One of the best things about working with WordPress is that it’s open-source. Anyone literally anyone with a machine and an internet connection can start using WordPress isn’t it great? but sometimes even the extraordinary developers and engineers made some mistakes. Here are the seven most common mistakes and how you should avoid them.
1. Not Using Action and Filters
Editing a WordPress plugin or theme directly is a bad practice and it’ll serve no good, The plugin or themes will eventually get an update and it’ll be updated manually or automatically and all of your changes will be lost.
So as authors/developers we should give other developers freedom to alter our plugin and themes without editing the main code base, Adding actions and filters will help to extend your plugin or theme and It’ll help in creating addons and a premium version of the plugin or theme
2. Writing from Scratch
Well it’s 2021 and WordPress has been around us for more than a decade and you don’t need to start coding your first plugin from scratch. You can use a plugin boilerplate as your starting and start developing right away instead of wasting time on setting up the architecture.
I always use a plugin boilerplate generator when starting a new project, go ahead and try it!
For themes there are plenty of good options out there, first of all, it depends on the use case if you are building a theme for a client then I’d definitely recommend Genesis framework, it has so many out of the box options to help you create a custom theme, but if you’re going to build a theme for to sell or open-source go with a starter theme, there are tons of options for WordPress starter theme but the hottest ones are Underscores, Sage, Beans
3. Developing with WP_DEBUG set to FALSE
Do not develop a new plugin or theme without setting the WP DEBUG to TRUE, by default the WP_DEBUG is set to FALSE to avoid printing and errors or warnings on the screen.
However, the best practice is to set the WP_DEBUG to TRUE when developing to ensure your plugin doesn’t generate any error.
This is what most experienced developers do and they don’t just display exceptions and errors, they always check WP_DEBUG === TRUE before displaying errors on screen.
If you’re aware of WP CLI then you can run
WP CONFIG SET WP_DEBUG TRUEDo not forget to turn it off if you're working on a client website
4. Not Using a Verson Control System
There’s is always going to be a rush when a bug arrives or adding a new feature, and you’ll eventually end up making changes that don’t matter anymore and you want to revert to the previous version of your code, You simply cannot because you’re not using a VCS system like Git or SVN, the best practice is to always keep versions of your code whether it’s a small or large project.
Learning Git can be a bit intimidating for developers at the beginning but it’ll eventually pay off in the longer run. Beginners can start using Git with a GUI version such as Github Desktop or Git Kraken.
5. Not adding a Prefix to your functions, classes, and constants
Always add your prefix before defining plugin functions, classes, and constants to avoid naming conflicts with other plugins and themes, a prefix shouldn’t be too long
for example, if you’re building a learn dash rocket launcher addon, you could use
LDRL_VERSION or RL_VERSIONinstead of using
LEARN_DASH_ROCKET_LAUNCHER_VERSIONSimplicity is the key, just keep it simple and easy.
6. Not Following Coding Standards
Inconsistent codebase makes collaboration extremely difficult, that’s why you should always stick to a coding standard, and for WordPress projects what’s better than WP coding standards, it keeps the developers on the same channel and creates a smooth process for collaboration.
WordPress has defined coding standards for CSS, HTML, Javascript, and PHP and it’s better to stick with them but if you’re using some other coding standards make sure everyone on the team is on the same page
7. Not Taking Security Seriously
Security is often the most neglected point while working with WordPress, most developers just focus on client needs until the website gets hacked, and then you know that your plugin or theme has a vulnerability, vulnerabilities occurred quite often but it is the developer’s responsibility to make it secure as much as he can and if something goes down make sure to fix it the right way this time 😉
XSS Vulnerabilities: is the most common vulnerability and it can be avoided by just sanitizing and escaping the data while developing do not trust any input by any user always sanitize the input data with sanitize_text_field() and always escape the URL’s with esc_url() and for HTML use esc_html() simple isn’t it?
Prevent access to your files: Most hosts allow files to be accessed directly, the accessed file will display some errors but it could hint attackers to exploit a vulnerability, the best cure to prevent direct access to your files is to add
defined('ABSPATH') || die();at the beginning of your file and always add an empty index.php in your folder to prevent directory access.
Nonces: WordPress generates a unique number to prevent forms and URL’s to protect them from misuse and malicious hacks, you can read the full documentation here
For example, if you want to deactivate or delete a plugin from WordPress the URL would look like
https://example.com/wp-admin/plugins.php?action=delete&plugin=woocommerce/woocommerce.phpWhat a hacker can do is add this URL directly in the browser to delete the plugin from your website, here the nonce will prevent this action and the request will not be completed and WordPress will give the below error
The link you followed has expired.The same approach goes for all the customs forms, AJAX Requests, and many more
If you want to take the security seriously and prevent unauthorized access do your Nonces properly
Constant Improvement
Every developer has made mistakes and is still making them consciously or unconsciously, no matter what, we should all strive for the best and keep learning, no code is perfect, technology needs innovation, standards are meant to be updated and the systems you’re using today will evolve. Keep Learning and get 1% better every day.
There could be other mistakes, do let me know in the comment If I missed some