wordpress插件开发
WordPress, the most popular content management system in the world, is built on a structure that allows users to supplement core functionality with themes that provide visual designs and plugins that provide specific additional functionality.
WordPress是世界上最流行的内容管理系统,其构建结构允许用户用提供视觉设计的主题和提供特定附加功能的插件来补充核心功能。
There are now over 20,000 plugins in the official WordPress repository, all of them free to use. Anyone can upload a plugin, and if it is good it is likely to become very popular. This does, however, carry some risks. What if the plugin is poorly coded and breaks down? What if it’s incompatible with other plugins, the theme being used, or even core functionality? What if – heaven forbid – it has been deliberately set up to place malicious code on your website?
现在,官方WordPress资源库中有超过20,000个插件,所有插件均可免费使用。 任何人都可以上传插件,如果插件不错,它很可能会变得很受欢迎。 但是,这确实带来了一些风险。 如果插件编码不正确怎么办? 如果它与其他插件,使用的主题甚至核心功能不兼容怎么办? 如果-天堂禁止-故意将其放置在您的网站上,该怎么办?
The answer to this question depends upon your personal preference and status of your project. Personally, I prefer to write my own plugins whenever possible. In real life, that isn’t always possible: client requirements, deadlines, capabilities of other team members etc might not allow for that. In such situations, developers understandably consider whether a free plugin can provide the required functionalities.
该问题的答案取决于您的个人喜好和项目状态。 就个人而言,我更愿意尽可能地编写自己的插件。 在现实生活中,这并非总是可能的:客户的要求,截止日期,其他团队成员的能力等可能不允许这样做。 在这种情况下,开发人员可以理解的是,免费插件是否可以提供所需的功能。
It can be easier, faster and more cost-effective for even an experience developer to use a freely available plugin. There is nothing wrong with this, but the developer needs to be aware that there are some considerations that should be taken into account. Once you decide to work with free plugins, you have to consider various factors in choosing the right plugin in order to prevent unexpected behaviour.
即使是经验丰富的开发人员,使用免费提供的插件也可以更轻松,更快,更具成本效益。 这没有错,但是开发人员需要意识到,应该考虑一些注意事项。 一旦决定使用免费插件,就必须考虑各种因素来选择合适的插件,以防止出现意外行为。
There is a group of factors that apply to anyone considering using a free WordPress plugin, whether they are site owners, amateur designers or professional developers.
插件可以由具有良好创意的大型开发机构或独立运营商创建和分发。 无论哪种方式,最终用户和您(作为开发人员)都应寻求清晰,准确和最新的文档,以及从插件开发人员和/或使用插件的社区中获得支持的方法。 较大的代理商可能会有一个提供知识库的网站,一个“常见问题”页面,一个票务系统和/或一个论坛,用户可以在该论坛中众包解决问题。
Smaller or solo plugin developers may provide a blog that covers much the same set of purposes, preferably including a way of contacting the plugin author direct.
规模较小或单独的插件开发人员可能会提供一个博客,该博客涵盖了几乎相同的目的,最好包括直接联系插件作者的方式。
A nontechnical user such as an amateur setting up their own website may consider it worth taking the risk of using a plugin that does not have adequate documentation and support. A professional developer working for a client never should: the consequences could be disastrous for your reputation.
非技术用户(例如,业余爱好者)建立他们自己的网站可能会觉得值得冒险使用没有足够文档和支持的插件。 为客户工作的专业开发人员绝对不应这样做:后果可能对您的声誉造成灾难性的影响。
The factors mentioned in the previous section apply to anyone considering using a free WordPress plugin. However, developers come equipped with skills and information not available to the everyday mortal and they thus carry a greater level of responsibility to check things ordinary users may not even know about.
上一节中提到的因素适用于考虑使用免费WordPress插件的任何人。 但是,开发人员具备了普通凡人无法获得的技能和信息,因此他们承担着更大的责任来检查普通用户甚至不知道的事情。
Never test new plugins in your production environment or any other WordPress installation that is important to you. Instead, try keeping a separate WordPress installation for testing purposes with the default themes and default plugins.
切勿在生产环境或对您重要的任何其他WordPress安装中测试新插件。 相反,请尝试使用默认主题和默认插件为测试目的保留单独的WordPress安装。
Keep your test environment tidy, so you don’t end up with lots of unused plugins that may conflict with each other. Make your testing environment mimic your production environment as closely as possible. Activate the chosen plugin, test it properly and then remove it before testing the next plugin.
保持测试环境整洁,以免最终导致大量未使用的插件相互冲突。 使您的测试环境尽可能地模仿您的生产环境。 激活所选插件,对其进行正确测试,然后在测试下一个插件之前将其删除。
Given that everything works as expected, it’s time to dig into the code and see whether the chosen plugin is suitable to use in your actual applications.
既然一切都按预期工作,那么该是深入研究代码并查看所选插件是否适合在实际应用程序中使用的时候了。
Anyone can upload plugins to WordPress plugin repository as long as it meets the basic plugin submission guidelines. That creates the chance that two or more plugin developers used the same functions and class names, resulting in conflicts at runtime.
只要符合基本插件提交准则,任何人都可以将插件上传到WordPress插件存储库。 这创造了两个或多个插件开发人员使用相同的函数和类名的机会,从而导致运行时发生冲突。
Such conflicts can be avoided by prefixing plugin functions and classes with a plugin related keyword. As a user of such plugins, you should be checking the function names to make sure they are unique at least within your application.
通过为插件函数和类添加与插件相关的关键字作为前缀,可以避免此类冲突。 作为此类插件的用户,您应该检查函数名称,以确保至少在您的应用程序中它们是唯一的。
Consider the following function declarations.
考虑以下函数声明。
不建议 (Not Recommended)
推荐的 (Recommended)
There is no guarantee that prefixing will completely prevent conflicts, but using unique prefixes definitely reduces the chances of having duplicate functions.
不能保证前缀会完全防止冲突,但是使用唯一前缀肯定会减少具有重复功能的机会。
WordPress is flexible enough to create a wide range of web applications using its default table structure. But sometimes we need additional custom tables to provide plugin specific functionalities.
WordPress具有足够的灵活性,可以使用其默认表结构来创建各种Web应用程序。 但是有时我们需要其他定制表来提供特定于插件的功能。
These custom tables are generally created on activation of the plugin. Most developers won’t remove these custom tables on plugin deactivation. Therefore whenever you decide to get rid of an existing plugin, you have to remove the tables from database manually to prevent unnecessary expansion of databases.
这些自定义表通常是在激活插件后创建的。 大多数开发人员不会在停用插件时删除这些自定义表。 因此,无论何时决定放弃现有插件,都必须手动从数据库中删除表,以防止不必要的数据库扩展。
Custom databases should also include the prefix in the config file without hard coding the table names. Consider the following code for proper table naming conventions.
定制数据库还应在配置文件中包含前缀,而无需对表名进行硬编码。 考虑以下代码以获取正确的表命名约定。
不建议 (Not Recommended)
推荐的 (Recommended)
Custom sql queries are needed to access these tables since WordPress does not provide built in methods. WordPress functions used to access data from tables are optimized for better performance. So with custom tables you might have slight performance decreases as they are not optimized.
由于WordPress不提供内置方法,因此需要自定义sql查询才能访问这些表。 用于访问表中数据的WordPress函数经过优化,以实现更好的性能。 因此,对于自定义表,由于未进行优化,因此性能可能会略有下降。
Check whether your plugin uses custom tables and make sure to consider the above guidelines when choosing a plugin.
检查您的插件是否使用自定义表,并确保在选择插件时考虑上述准则。
Security is a big concern in using free plugins. We don’t exactly know the quality of the codes and what developers are doing inside these codes. Therefore it’s important to check whether a plugin contains security holes or spamming content.
使用免费插件是安全性的主要问题。 我们不完全了解代码的质量以及开发人员在这些代码中的工作。 因此,检查插件是否包含安全漏洞或垃圾内容非常重要。
- First we need to look for data validation. If the user input data is not properly validated and sanitized, anyone will be able to enter data causing damage to our sites. 首先,我们需要寻找数据验证。 如果未正确验证和清除用户输入的数据,则任何人都可以输入数据对我们的网站造成损害。
- Then we need to check whether a plugin accesses sensitive data like configuration details and user details, and whether it sends them to third party applications. 然后,我们需要检查插件是否访问敏感数据,例如配置详细信息和用户详细信息,以及是否将其发送给第三方应用程序。
- Also we need to check whether a plugin sends emails to unknown email addresses with data from your database or files. 另外,我们还需要检查插件是否使用您数据库或文件中的数据将电子邮件发送到未知电子邮件地址。
- Some developers insert spamming content like social profile links of developer, websites, affiliate ads and links with the plugin generated output. Make sure to remove such things from the code or avoid using such plugins. 一些开发人员会插入垃圾内容,例如开发人员,网站,会员广告的社交资料链接以及带有插件生成的输出的链接。 确保从代码中删除此类内容,或避免使用此类插件。
These are only few of the security concerns that plugins will have in its code. When you find something malicious in plugin codes, make sure to share it with the community to prevent other users from using such plugins.
这些只是插件代码中涉及的安全性问题中的少数。 当您发现插件代码中存在恶意内容时,请确保与社区共享,以防止其他用户使用此类插件。
WordPress plugin developers use options to retain settings and other important information related to plugins. These options are stored in the default table.
WordPress插件开发人员使用选项来保留设置和与插件相关的其他重要信息。 这些选项存储在默认的表中。
Plugins that use the same keys for its options are hard to manage without conflicts, similar to the issue with function names and classes names. It’s worse in this scenario since two duplicate option keys may not generate visible errors but be in conflict. It can be extremely difficult to figure out the exact issue.
使用相同键作为其选项的插件很难管理而不会发生冲突,这类似于函数名和类名的问题。 在这种情况下,情况更糟,因为两个重复的选项键可能不会产生可见错误,但会发生冲突。 找出确切的问题可能非常困难。
Consider following codes for creating plugin options.
考虑以下用于创建插件选项的代码。
不建议 (Not Recommended)
推荐的 (Recommended)
Unfortunately, the only solution I know of to this problem is to manually check whether a plugin uses prefixes for its option keys.
不幸的是,我对此问题唯一了解的解决方案是手动检查插件是否为其选项键使用前缀。
Inexperienced WordPress developers tend to load their CSS and JavaScripts files directly inside the plugin. That can cause problems.
没有经验的WordPress开发人员倾向于直接在插件内部加载其CSS和JavaScripts文件。 那会引起问题。
- Duplicate CSS and JavaScript files 重复CSS和JavaScript文件
- Increased page loading time and possibility of breaking the code. 页面加载时间增加,并且有可能破坏代码。
- Includes files everywhere inside the page 在页面内各处都包含文件
On the other hand, experienced developers will use action to load the files. It checks whether a library is already loaded and has any dependencies before including it in the page, preventing any duplicates.
另一方面,经验丰富的开发人员将使用操作加载文件。 它在将库包括在页面中之前检查库是否已经加载并具有任何依赖项,以防止任何重复。
Consider the following codes for including scripts and styles.
考虑以下代码以包括脚本和样式。
不建议 (Not Recommended)
推荐的 (Recommended)
So, you should prefer to use plugins with more organized scripts and styles loading section to prevent maintenance issues.
因此,您应该更喜欢使用包含更多有组织脚本和样式加载部分的插件来防止维护问题。
Everything included in this article here is based on my own experiences with WordPress development. I’m not aware of anyone, from committed amateur to experienced professional, who has the required experience of every available plugin and how they will operate in every possible production environment. That’s probably not even possible.
本文中包含的所有内容均基于我对WordPress开发的经验。 我不了解任何人,从忠实的业余爱好者到经验丰富的专业人士,他们都不具备每个可用插件的必备经验,以及如何在每种可能的生产环境中运行。 那可能甚至不可能。
What is possible is to draw upon your professional knowledge of how code works to give yourself and your client the best possible chance to avoid issues with free WordPress plugins. There is an added responsibility to share your knowledge with others. If you detect an issue that may affect how others make use of a plugin, let the world know. Probably the best way is through the avenues provided by the plugin developer, but you should also consider just contacting the plugin author and letting them know what you found out.
可能的是,利用您对代码工作原理的专业知识,为自己和您的客户提供最大的机会来避免免费WordPress插件出现问题。 与他人共享您的知识还有额外的责任。 如果您发现可能会影响其他人如何使用插件的问题,请让全世界知道。 最好的方法可能是通过插件开发人员提供的途径,但是您还应该考虑与插件作者联系,并让他们知道您的发现。
I invite WordPress developers to join this conversation and include their personal experiences in using free plugins. Whate are your personal pros and cons? Have you worked out your own procedural guidelines and safety practices? Do you have rules about plugins you will or won’t use?
我邀请WordPress开发人员加入此对话,并在使用免费插件时包括他们的个人经验。 您的个人利弊是什么? 您是否制定了自己的程序指南和安全规范? 您是否有关于将要使用或将不会使用的插件的规则?
I look forward to your comments and suggestions.
我期待着您的意见和建议。
翻译自: https://www.sitepoint.com/a-developers-guide-to-using-free-wordpress-plugins/