I just learning WORDPRESS a month recently, there are some aspects in WORDPRESS:
WORDPRESS theme
WORDPRESS security
SEO for WORDPRESS
WORDPRESS plugin
WORDPRESS plugin should be the most troublesome. It has too many APIs, so when you do not know the APIs of WORDPRESS plugin, there is too difficulties in it.
The APIs to be considered for WORDPRESS plugin include:
1. create menu:
1.Create a top-level menu (add_menu_page-> function)
2. create a submenu (add the sub menu to a newly created menu> and have a menu icon)-> add_submenu_page
3. Add a sub-menu to an existing level-1 menu (add_options_page --> function)
2. create widget or gadget
1. Create widgets in the background, including the display, form (), display (), widget (), and update () Methods of the background widgets.
2. Create a widget on the dashboard.
3. widgets are applied together with option
3. add custom meta field
1. build a form (it contains select, text field, multiple text, checkbox, upload file etc .)
2. make custom form field value filled in database.
3. use wordpress ui to beautify the form
4. accomplish Internationalization
5. add plugin security
6. integrate custom table in WORDPRESS
7. manage users
1. add user role
2. add user (add_user_meta, delete_user_meta), modify user, delete user etc.
3. check user permission
8. add new custom type
1. create new type (for example: add music type)
2. add response code
9. create new rewrite rule
1. write a new rule for page path.
8. Add plug-in settings, plug-in deletion, plug-in activation configuration, and a series of actions.
Summary of common hooks:
Action:
Plugins_loaded when the plug-in is loaded
Init occurs when WORDPRESS runs
Wp_head
Wp_foot
Add_admin occurs when you log on to the admin background.
Filter:
The_content when the webpage content is loaded
The_title when the page title is loaded
Sing_template occurs when sing template is applied.
Verify
Number (excluding floating point) Judgment: intval () or is_int () ctype_digit ($ num)
Return (ctype_alpha ($ num ));
// Validate phone numbers like 123-456-7890
Function boj_validate_phone ($ num ){
Return preg_match ('/^ \ d {3}-\ d {3}-\ d {4} $/', $ num );
}
Phone number:
Function boj_validate_phone ($ num ){
Return preg_match ('/^ \ d {3}-\ d {3}-\ d {4} $/', $ num );
}
Email:
sanitize_email:Filtered email address.
for example:
<?php$sanitized_email = sanitize_email(' éric@loremipsum.com!');print $sanitized_email; // will output: 'ric@loremipsum.com'?>
Email judgment:
Is_email (sanitize_email ($ email ))
HTML:
Force_balance_tags: Modify HTML
URL:
Esc_url (): The URL to be cleaned.
Esc_url () converts ampersands and single quotes into HTML entities to make sure
Displaying the URL will not break any output.
$ Url = 'javascript: alert ("XSS ");';
<? Php echo esc_url ($ url );? >
$ Url1 = 'HTTP: // example.com/" <script> alert (\ 'xss \ ') </script> ';
Var_dump (esc_url ($ url1 ));
// String (54) "http://example.com/scriptalert ('xss')/script"
Jump
Wp_redirect ("http://example.com/profile.php? User = $ user ");
SQL Injection Security
Esc_ SQL () escapes content for compression sion into the database, which means it adds backslashes
Before characters that need to be quoted in queries
$ SQL = 'select * FROM 'users' WHERE 'login' = "'. esc_ SQL ($ login ).'"';
// String (55) "SELECT * FROM 'users' WHERE 'login' =" back \ slash ""
Like_escape () takes care of escaping text used in LIKE clses, where special characters
Percent % and ampersand are used:
1: < ?php
2: $pattern = ‘joe’;
3: $like = like_escape( ‘LIKE “%’.$pattern.’%”’ );
4: $sql = ‘SELECT * FROM `users` WHERE `username` ‘.$like;
5: var_dump( $sql );
6: // string(53) “SELECT * FROM `users` WHERE `username` LIKE “\%joe\%””
7: ? >
Sanitize_ SQL _orderby () sanitizes ORDER BY clocses before they are supported ded into
SQL string:
$ Order = sanitize_ SQL _orderby ("$ order_by $ order_sort ");
$ SQL = 'select * FROM 'users' ORDER BY '. $ order;
Var_dump ($ SQL );
// String (45) "SELECT * FROM 'users' order by last_name DESC"
Content filter: strip_tags ($ _ POST ['boj _ mbe_costume '])
Error and configuration prompt information
Add_settings_error
Internationalization constant:
Output in HTML, such as: username: must take into account international-> French, English, Chinese, German, etc.
Esc_attr _ () is the internationalization equivalent of the esc_attr (). It escapes HTML attributes, so anything passed to it won't break
HTML validation standards or open a site up to potential security vulnerabilities.
DEMO:
'<Input type = "button" onclick = "boj_show_alert_box_1 ()" value = "'. esc_attr _ ('Press me! ', 'Boj-alert-box').' "/> ';
Suitable for: Values in input Elements
Esc_html_e () behaves the same as the esc_html _ () function variable t that it displays the translated
Text on the screen instead of returning it. For example, you may be adding a form with some
Default text in a <textarea> but want to make sure no HTML is shown.
DEMO:
<Textarea name = "boj-text" id = "boj-text">
<? Php esc_html_e ('Please input a description. ', 'boj-plugin ');? >
</Textarea>
JS display content internationalization:
Function boj_show_alert_box_1 (){
Alert (boj_alert_box_L10n.boj_box_1 );
}
/* Get script path and file name .*/
$ Script = trailingslashit (plugins_url ('boj-alert-box'). 'boj-alert-box-script.js ';
/* Enqueue our script for use .*/
Wp_enqueue_script ('boj-alert-box', $ script, false, 0.1 );
/* Localize text strings used in the JavaScript file .*/
Wp_localize_script ('boj-alert-box', 'boj _ alert_box_l10n', array (
'Boj _ box_1 '=> _ ('alert boxes are annoying! ', 'Boj-alert-box '),
'Boj _ box_2 '=> _ ('they are really annoying! ', 'Boj-alert-box '),
));
Plug-ins introduce other file paths (including introducing JS, CSS, and images to the plug-in)
Plugin_dir_url
$ Plugin_url = plugin_dir_url (_ FILE __);
// Enqueue script
Wp_enqueue_script ('boj _ script', $ plugin_url. 'js/script. js ');
Integrate the JS files in the plug-in and provide international JS output content
// Enqueue the script, in the footer
Add_action ('template _ redirect ', 'boj _ arm_add_js ');
Function boj_arm_add_js (){
// Enqueue the script
Wp_enqueue_script ('boj _ arm ',
Plugin_dir_url (_ FILE _). 'js/script. js ',
Array ('jquery '), BOJ_ARM_VERSION, true
);
// Get current page protocol
$ Protocol = isset ($ _ SERVER ["HTTPS"])? 'Https: // ': 'http ://';
// Output admin-ajax.php URL with same protocol as current page
$ Params = array (
'Ajaxurl' => admin_url ('admin-ajax. php', $ protocol)
);
Wp_localize_script ('boj _ arm ', 'boj _ arm', $ params );
}
// Css Introduction
Wp_enque_style function we 've used before to include it into a plugin or your theme through the functions. php page:
Include a UI theme into a WordPress theme from the theme's functions. php page using wp_enqueue_style:
...
<? Php
Function addUIstyles (){
Wp_enqueue_style ('ui-theme ', bloginfo ('stylesheet _ directory ')
'/Js/smoothness/jquery-ui-1.8.custom.css', array ('style'), '1. 0', 'screen ');
}
Add_action ('init ', 'adduistyles ');
?>
Including a UI theme into a WordPress plugin using wp_enqueue_style, is
Similar to the above example, but be sure to use WP_PLUGIN_DIR to target
Your plugin directory.
...
Wp_enqueue_style ('ui-theme ', WP_PLUGIN_DIR.
. '/Js/smoothness/jquery-ui-1.8.custom.css ',
Array ('style'), '1. 0', 'screen ');
Function authorCSS (){
// These variables set the url and directory paths:
$ AuthorStyleUrl =
WP_PLUGIN_URL. '/add_author_bio-tbs/authover.css ';
$ AuthorStyleFile =
WP_PLUGIN_DIR. '/add_author_bio-tbs/authover.css ';
// If statement checks that file does exist
If (file_exists ($ authorStyleFile )){
// Registers and evokes the stylesheet
Wp_register_style ('authorstylesheet ', $ authorStyleUrl );
Wp_enqueue_style ('authorstylesheet ');
}
}
Wp_register_style and wp_enqueue_style are generally used in combination.