O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Building Web Apps with WordPress, 2nd Edition

Book Description

WordPress is much more than a blogging platform. As this practical guide clearly demonstrates, you can use WordPress to build web apps of any type—not mere content sites, but full-blown apps for specific tasks. If you have PHP experience with a smattering of HTML, CSS, and JavaScript, you’ll learn how to use WordPress plugins and themes to develop fast, scalable, and secure web apps, native mobile apps, web services, and even a network of multiple WordPress sites.

In the book's updated second edition, the authors use examples from their recently released SchoolPress app to explain concepts and techniques throughout the book. All code examples are available on GitHub.

  • Compare WordPress with traditional app development frameworks
  • Use themes for views, and plugins for backend functionality
  • Get suggestions for choosing WordPress plugins—or build your own
  • Manage user accounts and roles, and access user data
  • Build asynchronous behaviors in your app with jQuery
  • Develop native apps for iOS and Android, using wrappers
  • Incorporate PHP libraries, external APIs, and web service plugins
  • Collect payments through ecommerce and membership plugins
  • Use techniques to speed up and scale your WordPress app

Table of Contents

  1. Preface
    1. Who This Book Is For
    2. Who This Book Is Not For
    3. What You’ll Learn
    4. About the Code
    5. Conventions Used in This Book
    6. Using Code Examples
    7. O’Reilly Safari
    8. How to Contact Us
    9. Acknowledgments
  2. Foreword
  3. 1. Building Web Apps with WordPress
    1. What Is a Website?
    2. What Is an App?
    3. What Is a Web App?
      1. Features of a Web App
    4. Why Use WordPress?
      1. You Are Already Using WordPress
      2. Content Management Is Easy with WordPress
      3. User Management Is Easy and Secure with WordPress
      4. Plugins
      5. Flexibility Is Important
      6. Frequent Security Updates
      7. Cost
      8. .NET App
      9. WordPress App
      10. Responses to Some Common Criticisms of WordPress
    5. When Not to Use WordPress
      1. You Plan to License or Sell Your Site’s Technology
      2. There Is Another Platform That Will Get You “There” Faster
      3. Flexibility Is NOT Important to You
      4. Your App Needs to Be Highly Real Time
    6. WordPress as an Application Framework
      1. WordPress Versus MVC Frameworks
    7. Anatomy of a WordPress App
      1. What Is SchoolPress?
      2. SchoolPress Runs on a WordPress Multisite Network
      3. The SchoolPress Business Model
      4. Membership Levels and User Roles
      5. Classes Are BuddyPress Groups
      6. Assignments Are a Custom Post Type
      7. Submissions Are a (Sub)CPT for Assignments
      8. Semesters Are a Taxonomy on the Class CPT
      9. Departments Are a Taxonomy on the Class CPT
      10. SchoolPress Has One Main Custom Plugin
      11. SchoolPress Uses a Few Other Custom Plugins
      12. SchoolPress Uses the Memberlite Theme
  4. 2. WordPress Basics
    1. WordPress Directory Structure
      1. Root Directory
      2. /wp-admin
      3. /wp-includes
      4. /wp-content
    2. WordPress Database Structure
      1. wp_options
      2. Functions Found in /wp-includes/option.php
      3. wp_users
      4. Functions Found in /wp-includes/…
      5. wp_usermeta
      6. wp_posts
      7. Functions found in /wp-includes/post.php
      8. wp_postmeta
      9. Functions Found in /wp-includes/post.php
      10. wp_comments
      11. Functions Found in /wp-includes/comment.php
      12. wp_commentsmeta
      13. Functions Found in /wp-includes/comment.php
      14. wp_terms
      15. Functions Found in /wp-includes/taxonomy.php
      16. wp_termmeta
      17. wp_term_taxonomy
      18. /wp-includes/taxonomy.php
      19. wp_term_relationships
    3. Hooks: Actions and Filters
      1. Actions
      2. Filters
    4. Development and Hosting Environments
      1. Working Locally
      2. Choosing a Web Host
      3. Development, Staging, and Production Environments
    5. Extending WordPress
  5. 3. Leveraging WordPress Plugins
    1. The GPLv2 License
    2. Installing WordPress Plugins
    3. Building Your Own Plugin
    4. File Structure for an App Plugin
      1. /adminpages/
      2. /classes/
      3. /css/
      4. /js/
      5. /images/
      6. /includes/
      7. /includes/lib/
      8. /pages/
      9. /services/
      10. /scheduled/
      11. /schoolpress.php
    5. Add-Ons to Existing Plugins
    6. Use Cases and Examples
      1. The WordPress Loop
      2. WordPress Global Variables
    7. Free Plugins
      1. BadgeOS
      2. Custom Post Type UI
      3. Posts 2 Posts
      4. Members
      5. W3 Total Cache
      6. Yoast SEO
    8. Premium Plugins
      1. Gravity Forms
      2. Backup Buddy
      3. WP All Import
    9. Community Plugins
      1. BuddyPress
  6. 4. Themes
    1. Themes Versus Plugins
      1. When Developing Apps
      2. When Developing Plugins
      3. When Developing Themes
    2. The Template Hierarchy
    3. Page Templates
      1. Sample Page Template
      2. Using Hooks to Copy Templates
      3. When to Use a Theme Template
    4. Theme-Related WP Functions
      1. Using locate_template in Your Plugins
    5. Style.css
      1. Versioning Your Theme’s CSS Files
    6. Functions.php
    7. Themes and Custom Post Types
    8. Popular Theme Frameworks
      1. WP Theme Frameworks
      2. Non-WP Theme Frameworks
    9. Creating a Child Theme for Memberlite
    10. Including Bootstrap in Your App’s Theme
    11. Menus
      1. Nav Menus
      2. Dynamic Menus
    12. Responsive Design
      1. Device and Display Detection in CSS
      2. Device and Feature Detection in JavaScript
      3. Device Detection in PHP
      4. Final Note on Browser Detection
  7. 5. Custom Post Types, Post Metadata, and Taxonomies
    1. Default Post Types and Custom Post Types
      1. Page
      2. Post
      3. Attachment
      4. Revisions
      5. Nav Menu Item
    2. Defining and Registering Custom Post Types
      1. register_post_type( $post_type, $args );
    3. What Is a Taxonomy and How Should I Use It?
      1. Taxonomies Versus Post Meta
      2. Creating Custom Taxonomies
      3. register_taxonomy( $taxonomy, $object_type, $args )
      4. register_taxonomy_for_object_type( $taxonomy, $object_type )
    4. Using Custom Post Types and Taxonomies in Your Themes and Plugins
      1. The Theme Archive and Single Template Files
      2. Good Old WP_Query and get_posts()
    5. Metadata with CPTs
      1. add_meta_box( $id, $title, $callback, $screen, $context, $priority, $callback_args )
    6. Custom Wrapper Classes for CPTs
      1. Extending WP_Post Versus Wrapping It
      2. Why Use Wrapper Classes?
      3. Keep Your CPTs and Taxonomies Together
      4. Keep It in the Wrapper Class
      5. Wrapper Classes Read Better
  8. 6. Users, Roles, and Capabilities
    1. Getting User Data
    2. Add, Update, and Delete Users
    3. Hooks and Filters
    4. What Are Roles and Capabilities?
      1. Checking a User’s Role and Capabilities
      2. Creating Custom Roles and Capabilities
    5. Extending the WP_User Class
    6. Adding Registration and Profile Fields
    7. Customizing the Users Table in the Dashboard
    8. Plugins
      1. Theme My Login
      2. Hide Admin Bar from Non-Admins
      3. Paid Memberships Pro
      4. PMPro Register Helper
      5. Members
  9. 7. Working with WordPress APIs, Objects, and Helper Functions
    1. Shortcode API
      1. Shortcode Attributes
      2. Nested Shortcodes
      3. Removing Shortcodes
      4. Other Useful Shortcode-Related Functions
    2. Widgets API
      1. Before You Add Your Own Widget
      2. Adding Widgets
      3. Defining a Widget Area
      4. Embedding a Widget Outside of a Dynamic Sidebar
    3. Dashboard Widgets API
      1. Removing Dashboard Widgets
      2. Adding Your Own Dashboard Widget
    4. Settings API
      1. Do You Really Need a Settings Page?
      2. Could You Use a Hook or Filter Instead?
      3. Use Standards When Adding Settings
      4. Ignore Standards When Adding Settings
    5. Rewrite API
      1. Adding Rewrite Rules
      2. Flushing Rewrite Rules
      3. Other Rewrite Functions
    6. WP-Cron
      1. Adding Custom Intervals
      2. Scheduling Single Events
      3. Kicking Off Cron Jobs from the Server
      4. Using Server Crons Only
    7. WP Mail
      1. Sending Nicer Emails with WordPress
    8. File Header API
      1. Adding File Headers to Your Own Files
      2. Adding New Headers to Plugins and Themes
  10. 8. Secure WordPress
    1. Why It’s Important
    2. Security Basics
      1. Update Frequently
      2. Don’t Use the Username “admin”
      3. Use a Strong Password
      4. Examples of Bad Passwords
      5. Examples of Good Passwords
    3. Hardening Your WordPress Install
      1. Don’t Allow Admins to Edit Plugins or Themes
      2. Change Default Database Tables Prefix
      3. Move wp-config.php
      4. Hide Login Error Messages
      5. Hide Your WordPress Version
      6. Don’t Allow Logins via wp-login.php
      7. Add Custom .htaccess Rules for Locking Down wp-admin
    4. SSL Certificates and HTTPS
      1. Installing an SSL Certificate on Your Server
      2. WordPress Login and WordPress Admin over SSL
      3. Debugging HTTPS Issues
      4. Avoiding SSL Errors with the “Nuclear Option”
    5. Backup Everything!
    6. Scan Scan Scan!
    7. Useful Security Plugins
      1. Spam-Blocking Plugins
      2. Backup Plugins
      3. Firewall/Scanner Plugins
      4. Login and Password-Protection Plugins
    8. Writing Secure Code
      1. Check User Capabilities
      2. Custom SQL Statements
      3. Data Validation, Sanitization, and Escaping
      4. Nonces
  11. 9. JavaScript Frameworks and Workflow
    1. What is ECMAScript
    2. What is ES6
    3. What is ES9
    4. What Is AJAX?
    5. What Is JSON?
    6. jQuery and WordPress
      1. Enqueuing Other JavaScript Libraries
      2. Where to Put Your Custom JavaScript
    7. AJAX Calls with WordPress and jQuery
    8. Managing Multiple AJAX Requests
    9. Heartbeat API
      1. Initialization
      2. Client-side JavaScript
      3. Server-side PHP
      4. Initialization
      5. Client-side JavaScript
      6. Server-side PHP
    10. WordPress Limitations with Asynchronous Processing
    11. Backbone.js
  12. 10. WordPress REST API
    1. What is a REST API?
      1. API
      2. REST
      3. HTTP Methods
      4. JSON
    2. Why Use the WP REST API?
    3. Using the WP REST API V2
      1. Discovery
      2. Authentication
      3. Routes/Endpoints
      4. Requests
      5. Responses
      6. Schema
      7. Controller Classes
    4. Example: Using a Core API Endpoint
    5. Example: Adding Your Own Routes and Endpoints
      1. Plugins using the WP REST API
  13. 11. WordPress Multisite Networks
    1. Why Multisite?
    2. Setting Up a Multisite Network
    3. Managing a Multisite Network
      1. Dashboard
      2. Sites
      3. Users
      4. Themes
      5. Plugins
      6. Settings
      7. Updates
    4. Multisite Database Structure
      1. Network-Wide Tables
      2. Individual Site Tables
      3. Shared Site Tables
    5. Domain Mapping
      1. Hosting
      2. Plugins
    6. Random Useful Multisite Plugins
      1. Gravity Forms User Registration Add-On
      2. Blog Copier
      3. More Privacy Options
      4. Multisite Global Search
      5. Multisite Robots.txt Manager
    7. Basic Multisite Functionality
      1. $blog_id
      2. is_multisite()
      3. get_current_blog_id()
      4. switch_to_blog( $new_blog )
      5. restore_current_blog()
      6. get_blog_details( $fields = null, $get_all = true )
      7. update_blog_details( $blog_id, $details = array() )
      8. get_blog_status( $id, $pref )
      9. update_blog_status( $blog_id, $pref, $value )
      10. get_blog_option( $id, $option, $default = false )
      11. update_blog_option( $id, $option, $value )
      12. delete_blog_option( $id, $option )
      13. get_blog_post( $blog_id, $post_id )
      14. add_user_to_blog( $blog_id, $user_id, $role )
      15. create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 )
      16. Functions We Didn’t Mention
  14. 12. Localizing WordPress Apps
    1. Do You Even Need to Localize Your App?
    2. How Localization Is Done in WordPress
    3. Defining Your Locale in WordPress
    4. Text Domains
      1. Setting the Text Domain
    5. Prepping Your Strings with Translation Functions
      1. __($text, $domain = “default”)
      2. _e($text, $domain = “default”)
      3. _x($text, $context, $domain = “default”)
      4. _ex($title, $context, $domain = “default”)
      5. Escaping and Translating at the Same Time
    6. Creating and Loading Translation Files
      1. Our File Structure for Localization
      2. Generating a .pot File
      3. Creating a .po File
      4. Creating a .mo File
    7. GlotPress
      1. Using GlotPress for Your WordPress.org Plugins and Themes
      2. Creating Your Own GlotPress Server
  15. 13. WordPress Optimization and Scaling
    1. Terms
    2. Origin Versus Edge
    3. Testing
      1. What to Test
      2. Chrome Debug Bar
      3. Apache Bench
      4. Siege
      5. Blitz.io
    4. W3 Total Cache
      1. Page Cache Settings
      2. Minify
      3. Database Caching
      4. Object Cache
      5. CDNs
      6. GZIP Compression
    5. Hosting
      1. WordPress-Specific Hosts
      2. Rolling Your Own Server
    6. Selective Caching
      1. The Transient API
      2. Multisite Transients
    7. Using JavaScript to Increase Performance
    8. Custom Tables
    9. Bypassing WordPress
  16. 14. Ecommerce
    1. Choosing a Plugin
      1. WooCommerce
      2. Paid Memberships Pro
      3. Easy Digital Downloads
    2. Payment Gateways
    3. Merchant Accounts
    4. Setting Up Software as a Service (SaaS) with Paid Memberships Pro
    5. The Software as a Service Model
      1. Step 0: Figure Out How You Want to Charge for Your App
      2. Step 1: Installing and Activating Paid Memberships Pro
      3. Step 2: Setting Up the Level
      4. Step 3: Setting Up Pages
      5. Step 4: Payment Settings
      6. Step 5: Email Settings
      7. Step 6: Advanced Settings
      8. Step 7: Locking Down Pages
      9. Step 8: Customizing Paid Memberships Pro