O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Building Web Apps with WordPress, 2nd Edition

Book Description

WordPress is much more than a blogging platform. If you have basic PHP, HTML, CSS, and JavaScript experience you can use WordPress to develop fast, scalable, secure, and highly customized web apps, mobile apps, web services, and multisite networks of websites. Along with core WordPress functions and database schema, you’ll learn how to build custom plugins, themes, and services for just about any kind of web or mobile application.

In this updated second edition, Brian Messenlehner and Jason Coleman cover new features and functionality added to WordPress up to version 5.4. All code examples in the book are available on GitHub.

  • Compare WordPress with traditional app development frameworks
  • Use themes for views and plugins for backend functionality
  • Get suggestions for choosing or building WordPress plugins
  • Register custom post types (CPTs) and taxonomies
  • Manage user accounts and roles, and access user data
  • Build asynchronous behaviors with jQuery
  • Use WordPress to develop mobile apps for iOS and Android
  • Integrate PHP libraries, external APIs, and web service plugins
  • Collect payments through ecommerce and membership plugins
  • Learn how to speed up and scale your WordPress app
  • Extend the WordPress REST API and create custom endpoints
  • Learn about WordPress Gutenberg blocks development

Table of Contents

  1. Foreword
  2. Preface
    1. Who This Book Is For
    2. Who This Book Is Not For
    3. What You’ll Learn
    4. About the Code
    5. Conventions Used in This Book
    6. Using Code Examples
    7. O’Reilly Online Learning
    8. How to Contact Us
    9. Acknowledgments
  3. 1. Building Web Apps with WordPress
    1. What Is a Website?
    2. What Is an App?
    3. What Is a Web App?
      1. Features of a Web App
      2. Mobile Apps
      3. Progressive Web Apps
    4. Why Use WordPress?
      1. You Are Already Using WordPress
      2. Content Management Is Easy with WordPress
      3. User Management Is Easy and Secure with WordPress
      4. Plugins
      5. Flexibility Is Important
      6. Frequent Security Updates
      7. Cost
      8. Responses to Some Common Criticisms of WordPress
    5. When Not to Use WordPress
      1. You Plan to License or Sell Your Site’s Technology
      2. Another Platform Will Get You “There” Faster
      3. Flexibility Is Not Important to You
      4. Your App Needs to Be Highly Real Time
    6. WordPress as an Application Framework
      1. WordPress Versus Model-View-Controller Frameworks
    7. Anatomy of a WordPress App
      1. What Is SchoolPress?
      2. SchoolPress Runs on a WordPress Multisite Network
      3. The SchoolPress Business Model
      4. Membership Levels and User Roles
      5. Classes Are BuddyPress Groups
      6. Assignments Are a CPT
      7. Submissions Are a (Sub)CPT for Assignments
      8. Semesters Are a Taxonomy on the Class CPT
      9. Departments Are a Taxonomy on the Class CPT
      10. SchoolPress Has One Main Custom Plugin
      11. SchoolPress Uses a Few Other Custom Plugins
      12. SchoolPress Uses the Memberlite Theme
  4. 2. WordPress Basics
    1. WordPress Directory Structure
      1. Root Directory
      2. /wp-admin
      3. /wp-includes
      4. /wp-content
    2. WordPress Database Structure
      1. wp_options
      2. Functions Found in /wp-includes/option.php
      3. wp_users
      4. Functions Found in /wp-includes/…
      5. wp_usermeta
      6. wp_posts
      7. Functions Found in /wp-includes/post.php
      8. wp_postmeta
      9. Functions Found in /wp-includes/post.php
      10. wp_comments
      11. Functions Found in /wp-includes/comment.php
      12. wp_commentsmeta
      13. Functions Found in /wp-includes/comment.php
      14. wp_terms
      15. Functions Found in /wp-includes/taxonomy.php
      16. wp_termmeta
      17. wp_term_taxonomy
      18. /wp-includes/taxonomy.php
      19. wp_term_relationships
    3. Hooks: Actions and Filters
      1. Actions
      2. Filters
    4. Development and Hosting Environments
      1. Working Locally
      2. Choosing a Web Host
      3. Development, Staging, and Production Environments
    5. Extending WordPress
  5. 3. Using WordPress Plugins
    1. The General Public License, Version 2, License
    2. Installing WordPress Plugins
    3. Building Your Own Plugin
    4. File Structure for an App Plugin
      1. /adminpages/
      2. /classes/
      3. /css/
      4. /js/
      5. /images/
      6. /includes/
      7. /includes/lib/
      8. /pages/
      9. /services/
      10. /scheduled/
      11. /schoolpress.php
    5. Add-Ons to Existing Plugins
    6. Use Cases and Examples
      1. The WordPress Loop
      2. WordPress Global Variables
    7. Free Plugins
      1. Admin Columns
      2. Advanced Custom Fields
      3. BadgeOS
      4. Posts 2 Posts
      5. Members
      6. W3 Total Cache
      7. Yoast SEO
    8. Premium Plugins
      1. Gravity Forms
      2. BackupBuddy
      3. WP All Import
    9. Community Plugins
      1. BuddyPress
  6. 4. Themes
    1. Themes Versus Plugins
      1. Where to Place Code When Developing Apps
      2. When Developing Plugins
      3. Where to Place Code When Developing Themes
    2. The Template Hierarchy
    3. Page Templates
      1. Sample Page Template
      2. Using Hooks to Copy Templates
      3. When Should You Use a Theme Template?
    4. Theme-Related WordPress Functions
      1. Using locate_template in Your Plugins
    5. Style.css
      1. Versioning Your Theme’s CSS Files
    6. functions.php
    7. Themes and CPTs
    8. Popular Theme Frameworks
      1. WordPress Theme Frameworks
      2. Non-WordPress Theme Frameworks
    9. Creating a Child Theme for Memberlite
    10. Including Bootstrap in Your App’s Theme
    11. Menus
      1. Navigation Menus
      2. Dynamic Menus
    12. Responsive Design
      1. Device and Display Detection in CSS
      2. Device and Feature Detection in JavaScript
      3. Device Detection in PHP
      4. Final Note on Browser Detection
  7. 5. Custom Post Types, Post Metadata, and Taxonomies
    1. Default Post Types and CPTs
      1. Page
      2. Post
      3. Attachment
      4. Revisions
      5. Navigation Menu Item
      6. Custom CSS
      7. Changesets
      8. oEmbed Cache
      9. User Requests
      10. Reusable Blocks
    2. Defining and Registering CPTs
      1. register_post_type( $post_type, $args );
    3. What Is a Taxonomy and How Should I Use It?
      1. Taxonomies Versus Post Meta
      2. Creating Custom Taxonomies
      3. register_taxonomy( $taxonomy, $object_type, $args )
      4. register_taxonomy_for_object_type( $taxonomy, $object_type )
    4. Using CPTs and Taxonomies in Your Themes and Plugins
      1. The Theme Archive and Single Template Files
      2. Good Old WP_Query and get_posts()
    5. Metadata with CPTs
      1. add_meta_box( $id, $title, $callback, $screen, $context, $priority, $callback_args )
      2. Using Meta Boxes with the Block Editor
    6. Custom Wrapper Classes for CPTs
      1. Extending WP_Post Versus Wrapping It
      2. Why Use Wrapper Classes?
      3. Keep Your CPTs and Taxonomies Together
      4. Keep It in the Wrapper Class
      5. Wrapper Classes Read Better
  8. 6. Users, Roles, and Capabilities
    1. Getting User Data
    2. Add, Update, and Delete Users
    3. Hooks and Filters
    4. What Are Roles and Capabilities?
      1. Checking a User’s Role and Capabilities
      2. Creating Custom Roles and Capabilities
    5. Extending the WP_User Class
    6. Adding Registration and Profile Fields
    7. Customizing the Users Table in the Dashboard
    8. Plugins
      1. Theme My Login
      2. Hide the Admin Bar from Nonadministrators
      3. Paid Memberships Pro
      4. PMPro Register Helper
      5. Members
      6. WP User Fields
  9. 7. Working with WordPress APIs, Objects, and Helper Functions
    1. Shortcode API
      1. Shortcode Attributes
      2. Nested Shortcodes
      3. Removing Shortcodes
      4. Other Useful Shortcode-Related Functions
    2. Widgets API
      1. Before You Add Your Own Widget
      2. Adding Widgets
      3. Defining a Widget Area
      4. Embedding a Widget Outside of a Dynamic Sidebar
    3. Dashboard Widgets API
      1. Removing Dashboard Widgets
      2. Adding Your Own Dashboard Widget
    4. Settings API
      1. Do You Really Need a Settings Page?
      2. Could You Use a Hook or Filter Instead?
      3. Use Standards When Adding Settings
      4. Ignore Standards When Adding Settings
    5. Rewrite API
      1. Adding Rewrite Rules
      2. Flushing Rewrite Rules
      3. Other Rewrite Functions
    6. WP-Cron
      1. Adding Custom Intervals
      2. Scheduling Single Events
      3. Kicking Off Cron Jobs from the Server
      4. Using Server Crons Only
    7. WP Mail
      1. Sending Nicer Emails with WordPress
    8. File Header API
      1. Adding File Headers to Your Own Files
      2. Adding New Headers to Plugins and Themes
    9. Heartbeat API
  10. 8. Secure WordPress
    1. Why It’s Important
    2. Security Basics
      1. Update Frequently
      2. Don’t Use the Username “admin”
      3. Use a Strong Password
      4. Examples of Bad Passwords
      5. Examples of Good Passwords
    3. Hardening WordPress
      1. Don’t Allow Admins to Edit Plugins or Themes
      2. Change Default Database Tables Prefix
      3. Move wp-config.php
      4. Hide Login Error Messages
      5. Hide Your WordPress Version
      6. Don’t Allow Logins via wp-login.php
      7. Add Custom .htaccess Rules for Locking Down wp-admin
    4. SSL Certificates and HTTPS
      1. Installing an SSL Certificate on Your Server
      2. WordPress Login and WordPress Administrator over SSL
      3. Debugging HTTPS Issues
      4. Avoiding SSL Errors with the “Nuclear Option”
    5. Back Up Everything!
    6. Scan, Scan, Scan!
    7. Useful Security Plugins
      1. Spam-Blocking Plugins
      2. Backup Plugins
      3. Firewall/Scanner Plugins
      4. Login and Password-Protection Plugins
    8. Writing Secure Code
      1. Check User Capabilities
      2. Custom SQL Statements
      3. Data Validation, Sanitization, and Escaping
      4. Nonces
  11. 9. JavaScript Frameworks and Workflow
    1. What Is ECMAScript?
    2. What Is ES6?
    3. What Is ES9?
    4. What Is ESNext?
    5. What Is Ajax?
    6. What Is JSON?
    7. jQuery and WordPress
      1. Enqueuing Other JavaScript Libraries
      2. Where to Put Your Custom JavaScript
    8. Ajax Calls with WordPress and jQuery
    9. Managing Multiple Ajax Requests
    10. Heartbeat API
    11. WordPress Limitations with Asynchronous Processing
    12. JavaScript Frameworks
      1. Backbone.js
      2. React
  12. 10. WordPress REST API
    1. What Is a REST API?
      1. API
      2. REST
      3. JSON
      4. HTTP
    2. Why Use the WordPress REST API?
    3. Using the WordPress REST API V2
      1. Discovery
      2. Authentication
      3. Routes and Endpoints
      4. Requests
      5. Responses
    4. Adding Your Own Routes and Endpoints
      1. register_rest_route( $namespace, $route, $args, $override );
      2. Setting Up the WordPress Single Sign-On Plugin
      3. Adding the /wp-sso/v1/check Route
      4. Bundling Basic Authentication with Our Plugin
      5. Using the Endpoint We Set Up to Check User Credentials
    5. Popular Plugins Using the WordPress REST API
      1. WooCommerce
      2. BuddyPress
      3. Paid Memberships Pro
  13. 11. Project Gutenberg, Blocks, and Custom Block Types
    1. The WordPress Editor
    2. The Classic Editor Plugin
    3. Using Blocks for Content and Design
    4. Using Blocks for Functionality
    5. Creating Your Own Blocks
      1. Minimal Block Example
    6. Using Custom Blocks to Build App Experiences
      1. Enabling the Block Editor in Your CPTs
      2. Block Categories
      3. The Homework Blocks
      4. Limiting Blocks to Specific CPTs
      5. Limiting CPTs to Specific Blocks
      6. Block Templates
      7. Saving Block Data to Post Meta
    7. Tips
      1. Enable WP_SCRIPT_DEBUG
      2. Use filemtime() for the Script Version
      3. More Tips
      4. Learn JavaScript, Node.js, and React More Deeply
  14. 12. WordPress Multisite Networks
    1. Why Multisite?
    2. Why Not Multisite?
    3. Multisite Alternatives
      1. Multiple Authors or Categories on the Same WordPress Site
      2. Custom Post Types
      3. Totally Separate Sites
      4. Use a WordPress Maintenance Service
      5. Multitenancy
    4. Setting Up a Multisite Network
    5. Managing a Multisite Network
      1. Dashboard
      2. Sites
      3. Users
      4. Themes
      5. Plugins
      6. Settings
      7. Updates
    6. Multisite Database Structure
      1. Networkwide Tables
      2. Individual Site Tables
      3. Shared Site Tables
    7. Domain Mapping
    8. Random Useful Multisite Plugins
      1. Gravity Forms User Registration Add-On
      2. Member Network Sites Add-On for Paid Memberships Pro
      3. More Privacy Options
      4. Multisite Global Media
      5. Multisite Plugin Manager
      6. Multisite Global Search
      7. Multisite Robots.txt Manager
      8. NS Cloner: Site Copier
      9. WP Multi Network
    9. Basic Multisite Functionality
      1. $blog_id
      2. is_multisite()
      3. get_current_blog_id()
      4. switch_to_blog( $new_blog )
      5. restore_current_blog()
      6. get_blog_details( $fields = null, $get_all = true )
      7. update_blog_details( $blog_id, $details = array() )
      8. get_blog_status( $id, $pref )
      9. update_blog_status( $blog_id, $pref, $value )
      10. get_blog_option( $id, $option, $default = false )
      11. update_blog_option( $id, $option, $value )
      12. delete_blog_option( $id, $option )
      13. get_blog_post( $blog_id, $post_id )
      14. add_user_to_blog( $blog_id, $user_id, $role )
      15. wpmu_delete_user( $user_id )
      16. create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 )
      17. Functions We Didn’t Mention
  15. 13. Localizing WordPress Apps
    1. Do You Even Need to Localize Your App?
    2. How Localization Is Done in WordPress
    3. Defining Your Locale in WordPress
    4. Text Domains
      1. Setting the Text Domain
    5. Prepping Your Strings with Translation Functions
      1. __( $text, $domain = “default” )
      2. _e( $text, $domain = “default” )
      3. _x( $text, $context, $domain = “default” )
      4. _ex( $title, $context, $domain = “default” )
      5. Escaping and Translating at the Same Time
    6. Creating and Loading Translation Files
      1. Our File Structure for Localization
      2. Generating a .pot File
      3. Creating a .po File
      4. Creating a .mo File
    7. GlotPress
      1. Using GlotPress for Your WordPress.org Plugins and Themes
      2. Creating Your Own GlotPress Server
  16. 14. WordPress Optimization and Scaling
    1. Terms
    2. Origin Versus Edge
    3. Testing
      1. What to Test
      2. Chrome Debug Bar
      3. The WordPress Site Health Tool
      4. Apache Bench
      5. Siege
    4. W3 Total Cache
      1. Page Cache Settings
      2. Minify
      3. Database Caching
      4. Object Cache
      5. CDNs
      6. GZIP Compression
    5. Hosting
      1. WordPress-Specific Hosts
      2. Rolling Your Own Server
    6. Selective Caching
      1. The Transient API
      2. Multisite Transients
    7. Using JavaScript to Increase Performance
    8. Custom Tables
    9. Bypassing WordPress
  17. 15. Ecommerce
    1. Choosing a Plugin
      1. WooCommerce
      2. Paid Memberships Pro
      3. Easy Digital Downloads
    2. Payment Gateways
    3. Merchant Accounts
    4. Setting Up SaaS with Paid Memberships Pro
    5. The SaaS Model
      1. Step 0: Establishing How You Want to Charge for Your App
      2. Step 1: Installing and Activating Paid Memberships Pro
      3. Step 2: Setting Up the Level
      4. Step 3: Setting Up Pages
      5. Step 4: Choosing Payment Settings
      6. Step 5: Choosing Email Settings
      7. Step 6: Choosing Advanced Settings
      8. Step 7: Locking Down Pages
      9. Step 8: Customizing Paid Memberships Pro
  18. 16. Mobile Apps Powered by WordPress
    1. Mobile App Use Cases
    2. Native and Hybrid Mobile Apps
      1. What Is a Native Mobile App?
      2. What Is a Hybrid Mobile App?
      3. Why Hybrid over Native?
      4. Cordova
      5. Ionic Framework
      6. App Wrapper
      7. AppPresser
  19. 17. PHP Libraries, Web Service Integrations, and Platform Migrations
    1. PHP Libraries
      1. Image Generation and Manipulation
      2. PDF Generation
      3. Geolocation and Geotargeting
      4. File Compression and Archiving
      5. Developer Tools
    2. External APIs and Web Services
      1. Elasticsearch
      2. ElasticPress by 10up
      3. Google Vision
      4. Google Maps
      5. Google Translate
      6. Twilio
      7. Other Popular APIs
    3. Migrations
      1. Host Migrations
      2. Platform Migrations
      3. Create a Data Mapping Guide
  20. 18. The Future
    1. Where We’ve Been
    2. The REST API
      1. WordPress Plugins Will Focus More on APIs
      2. Headless WordPress
      3. GraphQL
    3. Gutenberg
      1. The Administrator Interface Will Move to React/Gutenberg
      2. Gutenberg Will Power a Frontend Editing Experience for WordPress
      3. Block Templates Will Replace Themes
      4. Blocks Will Replace Plugins
    4. WordPress Market Share Will Increase and Decrease
    5. WordPress Will Become a More Popular Platform for Mobile Development
    6. WordPress Will Continue to Be Useful for Developing Apps of All Kinds
  21. Index