Advice for newbie

Hi Simon,

I’m glad to hear you’re showing interest in WordPress development. Just like any application you create, security should be the top concern. Fortunately for us, WordPress already offers helpful security methods which allow us to write secure code without much hassle. I’ll attach some resourceful resources for WordPress security functions here.

However, to answer your question:

but im concerned about how stringent the rules are with plugin security and anything else that’s expected, the books seem to skim over this, how important are they?

Security is always very important when you’re building any sort of program that handles user’s information. For example, if you were signing up for a bank account you wouldn’t want them to store your passwords in plaintext, right? Obviously, you wouldn’t need as much security as you would when dealing with banking information, but you get the idea.

i code my own way, and noticed others seem to go about things their own way when iv studied their wp plugin code.

I’d need more context here, but for best practices you should always follow the WordPress Coding Standards. Following these standards will ensure your code works universally across other WordPress sites and gets along with other plugins and/or themes. I’m not sure what plugins or themes you’re referring to, but they should also be following these standards especially if they’re publicly available on the WordPress repository.

is it ok to heavily rely on javascript for functionality if that works fine?

It’s perfectly fine to use JavaScript, and it’s encouraged depending on the task you’re trying to perform. However, you also want to ensure you have a firm understanding of PHP as WordPress relies on the language both for plugins and themes. The last thing you want to do is copy and paste code from a 3rd party and integrate it into your application without understanding its importance.

do people sanitize everything?

I’d sure hope so, since I wouldn’t want user provided data going directly into my database without any sort of sanitizing. A good rule of thumb – if the data is coming from the user (such as a form), then sanitize it. Without sanitizing user data, you’re opening up security risks such as SQL injection.

WordPress offers some nifty functions for sanitizing data – you can check them out here.

When you’re developing your plugin, just make sure you keep the WordPress development codex close and ensure your code follows standards as close as possible. Doing this, in combination with sanitizing user data, will ensure your plugin is secure as possible for WordPress.

Hi Tyler, and thanks for answering my post so quickly, i’m glad you have clarified the standards expected i intend to pay a lot of attention to that now, iv just quickly skimmed back over the standards, i’m going to print them off and study them alongside the books im reading, i realise the javascript, html and css standards really make sense, however with some of the php stuff is going over my head and i know i’m trying to run before walking here, it’s only been a few weeks on php so i’m hoping i can get to grips and feel confident with it soon, iv already wrote the main javascript core of the plugin for the front end stuff, i’d love some feedback on my php code when i get going and hope to contribute to the forums eventually, thanks again….

Hi Simon,

No problem at all. I’m glad to have pointed you in the right direction, and I’m excited to see what you create.