WordPress development

1 WordPress resources

WordPress Plugin Handbook https://developer.wordpress.org/plugins/intro/

git clone https://github.com/PacktPublishing/WordPress-Plugin-Development-Cookbook-Second-Edition

WP_DEBUG_LOG WP_DEBUG_LOG is a companion to WP_DEBUG that causes all errors to also be saved to a debug.log log file inside the wp-content directory. This is useful if you want to review all notices later or need to view notices generated off-screen (e.g. during an AJAX request or wp-cron run).

Note that this allows you to write to /wp-content/debug.log using PHP's built in error_log() function, which can be useful for instance when debugging AJAX events.

2 Custom Posts Types

https://codex.wordpress.org/Post_Types#Custom_Post_Types

https://codex.wordpress.org/Function_Reference/register_post_type

https://codex.wordpress.org/Post_Types

https://developer.wordpress.org/themes/template-files-section/page-template-files/

As of WordPress 4.7 page templates support all post types. For more details how to set a page template to specific post types see example below.

https://developer.wordpress.org/themes/basics/organizing-theme-files/

As discussed in Organizing Theme Files, WordPress recognizes the subfolder page-templates. Therefore, it’s a good idea to store your global page templates in this folder to help keep them organized.

3 WP Themes

https://developer.wordpress.org/themes/getting-started/

https://developer.wordpress.org/themes/getting-started/setting-up-a-development-environment/ https://developer.wordpress.org/themes/basics/post-types/

https://developer.wordpress.org/themes/basics/the-loop/#multiple-loops

https://developer.wordpress.org/themes/advanced-topics/child-themes/

Other than the functions.php file (as noted above), any file you add to your child theme will overwrite the same file in the parent theme.

https://developer.wordpress.org/themes/basics/template-files/

https://developer.wordpress.org/themes/basics/post-types/

As the whole purpose of a Template file is to display content a certain way, the Post Types purpose is to categorize what type of content you are dealing with. Generally speaking, certain Post Types are tied to certain template files.

The template files that display the Post post type are:

single.php and single-post.php
category.php and all its iterations
tag.php and all its iterations
taxonomy.php and all its iterations
archive.php and all its iterations
author.php and all its iterations
date.php and all its iterations
search.php
home.php
index.php

The template files that display the Page post type are:

page.php and all its iterations
$custom.php and all its iterations
front-page.php
search.php
index.php

4 Custom Post Types

Using Custom Post Types, you can create your own post type. It is not recommend that you place this functionality in your theme. This type of functionality should be placed/created in a plugin. This ensures the portability of your user’s content, and that if the theme is changed the content stored in the Custom Post Types won’t disappear.

While you generally won’t develop Custom Post Types in your theme, you may want to code ways to display Custom Post Types that were created by a plugin. The following templates can display Custom post types:

single-{post-type}.php
archive-{post-type}.php
search.php
index.php

https://developer.wordpress.org/themes/template-files-section/custom-post-type-template-files/

WordPress will work through the template hierarchy and use the template file it comes across first. So if you want to create a custom template for your acme_product custom post type, a good place to start is by copying the single.php file, saving it as single-acme_product.php and editing that.

However if you don’t want to create custom template files, WordPress will use the files already present in your theme, which would be archive.php and single.php and index.php files.

https://developer.wordpress.org/themes/basics/template-hierarchy/

WP Plugins - Custom Post Types https://developer.wordpress.org/plugins/post-types/

Registering custom post types https://developer.wordpress.org/plugins/post-types/registering-custom-post-types/

Working with custom post types https://developer.wordpress.org/plugins/post-types/working-with-custom-post-types/

https://developer.wordpress.org/themes/basics/categories-tags-custom-taxonomies/

https://codex.wordpress.org/Function_Reference/register_post_type

https://codex.wordpress.org/Using_Custom_Fields

https://www.smashingmagazine.com/2012/11/complete-guide-custom-post-types/

https://developer.wordpress.org/reference/functions/register_post_type/

5 Other

https://stackoverflow.com/questions/9101503/include-wordpress-core-into-own-scripts

Xdebug from command line

export XDEBUG_CONFIG="idekey=emacs-xdebug"

https://wp-cli.org/ https://wordpress.stackexchange.com/questions/76465/initialize-wordpress-environment-to-use-in-command-line-script https://stackoverflow.com/questions/5306612/using-wpdb-in-standalone-script

https://codex.wordpress.org/Function_Reference/wpdb_Class#Class_Variables

add_comment_meta( $comment_id, $meta_key, $meta_value, $unique );

Examples Add a custom posted value to every new comment

<?php
function add_custom_comment_field( $comment_id ) {

   add_comment_meta( $comment_id, 'my_custom_comment_field', $_POST['my_custom_comment_field'] );
}
add_action( 'comment_post', 'add_custom_comment_field' );
?>

add_comment_meta() is located in wp-includes/comment.php

6 Block Editor

7 Hardening WordPress

7.1 htaccess

##############################
## Hardening
##############################

## Protect login with apache  password
<Files wp-login.php>

order allow,deny

# restrict by IP
allow from 206.189.179.127
allow from 181.47.230.245

AuthType Basic
AuthName "Protected Login"
AuthUserFile /home/vhosts/www.example.com/.htpasswd
Require valid-user
</Files>

8 Autocomplete field

/wp-admin/admin-ajax.php?action=ti_get_{companies&tax}=posts-tag&q=ja&query=ja

9 Debugging Plugins

9.1 Debug Bar

9.2 Theme Sniffer

https://wordpress.org/plugins/theme-sniffer/

9.3 Query Monitor

https://wordpress.org/plugins/query-monitor/

Query Monitor is the developer tools panel for WordPress. It enables debugging of database queries, PHP errors, hooks and actions, block editor blocks, enqueued scripts and stylesheets, HTTP API calls, and more.

It includes some advanced features such as debugging of Ajax calls, REST API calls, and user capability checks. It includes the ability to narrow down much of its output by plugin or theme, allowing you to quickly determine poorly performing plugins, themes, or functions.

https://querymonitor.com/blog/2019/02/clickable-stack-traces-and-function-names-in-query-monitor/

(eww "https://querymonitor.com/blog/2019/02/clickable-stack-traces-and-function-names-in-query-monitor/")

9.4 The Best Tests For WordPress

http://wptest.io/ A fantastically exhaustive set of test data to measure the integrity of your plugins and themes.

9.5 wp-cli

https://make.wordpress.org/cli/handbook/

https://make.wordpress.org/cli/handbook/shell-friends/

./wp-cli.phar  --allow-root --help

./wp-cli.phar  --allow-root --help post-type

./wp-cli.phar  --allow-root --help post


./wp-cli.phar  --allow-root  post-type list
+---------------------+-----------------------+-------------+--------------+--------+---------------------+
| name                | label                 | description | hierarchical | public | capability_type     |
+---------------------+-----------------------+-------------+--------------+--------+---------------------+
| post                | Posts                 |             |              | 1      | post                |
| page                | Pages                 |             | 1            | 1      | page                |
| attachment          | Media                 |             |              | 1      | post                |
| revision            | Revisions             |             |              |        | post                |
| nav_menu_item       | Navigation Menu Items |             |              |        | post                |
| custom_css          | Custom CSS            |             |              |        | post                |
| customize_changeset | Changesets            |             |              |        | customize_changeset |
| oembed_cache        | oEmbed Responses      |             |              |        | post                |
| user_request        | User Requests         |             |              |        | post                |
| wp_block            | Blocks                |             |              |        | block               |
| wpdiscuz_form       | Forms                 |             |              |        | wpdiscuz_form       |
| acf-field-group     | Field Groups          |             | 1            |        | post                |
| acf-field           | Fields                |             | 1            |        | post                |
| us_widget_area      | Sidebars              |             |              |        | post                |
| us_footer           | Footers               |             |              | 1      | us_footer           |
| wpcf7_contact_form  | Contact Forms         |             |              |        | page                |
| ti_assignment       | Assignments           |             |              |        | post                |
| ti_company          | Companies             |             |              |        | post                |
| ti_contributor      | Contributors          |             |              |        | post                |
| ti_country          | Countries             |             |              |        | post                |
| ti_fact_checker     | Fact Checkers         |             |              |        | post                |
| ti_ingredient       | Ingredients           |             |              |        | post                |
| ti_review           | Reviews               |             |              | 1      | post                |
| ti_supplement       | Supplements           |             |              |        | post                |
+---------------------+-----------------------+-------------+--------------+--------+---------------------+


./wp-cli.phar  --allow-root  post get 617

./wp-cli.phar  --allow-root  post list  --post_type=page

./wp-cli.phar  --allow-root  post list  --post_type=ti_review

9.6 WordPress-Coding-Standards

https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards

composer create-project wp-coding-standards/wpcs --no-dev

Running this command will:

Install WordPress standards into wpcs directory.
Install PHP_CodeSniffer.
Register WordPress standards in PHP_CodeSniffer configuration.
Make phpcs command available from wpcs/vendor/bin.

./wpcs/vendor/bin/phpcs  -i

The installed coding standards are PSR1, Squiz, PSR2, PSR12, MySource, PEAR and Zend

phpcs --config-set installed_paths /path/to/wpcs

cat wpcs/vendor/squizlabs/php_codesniffer/CodeSniffer.conf

<?php
 $phpCodeSnifferConfig = array (
  'installed_paths' => '/home/vhosts/example.com/wpcs/',
)
?>


./wpcs/vendor/bin/phpcs -i

The installed coding standards are PSR1, Squiz, PSR2, PSR12, MySource, PEAR, Zend, WordPress, WordPress-Docs, WordPress-Core and WordPress-Extra

./wpcs/vendor/bin/phpcs  --standard=WordPress  wp-load.php

FILE: /home/vhosts/example.com/wp-load.php
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FOUND 8 ERRORS AND 9 WARNINGS AFFECTING 12 LINES
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 24 | WARNING | [ ] error_reporting() found. Changing configuration values at runtime is strongly discouraged.
 24 | WARNING | [ ] error_reporting() can lead to full path disclosure.
 37 | WARNING | [x] "require_once" is a statement not a function; no parentheses are required
 39 | WARNING | [ ] Silencing errors is strongly discouraged. Use proper error checking instead. Found: @file_exists( dirname(...
 39 | WARNING | [ ] Silencing errors is strongly discouraged. Use proper error checking instead. Found: @file_exists( dirname(...
 42 | WARNING | [x] "require_once" is a statement not a function; no parentheses are required
 46 | ERROR   | [ ] Inline comments must end in full-stops, exclamation marks, or question marks
 49 | WARNING | [x] "require_once" is a statement not a function; no parentheses are required
 54 | WARNING | [x] "require_once" is a statement not a function; no parentheses are required
 56 | ERROR   | [ ] Overriding WordPress globals is prohibited. Found assignment to $path
 63 | ERROR   | [ ] Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_URI']. Use isset() or empty() to check the index exists before using it
 63 | ERROR   | [ ] $_SERVER data not unslashed before sanitization. Use wp_unslash() or similar
 63 | ERROR   | [ ] Detected usage of a non-sanitized input variable: $_SERVER['REQUEST_URI']
 69 | WARNING | [x] "require_once" is a statement not a function; no parentheses are required
 74 | ERROR   | [ ] Inline comments must end in full-stops, exclamation marks, or question marks
 92 | ERROR   | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$die'.
 92 | ERROR   | [ ] All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PHPCBF CAN FIX THE 5 MARKED SNIFF VIOLATIONS AUTOMATICALLY
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Time: 190ms; Memory: 10MB

9.7 composer.phar

https://getcomposer.org/download/

php composer.phar