Recently a friend of mine, who’s also a web developer, called me and asked for advice on starting his first project using WordPress. After a long discussion on the phone I sent him an email summarizing our discussion and he suggested I should post it here. So here we go….
About WordPress
WordPress is an open source CMS, made for the LAMP stack, which powers roughly 25% (the number varies from 5% to 35% depending on who you ask) of the web page of the entire Internet. WordPress development is managed by the WordPress foundation (wordpress.org), however a company called Automattic (which was founded by one of WordPress’ co-creator) is exploiting WordPress commercially (wordpress.com) but is also contributing a lot to the project.
WordPress is not “secure”/”stable”/”logic”/…
In my experience most of these critics are made by people who don’t know WordPress well. WordPress, like any piece of software is not perfect, and like any complex system requires time to fully understand. But it is also actively supported by brilliant people and a vibrant community. Has one of the most detailed documentation for an open-source project I have ever seen and thanks to Automattic has a dedicated security team. Finally WordPress powers a lot of very large websites. In other words, done correctly, WordPress can do virtually anything. And while for each specific use case there might be a better suited CMS or Framework, in my experience you will get a better result ( user experience, security, maintainability, etc..) using a tool that you know very well but might not be the best for the job than working on a hard project while learning a new CMS or Framework.
Don’t get me wrong, there is plenty of things I hate about WordPress, but I still think that its versatility, large community, mind-blowing amount of available resources and services makes it the best current tool to takle almost any web app/service project.
How to start with WordPress?
I won’t write a full tutorial, a quick google search will give you plenty of great existing resources. However I would like to do a quick list of general concepts and WordPress features that are critical for you to understand before you start your first WordPress project.
1. The golden rule A: do it the WordPress way.
Developers can argue for hours about the best way to do something. If WordPress has a documented opinionated way to do something, you should do it this way, even if you think that it’s not ideal, slow or illogical.
2. The golden rule B: never modify core/ a plugin / a theme.
Never, ever, ever modify WordPress Core files or the code of a plugin or theme you’ve downloaded. This is never a good idea as this will inevitably break when you update ( therefor will prevent you to update ). WordPress offers plenty of solutions to fix a bug or alter a behavior you don’t like: create a plugin, create a child theme, use hooks and filters, etc…
3. Themes for layout and design, plugins for logic and content management
You should split the design and layout from the logic and the content management to make it easy for your customer to update their website in the future without rebuilding everything or losing content. For example if your theme uses Custom Post Types, you will register the CPT in a plugin called a utility plugin but the templates and CSS for the CPT will be located in your theme. The same goes for most other WordPress features:
Feature | Utility Plugin | Theme (functions.php) |
---|---|---|
Shortcodes | always | never |
Custom Post Type | always | never |
Custom Taxonomy | always | never |
Custom Post Meta boxes | always | never |
Customize Admin | always | never |
Editor style | never | always |
Customizer settings | depends | depends |
Javascript & CSS | depends | depends |
Register Sidebars | never | always |
Register Nav Menu | never | always |
Templates | never | always |
Read more:
– https://developer.wordpress.org/themes/getting-started/
– https://developer.wordpress.org/plugins/
4. Understanding “The loop” and “Hooks: Filters and actions”
These 2 concepts are the cornerstone of any WordPress project. It is critical to understand them completely to create a well performing, secure and maintainable WordPress theme or plugin. The loop is how content is retrieved and displayed in WordPress. Hooks are allowing you to change almost any default behavior in WordPress. In fact you can change the behavior of the loop using hooks.
Read more:
– https://codex.wordpress.org/Plugin_API/Hooks
– https://developer.wordpress.org/plugins/
5. Security, Security, Security
Like in any web project you should always: check user capabilities, validate and sanitize input, escape outputs as well as create and validate nonces.
You should also never make assumptions about data/function/parameters always sanitize early and escape late. Always validate data for what it should be not what it’s not:
if ( $email ) {} // Wrong if ( is_email( $email ) ) {} // Correct
Read more:
– https://developer.wordpress.org/plugins/security/
– https://code.tutsplus.com/articles/data-sanitization-and-validation-with-wordpress–wp-25536
– https://www.youtube.com/watch?v=Tmqiz6abxMs&t=38s
6. Javascript and CSS
A few basic and simple rules:
- Add scripts and styles the WordPress way using wp_enqueue_script / wp_enqueue_style
- Don’t enqueue your own version of jQuery or another library already included in WordPress. Use the one included in WordPress by using the dependency parameter of wp_enqueue_script. Here is a full list of available scripts and libraries.
- Finally, you should use wp_localize_script to pass data from PHP to Javascript.
Read more:
– https://developer.wordpress.org/themes/basics/including-css-javascript/