Writing WordPress Plugins for nOObs – Q & A Session With Niall

After presenting a very interesting and interactive “Writing WordPress Plugins for nOObs” session, Niall opened up the floor for Q & A. Here are some of the questions (and answers – not verbatim of course!) that I captured in my notes. I will update this as I find more from other wordcamp posts and tweets.

Attendee Question:  Can you recommend some resources for going to the next level, which would be to actually write a plugin from scratch. What websites, online forums can you recommend?

Niall’s Answer: First, go to the Codex Plugin site. There are lots of links and resources there. Also check out the Plugin API Reference site. Search for sites that tell you How to Build a Plugin.

Attendee Question: I have some ideas for cool Plugins, but I do not have the expertise to do it on my own. How do I go about getting the Plugin developed?

Niall’s Answer: There are 2 ways of doing this, depending on your situation. First way -  if you want to develop the plugin on your own time and are not in a rush or on a tight deadline, and are willing to spend the time, then go to the wordpress forums. There you can find people who will help you out or give you tips on how to code your plugin.

2nd way – if you want to built it professionally and are on a time contraint, then spec your plugin design out, and go to either codepoet.com, or other popular freelance coding sites like Rent-A-Coder.com or ODesk.com. I have found that WordPress development is one of the most popular services on those sites, with lots of coders available and experienced to get the job done.

Attendee (Me) Question: I have seen that quite a few plugins out there are performance hogs, and also have security holes that could compromise my site. So if I find a plugin that satisfies my requirements and I like it, what can I look for in the code, to confirm that the code does not have security holes and is written properly?

Niall’s Answer:  First, look for any reference to IFRAMES. If the plugin is simply redirecting to some other site in IFRAMEs, that is a red flag. Also scan the code for function names like wp enqueue_script(). This is a best practice in wordpress coding. Finally, look for obvious security flaws in the code where Html FORMS are introduced and used.