Did you know that you can actually cause death by writing a WordPress plugin? It’s true: If you make a plugin that’s poorly-coded enough to cause a security problem, and say, somebody hacks the website of a small country with a dictatorial rule, some heads might roll.
While it’s a slim chance and not reported to be true (yet), it’s actually a valid reason for you to write better plugins. And in this part of the "Toolbox of the Smart WordPress Developer" series, we’re going to save some lives by going through the WordPress Plugin Boilerplate.
Writing Plugins in WordPress
What is the most important superpower of WordPress? I’ve asked and answered this question more than a few times in my tutorials, but you probably already know the answer: extensibility.
One way of harnessing this power is by making WordPress plugins and putting them into use for the community. You can release a plugin on GitHub, in the WordPress Plugin Repository, on CodeCanyon, or on your own website. You can give it away free, or ask for money or donations.
In any case, you will be extending the functionality of WordPress in some way and on your own terms. You’re a part of the WordPress community and you’re letting the community grow by extending WordPress. How cool is that? This is indeed the prime superpower of WordPress, and you’re allowed to use it.
But you also need to remind yourself that with great power comes great responsibility. You must use this power for good, and use it well. By making poorly-written WordPress plugins, you might cause some really bad things—especially in terms of security. That’s why you need to act cautiously and make well-coded plugins with a solid foundation.
While it doesn’t solve all your coding problems, the WordPress Plugin Boilerplate will help you start off on the right foot by providing that "solid foundation" and guiding you to code better.
The WordPress Plugin Boilerplate to the Rescue!
Back in December 2011, Tom McFarlin, our editor of Tuts+ Code, released the first version of the WordPress Plugin Boilerplate. Over three years, the project has been watched by over 250 people, forked almost 700 times, and got over 2,700 stars on GitHub.
What Is the WordPress Plugin Boilerplate and Why Should We Use This Tool?
On the WordPress Plugin Boilerplate homepage, the project is defined as "a standardized, organized, object-oriented foundation for building high-quality WordPress plugins."
Basically, the WordPress Plugin Boilerplate is one of the best tools around to start a new WordPress plugin with a solid foundation. It provides the essential file and folder structure to stay organized, and using the starter codes inside the files, you can optimize your workflow and write the plugin the right way.
Using the WordPress Plugin Boilerplate
Granted, this tool is not for WordPress beginners. But you don’t have to be a WordPress guru either: Even if you have a basic understanding of WordPress plugin development, the WordPress Plugin Boilerplate will be an easy-to-understand tool for you to make better WordPress plugins.
Starting a WordPress plugin project with the WordPress Plugin Boilerplate is pretty straightforward, actually. In the beginning, all you need to do is change the
plugin-name folder to your plugin’s name and edit all files (PHP, JS, CSS files and images) to change the "boilerplate values" to your own plugin’s values.
You’ll notice that there are quite a few files to work with, and lots of parts to edit even before writing your own code. Don’t let this put you off—it’s just a one-time thing, after all.
Let’s quickly go over some of the files and folders:
plugin-name/admin/: Includes CSS files, JS files, partials and the PHP file for an admin-specific class (
plugin-name/includes/: This folder is kind of the "backbone" of your plugin. It consists of:
plugin-name/includes/class-plugin-name.php: The main PHP class of your plugin.
plugin-name/includes/class-plugin-name-activator.php: Includes the plugin activation functions.
plugin-name/includes/class-plugin-name-deactivator.php: Includes the plugin deactivation functions.
plugin-name/includes/class-plugin-name-i18n.php: Includes the internationalization functionality.
plugin-name/includes/class-plugin-name-loader.php: Includes the actions and filters for your plugin.
plugin-name/languages/: This folder includes your plugin’s language files. Includes a default
plugin-name/public/: Includes CSS files, JS files, partials and the PHP file for a public-facing functionality (
plugin-name/LICENSE.txt: A copy of the GPL-2 license.
plugin-name/plugin-name.php: The main plugin file.
plugin-name/README.txt: A default README file for your plugin. Don’t forget to change this one!
plugin-name/uninstall.php: File to run when the user deletes your plugin.
Please note that the folder structure is based on the system of the WordPress.org Plugin Repository.
Quick Tip: Using the WordPress Plugin Boilerplate Generator tool, you can generate a customized copy. You provide your plugin’s name, slug, website, and your name, email address and website; then the tool replaces all the corresponding values in the boilerplate files. Neat!
The WordPress Plugin Boilerplate surely is a great tool (even the best tool, maybe) for creating better WordPress plugins. But as I said at the beginning of this article, it’s not enough. You have to be mindful about WordPress Coding Standards, comply with the plugin writing processes, and be watchful about security issues in general. And if you want to learn more about writing better plugins, be sure to check out the "Introduction to WordPress Plugin Development" video course, also created by Tom McFarlin.
What do you think about the WordPress Plugin Boilerplate, and making plugins with it? Share your thoughts with us by posting in the Comments section below. And if you liked the tutorial, be sure to share it with your friends!
See you in the next part where we’ll talk about the Envato WordPress Toolkit, a toolkit to install and update themes purchased from ThemeForest.