A Complete Guide to WordPress Plugin Development: From Beginner to Practitioner, Building Custom Features

Overview of WordPress Plugin Development

WordPress plugins are a collection of PHP scripts used to extend and enhance the core functionality of WordPress. They allow developers to add new features, tools, management panels, or modify existing behaviors without having to modify the core code of WordPress itself. A plugin can be as simple as a single file or as complex as a set of multiple directories containing various types of files.

The key to understanding a plugin lies in its entry file. Every plugin must contain at least one main PHP file, and this file must include standard plugin metadata at the beginning. This metadata is read by WordPress’s plugin manager and is displayed in the plugin list in the backend.

Build your first plugin

Create a basic file structure.

First, you need to create the entry file for the plugin. This file should be located in the WordPress installation directory.wp-content/plugins/In the folder, create a new folder, for examplemy-first-pluginIn that folder, create a main PHP file. The name of the file should usually be the same as the name of the folder, for example…my-first-plugin.php。

Recommended Reading Starting from scratch: Creating your first WordPress plugin。

Write the header information for the plug-in

In this main file, you must add a plugin header comment that complies with WordPress standards. This is crucial for the plugin to be recognized and activated by WordPress.

UltaHost WordPress Hosting

30-day refund guarantee, unlimited bandwidth and database usage, free DDoS protection; purchase for 3 years and get a discount of 50%.

access page

<?php
/**
 * Plugin Name:       我的第一个插件
 * Plugin URI:        https://example.com/my-first-plugin
 * Description:       这是一个用于演示的简单插件，它将在文章内容顶部添加一行文字。
 * Version:           1.0.0
 * Author:            你的名字
 * License:           GPL v2 or later
 * Text Domain:       my-first-plugin
 */

This comment provides basic information about the plugin. After saving this file, you will be able to see it on the “Plugins” page in the WordPress administration area.

Implement a simple feature.

Next, we will add the simplest feature to this plugin: a line of custom text at the top of all article contents. We can use…the_contentThis is achieved using a filter hook.

function myplugin_add_text_to_content( $content ) {
    $custom_text = '<p>The greeting was added by my first plugin!</p>';
    return $custom_text . $content;
}
add_filter( 'the_content', 'myplugin_add_text_to_content' );

Add the code to your main plugin file.my-first-plugin.phpSave and activate the plugin. Now, whenever you browse any post or page on the website, the specified text will appear at the very beginning of the content. This is the basic implementation of the plugin’s functionality.

Core Concepts and APIs in Plugin Development

Understand the hook mechanism

Hooks are the core of WordPress plugin development, as they allow your code to be integrated into the execution process of WordPress itself or other plugins. There are mainly two types of hooks: Actions and Filters.

Recommended Reading How to Learn WordPress Plugin Development from Scratch: A Complete Guide and Practical Tutorial。

Actions are used to execute your custom code at specific time points. For example,wp_footerThis action allows you to display HTML or scripts at the bottom of the page. You can use it to add additional content or functionality to your website.add_action()A function is used to mount an action.

Filters are used to modify data before it is passed to a database or a browser. For example, the filters used in the example above…the_contentThe filter allows you to modify the content of the article. You need to use it accordingly.add_filter()The function is used to add filters, and your callback function must return the modified value.

Using the core database classes

WordPress provides a powerful database abstraction layer.wpdbThis is used to interact with the database securely. You should directly use this global object, rather than calling PHP’s MySQL functions directly.

hosting.com Shared Hosting

High performance with AMD EPYC CPUs, NVMe SSD storage and LiteSpeed, 24/7, 24x7 expert in-house support, advanced security measures including SSL, brute force, malware and DDoS protection, savings of up to 73%

access page

For example, if you want to query certain information from a database, you can do it like this:

global $wpdb;
$results = $wpdb->get_results( "SELECT id, name FROM {$wpdb->prefix}my_custom_table" );

Please use it with care.$wpdb->prefixTo ensure the correctness of the table prefix, be sure to use it for all insert, update, and delete operations.wpdbThe information provided is as follows:insert()、update()These methods automatically handle data escaping to prevent SQL injection attacks.

Create a management settings page

Creating a background settings page for a plugin is a basic requirement for professional plugins. WordPress provides a variety of API functions for adding menu items and pages at different levels, with the most commonly used ones being…add_menu_page() and add_options_page()。

Recommended Reading WooCommerce Practical Guide: Building a Professional E-commerce Website from Scratch。

The following is an example of adding a top-level menu and a simple settings page:

function myplugin_add_admin_menu() {
    add_menu_page(
        '我的插件设置',        // 页面标题
        '我的插件',            // 菜单标题
        'manage_options',      // 所需权限
        'myplugin-settings',   // 菜单Slug
        'myplugin_settings_page', // 回调函数，用于输出页面HTML
        'dashicons-admin-generic', // 图标
        6                      // 菜单位置
    );
}
add_action( 'admin_menu', 'myplugin_add_admin_menu' );

function myplugin_settings_page() {
    ?>
    <div class="wrap">
        <h1>My plugin settings</h1>
        <form method="post" action="/en/options.php/" data-trp-original-action="options.php">
            <p><strong>Output:</strong>  
  
</p>
        <input type="hidden" name="trp-form-language" value="en"/></form>
    </div>
    &lt;?php
}

This example will create a top-level menu named “My Plugin”. When clicked, it will open the content that is associated with this menu.myplugin_settings_pagePages rendered by functions. Typically, you would use the WordPress Settings API in conjunction with these functions.register_setting, add_settings_section, add_settings_field) to safely process and save the settings.

InterServer Shared Hosting

Shared hosting $2.50 USD per month , first month $0.1 USD promo code tryinterserver, 461 cloud apps scripts, one click install.

access page

Project Practice: Developing a Note Management Plugin

In this section, we will combine the knowledge we have learned to create a simple “note-taking” feature that can be used on the article editing page. This plugin allows editors to add private internal notes to their articles.

Create a custom database table

First of all, when the plugin is activated, we need to create a new database table to store the notes. This can be achieved by registering an activation hook.register_activation_hookTo achieve this.

function my_note_plugin_activate() {
    global $wpdb;
    $table_name = $wpdb->prefix . 'post_notes';
    $charset_collate = $wpdb->get_charset_collate();

$sql = "CREATE TABLE $table_name (
        id mediumint(9) NOT NULL AUTO_INCREMENT,
        post_id bigint(20) NOT NULL,
        note_content text NOT NULL,
        created_by bigint(20) NOT NULL,
        created_at datetime DEFAULT CURRENT_TIMESTAMP NOT NULL,
        PRIMARY KEY  (id)
    ) $charset_collate;";

require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
    dbDelta( $sql );
}
register_activation_hook( __FILE__, 'my_note_plugin_activate' );

Here, we use…dbDelta()This function is used to create or update the table structure. It represents a safe and highly compatible approach.

Add a meta box to the article editing interface.

Next, we need to add a meta box on the article editing page to display and save notes. This will require the use of…add_meta_boxThe function, and then mount it to...add_meta_boxesIn terms of action.

function my_note_add_meta_box() {
    add_meta_box(
        'my_note_meta_box',         // 元框的唯一ID
        '文章内部便签',             // 显示的标题
        'my_note_meta_box_callback', // 渲染元框内容的回调函数
        'post',                     // 要显示的帖子类型
        'side',                     // 位置
        'default'                   // 优先级
    );
}
add_action( 'add_meta_boxes', 'my_note_add_meta_box' );

function my_note_meta_box_callback( $post ) {
    // 从数据库获取当前文章的已有便签
    global $wpdb;
    $table_name = $wpdb->prefix . 'post_notes';
    $notes = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $table_name WHERE post_id = %d ORDER BY created_at DESC", $post->ID ) );

wp_nonce_field( 'my_note_save_action', 'my_note_nonce_field' );
    echo '<textarea name="my_new_note" rows="5" style="width:100%;" placeholder="Enter your internal notes..."></textarea>'echo '<p class="description">This note is only visible to website editors and administrators.</p>';

if ( $notes ) {
        echo '<hr><h4>Historical Notes:</h4>';
        foreach ( $notes as $note ) {
            $user = get_user_by( 'id', $note-&gt;created_by );
            $username = $user ? $user-&gt;display_name : '未知用户';
            echo '<p><strong>' . esc_html( $username ) . ' (' . $note-&gt;created_at . '):</strong><br>';
            echo nl2br( esc_html( $note-&gt;note_content ) ) . '</p>';
        }
    }
}

Saving and cleaning data

When an article is saved or updated, we need to store the new notes in the database. This can be achieved by…save_postThese actions need to be implemented accordingly. Additionally, when the plugin is deleted (optional), we also need to provide an uninstallation hook.register_uninstall_hookLet's clean up the data tables that were created.

function my_note_save_post_data( $post_id ) {
    // 检查非ce、权限、自动保存等
    if ( ! isset( $_POST['my_note_nonce_field'] ) || ! wp_verify_nonce( $_POST['my_note_nonce_field'], 'my_note_save_action' ) ) {
        return;
    }
    if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
        return;
    }
    if ( ! current_user_can( 'edit_post', $post_id ) ) {
        return;
    }

if ( ! empty( $_POST['my_new_note'] ) ) {
        global $wpdb;
        $table_name = $wpdb->prefix . 'post_notes';

$wpdb->insert(
            $table_name,
            array(
                'post_id' => $post_id,
                'note_content' => sanitize_textarea_field( $_POST['my_new_note'] ),
                'created_by' => get_current_user_id(),
            ),
            array( '%d', '%s', '%d' )
        );
    }
}
add_action( 'save_post', 'my_note_save_post_data' );

// 可选：卸载插件时删除数据表
function my_note_plugin_uninstall() {
    global $wpdb;
    $table_name = $wpdb->prefix . 'post_notes';
    $wpdb->query( "DROP TABLE IF EXISTS $table_name" );
}
register_uninstall_hook( __FILE__, 'my_note_plugin_uninstall' );

Best Practices and Preparation for Release

Follow WordPress coding standards.

To ensure the readability, maintainability of the code, and its compatibility with other plugins, please strictly adhere to the official WordPress PHP coding standards. This includes, but is not limited to: using the correct indentation (tab characters instead of spaces), naming function names and variable names in lowercase letters with underscores (_), naming class names in UpperCamelCase format, and using internationalization functions for all strings that need to be translated.

Implementing internationalization

An excellent plugin that is expected to be widely used must support internationalization. This means that all user-facing text should be wrapped within translation functions.

WordPress provides…__()、_e()、_n()A series of functions, etc. First, you need to set them up in the plugin header information.Text Domain(For example: “my-first-plugin”), and then wrap the string every time it is output or used.

For example:

\necho '<p>' . esc_html__( '这是一个演示文本。', 'my-first-plugin' ) . '</p>';

Then, you can use a tool like Poedit to extract all the text and generate the desired output..potFiles, for translators to translate into different languages..moand.poThe document.

Security and Performance Optimization

Security is of utmost importance in plugin development. Always validate and sanitize user input, and escape all output data. When performing SQL queries, be sure to use appropriate escape mechanisms to prevent security vulnerabilities.prepare()Use statements to prevent injection attacks. Before performing any operation, verify the user’s permissions.current_user_can()For cases where CE (Content Encryption) is not used, the WordPress nonce mechanism can be employed.wp_nonce_field(), wp_verify_nonce()）。

In terms of performance, optimize database queries and avoid executing them within loops. Make reasonable use of WordPress’s Transients API for caching. Remove any unnecessary hooks promptly when they are no longer needed.remove_action(), remove_filter()Finally, make sure that the plugin directory only contains the necessary files, and compress and clean the code before releasing it.

Ready to publish to the WordPress repository.

If you plan to release the plugin to the official WordPress plugin directory, you need to carry out a series of preparatory tasks. Make sure that the plugin has a clear…readme.txtThe file is formatted in accordance with WordPress standards. It should include a description of the plugin, installation instructions, FAQ, version update logs, and more. Additionally, make sure that the header information in the main plugin file is complete and accurate. Thoroughly test the compatibility of your plugin in various environments and different versions of WordPress.

summarize

WordPress plugin development is a creative process that transforms ideas into powerful, functional tools. By understanding the basic structure of plugins, mastering the core mechanisms of hooks (Actions and Filters), and becoming proficient in using key features such as the Settings API and database operations, you can create a wide range of plugins – ranging from simple tools to complex solutions. Throughout the development process, always prioritize security, performance, code quality, and internationalization as fundamental principles. Start by creating your first “Hello World” plugin, and gradually build on your skills. Eventually, you will be able to develop professional-grade WordPress plugins that are ready for release.

FAQ Frequently Asked Questions

What technologies are required for plugin development?

You need to have a solid foundation in PHP, as well as a good understanding of basic HTML, CSS, and JavaScript. It's also important to have a basic knowledge of the MySQL database. Most importantly, you need to understand the core architecture of WordPress, especially the Hook mechanism and the Template Hierarchy. Knowledge of Object-Oriented Programming (OOP) will be very helpful when building complex plugins.

What is the difference between the functions of plugins and themes?

Plugins are used to add or modify the functionality of a website. In theory, they should be separated from the website’s appearance and have a high degree of portability, allowing them to continue to function even after the theme is changed. Themes primarily control the appearance and layout of a website; although modern themes often contain a significant amount of functional code as well, this is considered a poor practice. The best practice is as follows: If a feature is closely related to the visual presentation of the website, it can be included in the theme. However, if a feature is universal or independent in nature, it should be implemented as a plugin.

How to handle plugin updates and compatibility?

In order to handle the updates, you need to make the necessary changes in the comments at the top of the plugin.VersionFor major updates, you can consider using WordPress’s update notification system and upgrade procedures. The key to ensuring compatibility is to develop your code strictly in accordance with the WordPress core API, avoiding the use of private or deprecated functions.readme.txtThe file clearly states the minimum WordPress version that the plugin is compatible with. Before releasing a new version, it is essential to conduct thorough testing on multiple WordPress versions.

How should plugins load CSS and JavaScript files?

You should never directly embed CSS or JS code within the PHP files of your plugins. To ensure compatibility and optimal performance, you must use the WordPress `enqueue` function to properly load the scripts and style sheets. This should be done in the background (i.e., within the plugin’s backend logic).admin_enqueue_scriptsHook, used on the front end.wp_enqueue_scriptsHook. Use it.wp_enqueue_style()andwp_enqueue_script()Functions, and make sure to handle dependencies and version numbers accordingly.

How can I add custom article types or custom taxonomies to my plugin?

Adding a custom post type (CPT) in useregister_post_type()Function: Adding a custom classification systemregister_taxonomy()Functions. The best practice is to place these registration operations in…initThe action is executed within the action hook. You need to carefully configure the registration parameter array, which includes details such as the tag, visibility, supported features, and whether an archive page is available. These settings determine the behavior of the action both in the backend and on the frontend.