Top tips for creating WordPress themes…
Plugins & Themes
- MVC, separate functionality and presentation, consider moving as much functionality into plugins so that you keep the theme as a presentation/view layer.
- Don’t cram everything into one file, consider the ‘single responsibility principle’ and take the middle ground.
- Don’t mix logic up in your template. clean template on github as opposed to writing functions, styles, etc.. in the template file. You can use template parts to call bits of reusable code: get_template_part(‘partials/content’, ‘page’)…
- https://tommcfarlin.com/wordpress-theme-or-plugin/ – really rather trivial coverage of the obvious
- http://code.tutsplus.com/articles/functionality-plugins-vs-themes–wp-26314 – discusses performance issues of plugins in WordPress. Active plugins are loaded and executed before the currently active theme, so timing is the only real difference.
- https://pippinsplugins.com – Pippin Williamson – WordPress author including tutorials.
- http://wordpress.stackexchange.com/questions/26537/between-functions-php-widgets-and-plugins-which-is-loaded-first – StackExchange article with WordPress core load process.
- http://wptavern.com/why-wordpress-theme-developers-are-moving-functionality-into-plugins – Jonathan Atkinson and Themeforest… all it really does is motivate removing function bloat from themes.
- If done properly, you can define dependencies. wp_enqueue_script($handle, $src, $deps, $ver, $in_footer). in_footer determines whether the script is downloaded in the header or the footer.
- Remember wp_head() right before the closing </head> and wp_footer(), right before the closing </body>. Then plugins can use them to add stylesheets and scripts.
- Never trust user input, not GET, POST, $_SERVER, cookies, etc… “Trust Nothing”.
- http://codex.wordpress.org/Data_Validation – WordPress Guidelines on data validation.
- https://developer.wordpress.org/plugins/security/ – WordPress Plugin Security, securing input, escaping input, confirming credentials, etc.
- https://vip.wordpress.com/2014/06/20/the-importance-of-escaping-all-the-things/ – increase security by late escaping code.
- http://wordpress.tv/2011/01/29/mark-jaquith-theme-plugin-security/ – video on plugin & theme security.