions.

Pluggable Functions are located in wp-includes directory, in a file named pluggable.php.

WordPress plugins security

WordPress provides many techniques to help building secure plugins. A complete list of functions and wordpress security techniques can be found here, at WordPress plugin security.

When it comes to website security one of the most important aspects is Data validation

Examples of data validation:

  • Check that required fields have not been left blank
  • Check that an entered phone number only contains numbers and punctuation
  • Check that a quantity field is greater than 0

Data validation should be performed as early as possible. That means validating the data before performing any actions.

In WordPress, there are three ways to validate data: built-in PHP functions, core WordPress functions, and custom functions you write.

Examples of built-in PHP functions

  • isset() and empty() for checking whether a variable exists and isn’t blank
  • strlen() for checking that a string has the expected number of characters
  • preg_match() or strpos() for checking for occurrences of certain strings in other strings
  • cont() for checking how many items are in an array

Leave a Reply

Your email address will not be published. Required fields are marked *