Starting from scratch: A complete guide and practical tutorial for WordPress plugin development

Why learn WordPress plugin development?

WordPress, as the world's most popular content management system, owes its strength to its high level of scalability, which is largely due to its plugin ecosystem. Learning how to develop WordPress plugins not only allows you to customize website functionality in depth to meet unique business needs but also transforms your ideas into marketable products, opening up a vast market for you. Compared to relying on third-party plugins, developing your own plugins means having more control over the code, resulting in higher security and better performance optimization, as you can precisely manage every aspect of the functionality.

In addition, mastering this skill significantly enhances the value of a developer. Whether it's providing customized solutions for clients or building your own tool products, understanding the core architecture of WordPress and the standards for plugin development is a key advantage. It transforms you from a mere user into a creator – someone who can understand and make use of WordPress's capabilities to build innovative solutions.hook(Let’s use hooks, system capabilities, data manipulation methods, and security mechanisms to build robust applications.)

Setting up a plugin development environment and its basic infrastructure

Before starting to write code, a professional local development environment is essential. We recommend using tools such as Local, DevKinsta, or Docker to quickly set up an environment that includes PHP, MySQL, and a web server. Make sure your PHP version (version 7.4 or higher is recommended) is compatible with the target WordPress version, and enable error reporting; this will help with debugging.

Recommended Reading Getting Started from Scratch: Building Your First WordPress Plugin。

The most basic structure of a WordPress plugin consists of a single main file. This main file must contain specific plugin header comments, so that WordPress can recognize it.

UltaHost WordPress Hosting

30-day refund guarantee, unlimited bandwidth and database usage, free DDoS protection; purchase for 3 years and get a discount of 50%.

access page

Create your first plug-in file

The main file of a plugin is usually named after the plugin itself, for example… my-first-plugin.phpYou need to place this file in… /wp-content/plugins/ It is located within an independent folder inside the directory. The following is the most basic code structure of the file:

<?php
/**
 * Plugin Name: 我的第一个定制插件
 * Plugin URI:  https://yourwebsite.com/my-first-plugin
 * Description: 这是一个用于学习 WordPress 插件开发的示例插件。
 * Version:     1.0.0
 * Author:      你的名字
 * License:     GPL v2 or later
 * Text Domain: my-first-plugin
 */

After saving the file, you will be able to see this plugin on the “Plugins” page in the WordPress administration dashboard and activate it. Although it doesn’t have any functionality yet, you have successfully created a plugin that is recognized by WordPress.

Understanding and utilizing the core mechanisms of WordPress: Hooks

The core philosophy of WordPress plugin development is the use of “Hooks.” These allow your code to be integrated into the WordPress core execution process at specific points in time, without the need to modify the core files. Hooks are mainly divided into two types: Actions and Filters.

Use action hooks to execute tasks.

Action hooks allow you to execute custom functions when specific events occur. For example, when an article is published, you might want to send an email notification.publish_post This is a typical action hook. You can use it… add_action() The function binds your custom function to this hook.

Recommended Reading In-Depth Analysis: The Core Architecture of WordPress and a Practical Guide to Developing New Themes。

Using filter hooks to modify data

Filter hooks allow you to modify the data that WordPress passes during its processing. For example, you might want to change the content of an article’s title.the_title It is a filter hook. You can use it to perform custom processing on the data before it is passed on to the next stage of the application. add_filter() There is a function that binds your processing function. This function receives the raw data and must return the modified data.

The following is an example that uses both actions and filters:

// 1. 定义一个在文章发布时执行的动作函数
function myplugin_on_post_publish( $post_id ) {
    // 获取文章对象
    $post = get_post( $post_id );
    // 记录日志或执行其他操作
    error_log( "文章《{$post->post_title}》已发布，ID: {$post_id}" );
}
// 将上述函数挂接到 ‘publish_post’ 动作钩子
add_action( 'publish_post', 'myplugin_on_post_publish' );

// 2. 定义一个修改文章标题末尾内容的过滤器函数
function myplugin_add_to_title( $title ) {
    // 仅在主循环的文章标题中生效
    if ( is_single() && in_the_loop() ) {
        return $title . ' - [推荐阅读]';
    }
    return $title;
}
// 将上述函数挂接到 ‘the_title’ 过滤器钩子
add_filter( 'the_title', 'myplugin_add_to_title' );

Practical Example: Creating a Custom Plugin with a Management Page

A practical plugin usually needs to provide a configuration page in the WordPress administration panel. We will create an example plugin that adds a sub-menu page under the “Settings” menu in the administration panel, and allows users to save and retrieve certain options.

hosting.com Shared Hosting

High performance with AMD EPYC CPUs, NVMe SSD storage and LiteSpeed, 24/7, 24x7 expert in-house support, advanced security measures including SSL, brute force, malware and DDoS protection, savings of up to 73%

access page

Create a backend administration menu and pages.

First of all, we need to use add_action('admin_menu', ...) The hook registers our own menu items when the administrator menu is initialized. We use… add_options_page() A function is used to add a sub-page under the “Settings” menu.

Processing form data and security validation

On the management page, we usually have a form for users to make settings. When processing form submissions, it is essential to perform security checks, including verifying the user's permissions, using a nonce to prevent cross-site request forgery (CSRF), and cleaning and validating the input data.

The following is a code example for implementing this functionality:

Recommended Reading WordPress Plugin Development Tutorial: Building Your First Plugin from Scratch。

// 钩入 admin_menu 来添加菜单
function myplugin_add_admin_menu() {
    add_options_page(
        '我的插件设置',          // 页面标题
        '我的插件',             // 菜单标题
        'manage_options',       // 所需权限（管理员）
        'myplugin-settings',    // 菜单 slug
        'myplugin_render_settings_page' // 渲染页面的回调函数
    );
}
add_action( 'admin_menu', 'myplugin_add_admin_menu' );

// 渲染设置页面的回调函数
function myplugin_render_settings_page() {
    // 检查用户权限
    if ( !current_user_can( 'manage_options' ) ) {
        wp_die( '权限不足。' );
    }
    ?>
    <div class="wrap">
        <h1>My plugin settings</h1>
        <form method="post" action="/en/options.php/" data-trp-original-action="options.php">
            <?php
            // 输出必要的设置字段和 nonce 字段
            settings_fields( 'myplugin_settings_group' );
            do_settings_sections( 'myplugin-settings' );
            submit_button();
            ?>
        <input type="hidden" name="trp-form-language" value="en"/></form>
    </div>
    &lt;?php
}

// 初始化插件设置，注册配置项
function myplugin_settings_init() {
    // 注册一个新的设置组‘myplugin_settings_group’和页面‘myplugin-settings’
    register_setting( &#039;myplugin_settings_group&#039;, &#039;myplugin_custom_message&#039; );

// 在页面‘myplugin-settings’上添加一个新的设置区域
    add_settings_section(
        &#039;myplugin_section&#039;,
        &#039;自定义消息设置&#039;,
        null,
        &#039;myplugin-settings&#039;
    );

// 向该区域添加一个字段
    add_settings_field(
        &#039;myplugin_field&#039;,
        &#039;欢迎消息&#039;,
        &#039;myplugin_field_render&#039;,
        &#039;myplugin-settings&#039;,
        &#039;myplugin_section&#039;
    );
}
add_action( &#039;admin_init&#039;, &#039;myplugin_settings_init&#039; );

// 渲染设置字段的函数
function myplugin_field_render() {
    $option = get_option( &#039;myplugin_custom_message&#039;, &#039;你好，访客！&#039; );
    echo &quot;<input type='text' name='myplugin_custom_message' value='" . esc_attr( $option ) . "' />";
}

// 在前端使用保存的选项
function myplugin_display_message() {
    $message = get_option( 'myplugin_custom_message', '你好，访客！' );
    echo '<p class="myplugin-message">'`. esc_html($message)`.'</p>';
}
// 你可以将此函数通过短码或钩子在前端调用，例如：
add_action( 'wp_footer', 'myplugin_display_message' );

Plugin Security, Internationalization, and Preparation for Release

Before releasing a plugin that has been developed, it must undergo rigorous security, internationalization, and packaging processes.

Security is of utmost importance. All data obtained from user input (such as $_GET, $_POST, $_REQUEST) must be validated and cleaned. WordPress provides a wealth of functions to help with this process. sanitize_text_field(), esc_html(), esc_url() and wp_strip_all_tags() Used for escaping data before output. Never trust the user's input.

InterServer Shared Hosting

Shared hosting $2.50 USD per month , first month $0.1 USD promo code tryinterserver, 461 cloud apps scripts, one click install.

access page

In order for the plugin to be used by users around the world, you need to prepare it for internationalization (i18n). This means that all text strings that are displayed within the plugin should be translated into different languages. __() Or _e() Wrap the functions using appropriate libraries and set the correct text domain. This way, translators can use .po/.mo files to translate your plugin.

Finally, you need to carefully prepare the readme.txt file, ensuring that its format complies with WordPress.org’s specifications. Make sure your plugin code adheres to the WordPress coding standards, remove all debugging code, and compress the code into a zip file. You can choose to publish your plugin in the official WordPress plugin directory or distribute it on your personal website.

summarize

WordPress plugin development is a process that combines creativity with a powerful platform. We began by understanding the importance of plugin development, then gradually set up the necessary environment and created the basic files for our plugin. By thoroughly studying and practicing the two core mechanisms—action hooks and filter hooks—we mastered the key techniques for interacting with WordPress. Next, we developed a complete plugin with a backend administration page, covering the entire process from adding menus, setting up user registration, handling data security, to the front-end display of the plugin’s functionality. Finally, we discussed the critical steps that affect the quality and distributability of a plugin: security practices, internationalization preparation, and the packaging process for release. By following these steps and best practices, you will be able to create professional-level WordPress plugins that are powerful, secure, reliable, and easy to distribute, thereby truly unlocking the full potential of WordPress.

FAQ Frequently Asked Questions

What prerequisite knowledge is needed to develop a WordPress plugin?

You need to have a basic understanding of the PHP programming language, as both the WordPress core and its plugins are written in PHP. It is also essential to have a basic knowledge of HTML, CSS, and JavaScript for handling the front-end display and interactions. Familiarity with the basic concepts of MySQL databases (such as querying, creating, updating, and deleting data) will be helpful, as WordPress uses MySQL to store its data.

Does the main file of the plugin have to be named with a specific name?

No, the main file of a plugin can be named whatever you want. However, for clarity and consistency, it is generally recommended to use a name in English or Pinyin that reflects the purpose of the plugin. The only requirement is that the PHP file must contain the correct plugin header comments; it is through these comments that WordPress identifies and loads the plugin.

What is the fundamental difference between action hooks and filter hooks?

Action hooks are used to “execute a piece of code” when a specific event occurs; they do not require your function to return a value, and their purpose is to perform a task or operation. Filter hooks, on the other hand, are used to “modify a piece of data”; they require your function to receive a value and must return a modified value. In short, actions are about “doing something,” while filters are about “changing something.”

How can I ensure that my plugin won't conflict with other plugins?

Adding a unique prefix to all your function names, class names, constant names, and option names is the best practice for preventing conflicts. For example, do not use…get_data()For such a generic function name, it would be more appropriate to use…myplugin_get_data()At the same time, encapsulating your code within classes or namespaces can help to more effectively isolate variables and functions.