If you’ve worked with PHP with any length of time and needed to use some type of built-in encryption, you’ve likely seen something about the Sodium library in the manual.
Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Unfortunately, the module that contains this library isn’t always installed with the PHP binary. It then has to be either re-compiled or enabled by a package manager. If you don’t have the ability, time, or access to do any of those, then there’s a solid alternative for the native library that can be installed via Composer: Sodium Compat.
Multiple times, I’ve drafted notes, written, and re-written parts of this post in an attempt to find the best way to start. And, I know, oftentimes writing qualifying statements or short paragraphs like this is considered something we shouldn’t do when publishing content.
But I don’t think I’ve the best track record of doing the things that I should be doing whenever writing on this site and I tend to write how I want, more often than not, about whatever it is I want to share.
Assume that your plugin requires a minimum version of PHP and you want to prevent activation if the minimum PHP version isn’t met.
Add the following code after you’ve declared your namespace, checked to make sure the plugin isn’t being directly accessed and so on:
if (version_compare(PHP_VERSION, '7.4', '<')) {
exit(
sprintf(
'The plugin requires PHP 7.4 or higher. Your WordPress site is using PHP %s.',
PHP_VERSION
)
);
}
If the comparison fails, then an error message will be displayed on the plugin activation screen along with the string you’ve passed to the sprintf function.
As I’ve continued to work with integration mobile applications with the WordPress REST API, there have been a few instances in which I’ve wanted to inspect, manage, or manipulate incoming REST API Requests.
There’s a number of reasons you may want to manipulate incoming WordPress REST API requests before they actually begin interacting with the core application. In my case, I needed to determine:
which endpoint is being requested,
check whether or not a specific key is being bassed,
return an error if not or proceed with further processing.
But that’s one of many different possibilities available. What I’m more interested in, at least in this article, is showing how to manipulate a request before it’s actually sent to be processed.
Over the years, I think the concept of a “drop-in” plugin has become overloaded. What once referred to a very specific type of functionality has evolved to mean a couple of things.
One of the definitions retains the original definition which is you can place specific files into the plugins directory to replace core WordPress functionality. These are not standard WordPress plugins, though. For example, you’ll likely often see files like advanced-cache.php or object-cache.php in the plugins directory. These are the original type of ‘drop-ins’ when it comes to working with WordPress.
Another definition are plugins that aren’t specifically mu-plugins and they aren’t standalone plugins either. Instead, these are pieces of functionality that can be dropped into any other plugin and add functionality. Say you have two different plugins that are used by a lot of people and you want to give them the ability to add a feature without activating a new plugin. The way in which you can do this is have them drop a file into their existing plugin.
Here’s the challenge with the second definition: When you drop functionality of into the context of another plugin, that plugin may not be the only one already running the same code.
In other words, say you have a file called acme-functionality.php that can be added to any plugin. If you drop acme-functionality.php into multiple, activated plugins then you may end up with all kinds of results none of which are ideal. And why isn’t it ideal? Because you want the code to run only once.
What’s a way to check to see if a file is already running in the context of another plugin before running it’s code?
Kinsta offers premium managed WordPress hosting for everyone, small or large. Powered by Google Platform and strengthened by Cloudflare, they take performance to the next level. All hosting plans include 24/7/365 support from their team of WordPress engineers. Get startedwith a free migration today.
If you are looking for WordPress guides and unbiased reviews, I recommend checking out WPKube. They also have an exclusive deals section.
Just Getting Started with WordPress? I write a lot about WordPress development but if you're just getting started, I recommend checking out WPBeginner. They have free training videos, glossary, and more.
