Software Engineering in Web Development, Backend Services, and More
Articles, tips, and resources for WordPress-based development.
Whenever we’re making remote requests with WordPress, we’re likely going to be using one of the following functions:
And, yes, sometimes we’ll be using cURL depending on the nature of the project, but that’s outside the content of this post.
For this article, I want to talk specifically about making remote requests and specifying headers against a third-party API.
Continue readingIt’s one thing to be using PHP CodeSniffer manually but if you’re using a utility such as GrumPHP to check your work before committing it to the repository, then you’re likely going to want to use the version that you’re installing with your project.
This assumes that:
Remember, this is also done in the context of wanting to run automated scripts during the commit process and in a local environment (versus a global setting) with Composer.
cURL is a very popular PHP library that I’ve referenced in several posts other posts (1 and 2, for example). And it’s one that I think should be reviewed, explored, and possibly used by anyone working in PHP (yes, even those working in WordPress).
But because of the native WordPress APIs, we do have a level of abstraction that allows us to achieve much of the same functionality (if not the same functionality).
Specifically, I’m talking about wp_safe_remote_get.
This function is ideal when the HTTP request is being made to an arbitrary URL. The URL is validated to avoid redirection and request forgery attacks.
I specifically mention the safe variant of this function for the definition above (thereĀ is another variant, but it’s important to take precautions against arbitrary URLs for security reasons).
Continue reading
The content of this post is essentially the text version of the talk that I recently gave at WordCamp Atlanta 2019. Sure, some parts are left out, and some parts are modified but I do that since this is a different medium and certain statements or examples don’t translate as well. 🙃
The purpose of the talk, as you can tell from the title, is presenting a case for building web applications with WordPress.
I believe it can be done – because I’ve seen it done and worked with teams who do it – but before actually looking into the reasons why I think it’s a good foundation for certain applications, I also want to clarify terminology that we toss around a bit.
Ultimately, I want to define my terms so there isn’t any confusion, and then I want to useĀ said terms to move forward.
But enough of the setup, right? Here’s the content of the talk.
In continuing with the content of the previous post, it’s important also to consider the use of transients and authentication.
Because there are scenarios where users are authenticated on a site (think of a members-only area of a site) and or aren’t authenticated on the site (such as site visitors).
These types of situations are present both on blogs and other sites and web applications across the board.
Kinsta offers premium managed WordPress hosting for everyone, small or large. Powered by Google Platform and strengthened by Cloudflare, they take performance to the next level. All hosting plans include 24/7/365 support from their team of WordPress engineers. Get started with a free migration today.
© 2026 Tom McFarlin
Theme by Anders Noren — Up ↑
