Plugins are used to add new features or services to the WordPress system — could be an easy way to customize the CMS further, add an enhancement, or whatever. Instead of changing the core programming of WordPress, you can add functionality with plugins.
Before developing a new plugin, the best practice is to first search the WordPress plugins repository to find if someone has already created a plugin for the facility you’d wish to enable using your plugin.
Creating a plugin
To create a well-structured WordPress plugin, you should follow certain steps, as given below.
The plugin should be stored in the
wp-content/plugins/ directory, relative to the WordPress installation.
You should choose a unique name for your plugin. If you are planning to contribute it back to the community, you should verify that it does not conflict with any existing plugins.
The plugin may comprise one or more PHP scripts. The PHP script names should be unique, and should not conflict with the names of scripts used by other plugins. You may also logically split functions across multiple PHP scripts.
The more you document, the more it benefits your users. You should include a
README file with explanations about the plugin.
/wp-admin/, and edit the plugin’s source code. You will be able to edit all files that are part of the plugin. You may not need shell or FTP access to modify and upload your plugin.
The plugin details should be specified in the header section, in a predefined format. The WordPress system extracts the plugin information from this section, and displays it to the users. For example:
<?php /* Plugin Name: Name Of The Plugin Plugin URI: http://URI_Of_Page_Describing_Plugin_and_Updates Description: A brief description of the Plugin. Version: The Plugin's Version Number, e.g.: 1.0 Author: Name Of The Plugin Author Author URI: http://URI_Of_The_Plugin_Author License: A "Slug" license name e.g. GPL2 */ ?>
There are two ways to do plugin development:
- Using hooks
- Using templates
In this article, we will look at how to create plugins using hooks. There are two types of hooks:
The core WordPress system launches the Action hook at specific points during execution, or during specific events. The plugin can specify one or more PHP functions to execute, using the Action hook.
The core WordPress system launches the Filter hook to modify the text of various types before adding it to the database, or before sending it to the browser. The plugin can specify one or more PHP functions to modify specific types of text, using the Filter hook.
The plugin data can be stored in a database, using the Options interface. The developer can design the plugin to capture configuration data from the administrator, and store the values in the database.
Single Sign-On plugin
The use-case for creating this plugin is to facilitate Single Sign-On (SSO) between a WordPress system and another Web application, which should store the user credentials in cookies, perhaps in an encrypted format. The user credentials could be the username, password and email address. The Web application should set the cookies when the user logs in to the system.
The WordPress plugin may use an authenticated filter hook to authenticate the user. This filter hook would read the encrypted user credentials from the cookie, decrypt the values, and authenticate the user using the WordPress API.
The plugin can be designed to create the account, automatically, if it does not already exist. The functions you could employ to authenticate the user, with the Authenticate filter hook, are as follows:
The cookie information, like the cookie name, domain, encryption algorithm and mode, can be configured using the Options interface. This information is stored in the database. The Options interface is accessible to site administrators.
Once the SSO plugin is installed, users will not see the WordPress login screen. If they access any page that requires authentication, they will be automatically logged in, based on the values set in the cookies. If they are not logged in to the Web application, they will be redirected to the login page in the Web application.
Once logged in there, they will be redirected to the WordPress system, where they will be logged in automatically. If the account does not exist in the WordPress system, it will be created automatically.
To know more about WordPress plugin development, you can refer to the plugin Development section in the developer documentation.