Writing Plugins for WordPress
There were several plugin sessions at WordCamp San Francisco. Naill Kennedy, Joseph Scott and Michael “mitcho” Erlewine gave two different presentations during the morning esssion.
Naill Kennedy gave a high level overview of writing plugins for WordPress. Naill's main points were:
Why would you write a plugin for WordPress? First of all, it can serve your own needs. Google and Salesforce.com just developed new plugins that integrated with WordPress. This allows you to improve customer engagement outside of your original site.
A second reason to write a plugin is to increase traffic back to your site. In the plugin admin center, you are given a link back to your site. While this link is not indexed by the search engines, it is a great way to drive traffic back to your site. You do get a link from the WordPress plugin directory.
WordPress Plugins can also increase your user experience. Plugins allow you to add or subtract items to a page, or add filters to a page. An example of this is on WordPress com, whenever you write WordPress with a lowercase "w" or "p", it automatically capitolizes the letters.
Shortcodes have been integrated into WordPress for the past couple of versions. For Youtube, instead of typing in the full embed code, you would simply write a short snippet. Or, in WordPress version 2.9, you can actually just write the link, and WordPress will embed the video directly for you. This is done through the oEmbed plugin.
Joseph Scott spoke about WordPress Plugin security. His main points were:
- Don't trust external data
- Make sure data is properly escaped.
- Don't allow injections in HTML
- Use core WP functions whenever possible
- Add caching for expensive processes
- Make use and add your own actions/filters
- Minimize DB row or options and use a unique name
Joseph also gave some don't:
- Include wp-config.php / wp-load.php / wp-blog-header.php
- Ignore WP core options
Michael “mitcho” Erlewine was the last plugin speaker at WordCamp SF. He really emphasized borrowing, adapting and using hooks for your WordPress plgins.
We have developed plugins for our WordPress clients and intend on writing some public plugins in the near future.