Tag: WordPress (Page 35 of 219)

Articles, tips, and resources for WordPress-based development.

Quick Tip: Sanitize Post Data in WordPress

October 11, 2018 / Tom

The more I begin to try to use PSR-2 coding standards and tools such as GrumPHP (and those related to it), the more I find that the quality of the code I write can be significantly improved in minor ways.

PHP Coding Standards with Code: PSR-2

And I don’t mean to sound contradictory: I mean, the idea of having something “significantly” improved in a “minor” way doesn’t exactly jive, does it?

But hear me out.

Imagine that you’re able to write clean, readable, maintainable code using coding standards that are not only modern, but built into PHP, play nicely with WordPress, and that is more readable than some of the other ways we may have done it in the past or when using other tools for coding standards.

Wouldn’t you be interested?

WordPress Admin Menu: Re-ordering Submenu Items

September 19, 2018 / Tom

One of the things about working with the WordPress menu API (that is add_menu_page, add_submenu_page, and the like) is that it doesn’t make it easy to reorder the submenu items.

Sure, for certain things such as taxonomies or things like that, you can just change the order in which they are registered. But let’s say that you have a WordPress admin menu and then a few submenu pages under that particular menu.

By default, WordPress creates the top-level menu, and then it immediately creates a submenu item under the top-level menu that links to the same page. In many cases, this may be ideal.

In some cases, though, you may want to change that.

Secure WordPress Form Submission: An Object-Oriented Approach

September 18, 2018 / Tom

Years ago, I wrote a post in which I shared a public function to determine if the user had permissions to save information to the WordPress database. You can see the original gist in all of its aged glory (along with the solid comments) here (it’s five years old, even – wow).

Secure WordPress Form Submission: The OG

As with anything programming related, time passes, things are refined, and things [hopefully] get better than they were before.

Though I still use and recommend a variant of the user_can_save (or userCanSave) function, I also think it’s important to go through the process of separating out the process of verifying the request.

So now it’s not just about determining if the user has permissions, but it’s about verifying the security information coming from the client – be it via a post back to the server or a request made via Ajax – and doing so using good programming techniques that align both with WordPress and with PHP.

To be clear, this is more about secure WordPress form submission from an options page or a settings page than it is, say, a form coming from a template. That’s another post for another time.

But still, there are plenty of us working on building applications on WordPress and that require the following.

Don’t Over-Engineer the Solution

September 13, 2018 / Tom

If you come from an object-oriented background or try to build all of your solutions for WordPress using object-oriented techniques, then there are going to be times where it might feel like you’re hitting a nail with a sledgehammer.

For example, let’s say that someone comes to you and needs a custom plugin developed that works with a third-party plugin but it only needs to do one thing.

Is it worth taking the time to create an interface, implementing the said interface in a concrete class, set up subscribers, write unit tests, and so on?

I can see the appeal, but I generally say no. If the gist of what you need to do has to be including styles or JavaScript files or both, then why not rely on the native WordPress APIs and procedural programming?

Including Custom Fonts in WordPress Plugins

September 12, 2018 / Tom

The more you work in web development, the more likely you’re going to see people asking you to incorporate custom fonts into their project.

Sometimes this is easy. For example, if you work with something like a Google Web Font, you can easily copy the code necessary to paste into your stylesheet.

Custom Fonts in WordPress Plugins: Google Fonts

Often, the code looks something like this:

And then you can use it in your stylesheet like this:

But what if someone provides you with a set of fonts that they want to use in their project that are in a file format and that are not hosted on some type of content-delivery network?