 Thank you. Does this work? Okay. Hello, everyone. My name is Mika. I am the representative of the WordPress plug-in review team. I spend my day, when I'm not working for Dreamhost, writing code there, downloading plugins, verifying that they work well, that they're secure, and uploading them to the WordPress directory so that everyone can use them and download them on their websites. How many of you have written a plugin already? Don't lie, John. I'm kidding. My boss is back there. Okay. I wasn't sure if I was going to be getting people who had never written plugins or people who had written some and wanted to learn how to do it better. And it looks like I have a bit of a mix going on here. So, how many of you have looked at the code of Hello, Dolly? Okay. Not that many. This will be a little bit boring for you at the beginning, but I promise we'll come back around. I don't have slides because there's no way to teach code by looking at slides. I've never been able to learn by looking at slides. I've never been able to do any of this. But looking at code and writing code, learning by doing and seeing the connections that code makes, that's a different sort of way to learn. So, I apologize for the screen here, but it's what I've got. I'm doing exactly what I hate people do, by the way, and live downloading code and demonstrating things. This is a plugin page, as everybody knows that. It has a plugin header image. It's got... I burnt my finger making macarons, and so my trackpad doesn't work on that finger anymore, but I'm still trying to use it. All right. It's got a little icon over there. It says, Hello, Dolly by Matt Mullenwig. It has a description that tells you everything about the plugin. Every single plugin page basically works the same way. Every single plugin essentially works the exact same way. You've written something that connects to other parts of WordPress to display something. All plugins must do something, and that sounds very broad and very vague because it is. Sometimes the thing is... Let's see, did Matt put in... He did not put in screenshots, darn it. Hopefully you've seen Hello, Dolly, and you know that what it does is it puts the lyrics of Hello, Dolly on your WordPress site on the administration end, so you can, as you're working and writing your next great post, it tells you things, you know, Hello, Dolly, the gang's all here. If you've seen the musical Hello, Dolly, and if you haven't, I recommend you do. It's really funny. It's hilarious, and it's a great song, too. But the code for Hello, Dolly is included in every single install of WordPress, and the reason for this is it's to explain to people how simple it can be to write a plugin. Simple is a word that I don't like to use. What's simple to me is not simple to you. What's obvious to me is not obvious to you. It can't be. But at the risk of using this word that I hate, this is the most simplistic code that you can write with WordPress to have it interact and do something different on page loads. We're going to start at the bottom. Or rather, in the middle. It's kind of the bottom. If you want to know something funny, if you submitted this plugin today, I'd send him an email back and say you've named your functions inconsistently. He has Hello, Dolly, and then Dolly, CSS. And I'd say you should have this Be Hello, Dolly, CSS. And that should be Hello, Dolly. When you're writing code, I strongly encourage you to name things consistently. It'll help you with debugging. It'll help you remember this is the CSS for Hello, Dolly. Also, all of your functions always should reference the plugin that you are. You can use, if you're familiar with using classes or namespaces, definitely please use them. But if you're writing something this small, it's okay to just use functions, but when you do, make sure the functions are named in a way that won't cause a conflict. This might. We'll let it go because it's one of the first plugins, though. Okay. The majority of what this plugin does is it lists all those lyrics that we have up at the top on a page. It just shows one line every time you load a page on the admin area. The way that it does this is it does this function here. It adds an action to help, to admin notices. It says run Hello, Dolly. Hello, Dolly is this function up here, which says run get, use chosen. We're going to get the lyric, and we're going to echo it here. This just makes it look pretty. The brunt of the code is really just these two sections. The majority of what a plugin does is it's an action to do a thing, and the action does a thing by calling another function to get information. At its heart, that's what all plugins are doing. We have an action to do a thing, and often, really, really today of all days you had to do that. No, it's fine, it just turned itself, it locked itself, and I thought I had it set to not do that. It's supposed to be smart enough to know when it's plugged in like this to not turn itself off. It seems to not be doing that today. All right, all plugins, action to do a thing, function to determine what gets output. That's the definition of all plugins. Now, when we look back at the lyric section, first off, this is just all the text that's going to be in the lyrics, and the two really weird bits of code are down here, and I'm going to scroll that up so that you guys can see that a little better. All right, we defined all of those lines of code as a variable called lyrics. Now, each of them have line breaks, so here, Matt says we're going to explode lyrics, separate it by each line break, and then randomly, we're going to pick one, and that's what we're returning. So, down here, when we say chosen is hello, Dolly, get lyric, it calls this, which kicks out one line, and then it produces this code, which will be one of the lines, and it'll be displayed on the admin side of your site. This is the heart of everything. If you can figure out how this works, if you can understand the process that it goes through, you can write a plugin to do anything. And plugins do do anything. There's a beekeeping plugin. There's a beer brewing plugin. I like that one. Think of a subject, and I bet there's a plugin for it. Plugins are amazing, but they're also very complicated. Now, would you guys be interested in together coming up with an idea of a plugin and together writing a simple plugin? Does that sound kind of cool? Okay. Somebody throw out an idea for a plugin. Keep the idea small as possible, though, because we're not going to write... Having written a plugin that talks to the Amazon Echo, we're not doing that again. That's really hard. John, how complicated is creating a temporary admin user? Moderately complicated because of the security issues involved. We could write our own version of Hello Dolly. I mean... Okay, you want to know something funny? This is the most popular plugin to fork. If you go through the directory and look at all the plugins, there are many Hello Dolly... There's Hello Dolly Lama. There's Hello Dolly, if you like Dr. Who. There's one that just lists the sports teams. It's Hello Sports Teams. I don't know if we still have that anymore. But when people want to learn how to do a plugin, this is often something that they like to do, is that they get the idea of, okay, first I'll just replace the text. Well, next I want to make it look different. I want to change the colors. Next I only want it to load on some screens. That's also kind of fun. So let's see. If you guys don't have an idea for a plugin, we're going to start with forking Hello Dolly and doing some of those things. So you can see the practical application. Let's see that I do have... Oh, yeah, let's do that one. Hopefully I have local by flywheel actually set up with a test environment. It crashed on... No, not right now. It crashed on me the other day and I had to rebuild. So hopefully I do still have this. And if not, I will really quickly. I'm going to open Hello Dolly first. Yeah, I was just looking at the zip file. I use a tool called BB Edit, which lets me open zip files and read everything that's in them without having to unzip them first. Because I review plugins, and it saves me hours of time a week. Hello Dolly, though. It's only two files. I mean, it's Hello PHP and Read Me PHP. Yes, fix that. I do have a plug... I have a plugin site, so I test plugins a lot, so I tend to do that. Let's go. That'll work. Please work. Yay, all right. We have a plugin testing site. This is good. WP Awesome. Yes, because that's exactly how you log into WordPress. Whenever you're typing live and doing a class like this, there's always this great and nervous thing of, I have to remember how to type in front of a group of 30 or 40 people, and then you forget how to type. So, that's fun. You get to see, embarrassingly, I don't remember the password for this site. I thought it was admin password. No, not for this. I set it up somewhat differently. Let's see. I can show you how to crack it. You can show me how to crack it. That would work too, but have you guys ever seen WPCLI? Okay. So WPCLI is a command line interface for WordPress, so that if you, for example in this case, if I lock myself out, I can go in and reset my password. But, let's see. Okay, so it is admin. So the password, it should be admin password then. Oh, that would be bad of me, huh? It is admin password. I just couldn't type. Like I said, you get nervous when you're typing in front of a lot of people. So it's hot in here. Gosh. All right. Let's activate HelloDolly so we can look at it for a second. Now, that's pretty cool, but that's kind of small, isn't it? I mean, I don't know. Obviously, I like my text a little bit larger. I'm aware that this is out of date. I'm not going to update it right now because I don't want to kill the Wi-Fi. What if we made that larger? How hard could that be to make it larger? All right. We saw the CSS already. If you're actually writing code, please don't use the WordPress editor the way I'm about to use it. In fact, you know what? I'm going to do this the right way. I have a tool that I like to use called Coda, theoretically. It's remembering that I just pressed the button. It's opening. Coda is a code editor that is specifically designed to let you look at, well, code, basically. Let's see. Do I have plug-in dev? I do. Yay. Oh, go me. WP content, plugins. Hello. Excellent. So this is the exact same code, but you'll notice now it's kind of color-coded in a different way. And because I'm using Coda, if I wanted to change WordPress code, if I wanted to start typing in a function name, let's see, WP, I start seeing all the WordPress functions. So if you're developing software, and like me, you can never remember what all the function names are because it's WP footer, but WP head. And I don't know why. You can cheat and use these auto-completes. Coda has this stuff. It's free. Coda is, sadly, a somewhat expensive software. I think it's $75 or a couple hundred dollars now. I couldn't live without it. Atom, however, ATOM is free. And a lot of people really like that. I have trouble looking at dark colors and not being able to change the font size and the colors of things the way I needed to. It meant that Coda worked better for me. Fun. Yeah, I couldn't make the color look right, and I was spending so much time changing it that it made me mad. Right. So, no, I'm trying to explain this without going into a really long history of what I used to do. I used to have to rebuild my desktop every other week. It was a requirement for the job that I had. And in doing so, I got in the habit of if the defaults that come with a thing aren't to my liking and I have to spend more than five minutes changing things, it's not the tool for me. It wasn't made for me, although I could make it work for me. So, it's very much a personal preference. So, I strongly recommend ATOM for everyone else to look at, at least to get the idea of how you want to do these, because it also has the PHP complete. It knows PHP functions. You can do add-ons to know WordPress functions, and that way you don't have to memorize every single function in the database, because nobody except maybe Nason can do that. He used to work for... EnderNason is one of the lead developers of WordPress. He used to work for Walmart, and he for some reason memorized all the identification numbers for all the items, so he could know where everything was. He's sort of a genius. I'm not that kind of genius. So, when we look at HelloDolly, that's the CSS code. And right here, he's got the font size is 11. I have bad eyes. I don't know that you could, you know, these are giveaway. I want to make that larger, so I'm going to make that 16. Now, I'm editing the file directly. If I was really writing code, I would be editing this in a Git or SVN repository, testing it locally and then pushing it live. For the sake of example, let's pretend I'm doing that. It takes a long time to set all that up. Once I've done that, though, I can refresh, and now it's not only is it larger, uh-oh, it's moved to another side because I made it bigger, but also because I've got this warning, it's using the same thing called admin notices. So, admin notices, these are your admin notices. You see them whenever you have anything that needs to update. And that's great, but it means that the formatting is going to look weird depending on how long the line is. See how it jumped down here. Maybe this isn't the best code and the best CSS layout. We could spend a lot of time fiddling with the CSS layout. We could make it look exactly like that. We could have it be with a little yellow bar on the side and everything if we wanted to. All we have to do is just keep editing these things. Float left, float right. Now, what Matt does here is he checks what your language preference is. So, we've got isRTL. Now, this is a... This is an if statement. It doesn't look like one. Most of us think of an if statement as... We'll look at it like this. If isRTL and we say then... We would do, let's see, x equals left. I'll format that nicely there. Else, x equals right. I know I'm missing the ending there. These are the same thing. This one's smaller and actually almost easier to read because you're seeing is, question mark, yes, no. That's all that this is. So, this is the if else going on right there in one line. When you've got small amounts of data, I strongly recommend you do this. It took me forever to realize how powerful that was. But if you were also doing things, if you wanted to accept parameters in this, you could then sanitize it right then and there. You could check if things... If it was a valid email, for example. If it's a valid email, copy the email. Otherwise, say no email. You can do all that with these centenary operations. And they'll make your life a lot easier because this is what? One, two, three, four, five lines versus one. It's partially a stylistic choice, but also if you wanted to do multiple different ones, like if I wanted to say if it's RTL, use the color to red. I personally don't recommend, by the way, using variable names like X or Y. I like my variable names to be something that I as a human can remember. Oh, right. I'm talking about color here. So, let's see. If it's right to left, I want it to be red. Otherwise, I want it to be blue. And now I'm going to say... color is equal to color. And now it's blue. And we've done that just by adding in this line here to say if it's right to left, if it's left to right. So now here we're just, again, we're just taking the parameter that we've set. We're calling it down here in our echo. We're echoing it in admin head. Yes, it's admin head and admin footer, by the way. Yes, it feels like it should be admin header and admin footer. I don't know why. A lot of things with WordPress were written and then we got stuck with them and we couldn't change them down the line because it takes so long to get everybody to update your code. If tomorrow we change this and said, okay, it's not going to be admin header, we'd have to deprecate it because otherwise we'd break everybody, including Hello Dolly, that was using it. So we don't really want to do that. We've got all the... It's also got spell check, by the way. Did I mention that? This is really useful if you can't spell or if you're typing in a language you don't know. I can change this and say that I'm typing in French. Right now it thinks that I'm typing in Canadian English, though, which means I'm wondering why it doesn't know what favorite is. Canadians like to use use as well as, you know, gray with an e. If we want to change the lyrics that display, we can do that here. One thing I did note is that the shorter they are, the more likely they are to be on the left. So when we go back and look here, short ones show up over here and the long ones show up down here. Okay, one way I can fix that is I could just do that. Okay, I've split it up into two lines. But another thing I could do is I could trim it so that it's short. I could limit the number of characters that we're going to display. Now, go ahead and ask me, what's the function to do that? I don't remember off the top of my head. I never do, and I should. I do it all the time. No, I'm constantly pulling up Google and saying, let's see, truncate right side of variable PHP. I'm trusting Google to know when I type out. Subster. I should know this by heart. I don't. Never feel bad if you have to Google something, guys. I promise, never feel bad. Every single developer that you're ever going to meet, everybody who writes core, they're all going to be Googling every once in a while, and they're all going to be going, what is this again? This is why live coding is terrifying, because people are afraid. I'm going to get up here and I'm going to talk to people about coding and development, and I don't know everything. I'm here up here in front of you Googling something because I couldn't remember it with Subster. I should know that by heart, but I don't. Oh, look, I'm also French today. Thanks. You can also do R trim, but that only deletes white spaces. If you wanted to trim white space from the end of a line and you're using WordPress, you can just use trim. It kills it from both sides at once, which is great. Oh, hey, look, PHP trim also. It didn't exist in all versions of PHP. That was a fun time. All right, so let's say we know that we only want to show the first 15 characters for substring. Well, here, I've got my code where I'm taking the lyrics, the one random lyric, and I'm returning it. In order to make this a little easier for me, I'm going to change this to make a variable called line, and I'm going to return line. Now, the reason that I broke it out is that now I can do line is this is why these autofills are great. String and start. It tells me that the string is the string that I'm wanting to trim, and int is an integer to start where am I doing the trimming, where am I subtracting. It gives me a hint to remind me how am I supposed to use this particular function. It is impossible to remember all of them. All right, so my string is line and my int must say I'm just going to grab a number, I must say 15. And I need to remember to add that. If this is the number one error I make, I forget to do a trailing semicolon, and then I'm standing staring at my code and what sucks is that PHP is going to tell me that the error is here. It's going to say unexpected something and it couldn't do a return and I'll be staring at it going, but the return is fine. There's a PHP error and you're looking at the line and it makes no sense, go up. All right, so let's see what happens now that we've done that. I'm swaying. Because what we did is we said substring from the right, 15 characters from the right. So I'm swaying becomes swaying. Lee, uh-oh. Now we've introduced a problem. Live debugging. How would that happen? Mm-hmm. Well, so what's going on is that we've got one of these. We've got an apostrophe sitting out there and when we truncated it had the apostrophe and it's trying to texturize it and doesn't know how to. Because right here we've got WP texturize. When you texturize and it's non-contextual and it just says, well, there's a apostrophe, but what do I do? I could remove that, but I don't want to. So I have a couple of choices. One is that I could do a string replace and I could say, let's replace all of my apostrophes. The other is I could remove WP texturize and this is where you start getting into the weird stuff of I have to decide everything about what my plugin does. Let's see. Oh, substring. There we go. Substring replace. Now you can get fun. You say mixed string, mixed replacement, mixed start. I know it kept this on the end. It's not supposed to, but sometimes it gets confused. We're not going to do that one though, because that's a little crazy. There we go. Substre. And change that to five. And now this is like, all of debugging is just that didn't work. Let's try something else and keep trying and trying and trying until you understand the why of the error and the how of the fix. And don't feel bad if it takes you, you know, six hours to realize you forgot the semicolon or a day and you're showering and all of a sudden you realize that's the problem. When I worked, I used to work for a bank and we had a weird problem where every time they ran a script it would delete their development environment. We couldn't figure out why. Well, finally we sat down and were like, okay, what is the script doing? And step one of the script was to delete everything in the, not the dev environment, but the test environment where people were supposed to test what dev was. The problem was somebody had made a simlinked folder and it was in the test environment that pointed back to the dev environment. Instead of copying everything over, they simlinked it. So when you deleted the simlink with rm-rf it deleted the everything. It took us a really long time and that was like one of those shower revelations where I was trying to figure it out and trying to figure it out because I didn't write the code and all of a sudden I'm like, wait, it does a delete. Wasn't there a folder? So if I changed it to five what that really does is it just going to move it out because now I get it again. It's so nice to have you back where you belong. It's good that it's actually longer because longer lines are a little bit easier to try to figure out. And here's this. So what happens? Oh, this could be this line or this line is the same line. There's a term in development that we say why and we mean don't repeat yourself. This is repeated and this is repeated. Obviously when Matt did this he just dumped the lyrics in. There's nothing wrong with that. If you were writing this and wanting it to be translated I would strongly recommend you not do it this way because all it would do is repeat a line but it would mean that somebody might translate it multiple times or think that it's contextually different from another time. If you only need it once and it doesn't matter how many times you call it or how often it's called you're not going to need anything like that. Okay. The funny thing is that looking at this it just occurred to me exactly why we're seeing the numbers. So it's not because there's a slash or not a slash it's because WP Texturize has changed the apostrophe into ampersand hash eight whatever right there. So literally the only way to fix this would be to remove WP Texturize. Well that kind of sucks but let's see there. Alright we've removed WP Texturize that should make this yep now they're starting to look a little bit better. It's fun to see it when you've made something shorter by the way because these things don't make any sense. Oh look now there's the same line. It's so nice to have you back where you belong where you had an error. Now the error is gone because it didn't try to texturize it and make it all funky. That's going to be the only way we'll get around it doing the truncation the way that we are. You guys just got to do live debugging and see somebody have that realization in front of you. And by the way the face that I made is probably the same one you guys make when you look in the mirror. If you ever managed to look in the mirror right as you realize something it's the same oh right. It's a very universal face. It's kind of fun. So we've changed the size we've changed the color that's the heart of writing your own plugin. Now here's an interesting question do you know why WP Texturize was put up there. WP Texturize is what make no not security but not with that one but that's a good guess. WP Texturize is there so that these straight apostrophes and straight quotes can become the curved ones that people are used to looking at them. It makes it look like text that we're used to reading. This is great for programming and by the way whenever you're copy pasting code please double check that you didn't paste in a curly quote. That is the number one error when people are editing their own WP config files that they'll copy a line from someone's blog and not realize that WP Texturize has done that that they've made it a curly quote and then all of a sudden it's wrong when you copy and paste it in. By removing WP Texturize we prevent that from happening. When people put code up on their websites we recommend that they use code tags or a plugin that lets you wrap your code in a short code because it will remove the texturization so that other people don't have that problem. So WP Texturize is not necessary for security it's necessary to make it look nice. When we're talking about security we're talking about functions like escaping and sanitizing. Escaping and... I was just talking about this upstairs to the fellows I was showing how to do plugin reviews too. Plug-in security relies on three things. At least writing code that is secure relies on three things. Your first thing is you have to sanitize everything because you can't trust anyone especially yourself. Future you will love you for sanitizing everything. Secondly, you have to validate everything and that means that if you have a field where someone's going to enter in a number you have to make sure it's always a number because if they put in a word and that crashes the plugin that's your fault. You didn't stop them from doing something wrong. You have to validate but it gets even weirder than that because a date could be a number I could just be wanting to put in the date that I want something to happen I say the 31st. Okay that's great but what happens if it's in February? That doesn't exist. So validation is as much checking contextually that what you're saving matches what it's supposed to be but it's also making sure it's in the format it should be. We were reviewing upstairs a nutrition plugin and I looked at it and the developer was using a thing called strip slashes now what that does is it makes it safe to save but it doesn't validate anything and I said well wait a second if I was using this plugin and I was putting in the nutritional information what if I wanted to put in Imperial and metric what if I wanted both of those in there because I was making it for Canada where people are kind of used to both how do I do that if it strip slashes it would take away a slash that I put in all of a sudden my data would look wrong and the developer hadn't considered it there's nothing inherently bad with not considering it but you have to start broadening your mind to the global use of your code you don't know how people will use it so you have to restrict their use to what you know will work I caught you this time the last part of sanitization the trifecta is escaping so we sanitize what we save we validate what we save and we escape what we display has anyone ever gone to a web page and had javascript things pop up right away and it looks like a bug we call those cross-site scripting vulnerabilities because what it is is people can enter javascript into a form and then run code that affects the website not necessarily the user and if they're poorly written enough then they can be used to hack into a site when we sanitize and when we escape we prevent things from happening there's a comic strip called XKCD I don't know if any of you are familiar with it if you are there's there's a joke about little bobby tables and what it is is a woman has named her son Robert Drop Table semicolon and they go to enter into a school database and it wipes out the school records and the school calls and says how dare you do that and she says oh yes my darling son little bobby drop tables that's sort of a great example of why sanitization is a huge problem if you're not sanitizing the input it gives you data and you save it you run the risk of losing all your tables and while it's funny to read oh she broke the school when you suddenly start realizing that could happen on my website you realize why we care so much about you doing the sanitization and about you escaping because on the flip side when you output that back out she could have had little Juliet XSS vulnerability as her other child and when somebody goes to look at the list of students at the age it could hack their browser because yes that can happen we escape what we display now wordpress thankfully has a bunch of functions it's got oh my gosh probably 20 or 30 specific sanitization functions just for wordpress just for doing the things that people commonly do we have text area we have text fields so if you only have a line we can do that you can save things as html u p k s e s I apologize greatly for that name it's one of those things that we made as a acronym which means it didn't really have an acronym but then we pretended it did going back like php isn't an acronym but we pretend it was made up later this is what happens when you let American programmers do weird things they just do weird things but we have all these sanitization functions there should be there should be this I can type I swear that's not actually going to work because I have to do it this way and that's because I'm putting php code in the middle of an echo I have to stop it so that's what happens with the quote here I have to do the period to say and continue including what's next that's escape html chosen period we're going to continue with what's next let's check up my more html does this still work works fine now we're escaping the output and to be honest this is what you should do even though it's not accepting any special inputted data it's just a good habit to get into escape what you display sanitize and validate what you save I have like five minutes left before questions oh gosh okay let's see we did a little bit of security edit plugins showed that clearly I haven't updated my dev environment recently we released 4.8 I was busy making sure 4.8 worked before I took care of my own test sites I mean this is a local install by the way okay let's do that really briefly I mentioned Coda which is what I use and I mentioned that there's Adam as editors that you can use when you want to test WordPress locally there are tools that you can and should be using for that because imagine if I was doing this on my live website and I had somebody else using that website like my mom or dad we have a family blog where they all go in and P2 and leave each other little messages if I was making changes like that live I would probably have a bunch of angry texts from my father right now going why is the color changing what are you doing that's not really nice and what is nice though is testing everything locally and then emailing everyone saying hey don't change don't panic the colors can change to blue people like to know things and when you're running a site for other people it's really important to communicate the changes you make before you make them but that means it's really important to test your changes locally before you push them live I'm using an app called local it's by a company called Flywheel and it lets me have a local development environment that I can use WPCLI to go into and be a developer but it also lets me build sites relatively quickly you can see I've got dream hey look I'm going to crash my company website I actually just use that for debugging customers when customers have big problems I just slap copies of the code on my dream host site so that I can play with it and not impact them directly the other two is me doing weird stuff that I like to do and this is for testing plugins if you want a new one I mean it's really you press the plus button and you walk through and you tell it I'd like this version of PHP or WordPress this version of PHP this web server I could change it to Nginx you can make it mimic your environment not exactly but very close local by Flywheel and desktop server by server press and MAMP are the three easiest local environments to get used to desktop server has an advantage because it lets you push from your local site to your server so if you wanted to develop everything locally and then say okay it's done it's ready I want to push all my files up to my server it's good press a button you can do it it does cost money for that version the free one just lets you edit locally that said I am a proponent of using code versioning systems I have my own get repository that I use to make all of my changes so that I can track them and so that when I go back and make a change for example those two sites les press and les watch are sites that I work on with Tracy Levec she's also here working on the design team if I make a change and Tracy really hates that she can go and see exactly what I changed and I've always left a comment as to you know this was changed to fix this problem or this was changed because I hated the color and she can see what I did and why and either revert it because it's causing another problem we can discuss okay look don't change colors without talking to each other first which is really what you should be doing with your other developers code changing via a system like that is great I go back and I say code is awesome because it can update SVN and get directly from code I don't have to go in and do things via command line if I don't want to if you're hosting WordPress plugins the most important thing to know is that we use SVN no you can't use get yet yes we're aware that everybody wants to use get WordPress existed before get did literally we're older and so many things are tied into SVN that unraveling it while it is possible and it is going to happen one day it's not going to happen tomorrow so we understand your frustration but please be patient if it was just a matter of oh we'll just switch everything over we'd be done it's a matter of uninstalling a lot of specific hooks that we have going on and we're making some decisions going forward about ways to allow you to push for example from github directly to the WordPress repository we're working on it we literally started the code last night so it's not done it depending on how many beers you buy auto he's about this tall scraggly guy with a hat and a beer I know that just described people if you meet auto and you buy him a beer and you ask him can I help you with this he'll start making you work so just watch out but he's working on that because he likes the idea which is great but we do use SVN and yes that means you do have to learn how to use it now good news you only have to use it to release your code you don't have to use it to develop your code if you want to develop on github do it all you have to do is copy the code over and do SVN up and I'm like seconds away from being done so we'll call that there no we're good because I know you guys are going to have questions so thank you what would you recommend like aspiring plugin developers how does someone go from some basic PHP knowledge to a WordPress developer how does someone go from a basic WordPress developer from a basic PHP developer to a WordPress developer in six months the best thing I can say is get really really mad at something that WordPress is doing and want to change it I went from a very basic C plus developer an ASP developer I was working for a bank we did weird things and pearl and stuff like that to a WordPress developer because literally I wanted to be able to have hidden text and only see when you highlight it with your mouse and WordPress at the time didn't have a plugin that did it so I sat down and I taught myself how to write it because I really wanted it the best way to be a WordPress developer is to find something you want because that passion will lead you to writing the code now the fastest way to learn the WordPress code besides just to write it is to start downloading other people's plugins that are vaguely similar to what you're interested in and reading it and that sounds very strange but just looking at Hello Dolly and reading it and understanding it and seeing how your changes impact what it does that's how you do learn that's how we all learned if you go back to kindergarten and elementary school we all learned by doing these things and making mistakes and let's make our little man out of clay and we forget that as we grow older because we think well we can only learn by going to a class and we can only learn by listening to very smart people tell me what to do but the truth is we all know how to learn we just got confused a little bit because school tells us no you have to learn from the book but we all learned we learned to walk by somebody holding our hands and then letting go we learned to ride our bicycle by our dads just shoving us down the hill and saying good luck that might have just been me but wordpress wordpress being open source and letting anyone see the code means that we really want you to learn by doing this by taking Hello Dolly and maybe making it so that it changes what echoes based on who's logged in that I see Hello Dolly and my dad sees lyrics from Bob Dylan his favorite musician and my mother sees lyrics from James Taylor her favorite musician and then you can do little changes like that to understand how it all comes together and to make the change that you want does that help? okay cool yes yes did I not for the first one oh okay I thought I did okay yeah so the question is are there standards for naming files and the design of the files and the file names within the plugins there's only one file name that's required and it's readme.txt that's it everything else you can name the files inside your plugin anything you want you can name it the main file index.php and have like this is hello.php all the code is in it that's fine for a complex plugin I was just talking about this upstairs for a complex plugin do what makes sense for you for example if you feel it's easier to have all of the page output on one separate file and all of the code that handles the input and the sanitization in another file that's fine it's what makes you comfortable and you can continue to support as a developer I personally recommend keeping it in one file if it's small like this but I like to have them in separate files the minute I'm starting to have multiple admin screens so I've written some fairly large plugins I can actually really quickly show you one because they're all on here hey let's see we're impressed to get yes I named things fun things so this plugin is called Bandhammer and what it does is it blocks people from logging into your site so you can say anybody with this email address can't log into my site or anyone from gmail.com can't make an account on my site and Bandhammer has these files has the main file and an uninstall file and that's it even though it's a very complex plugin it used to have six files but as complex as time went on because I learned how to code better don't worry by the way if your first plugin is really really overly complicated it's okay you'll learn as you go on but what I did was I used classes to keep it all in one thing the reason I had multiple files was that I couldn't figure out how to make it work with buddy press so in the beginning the first thing it would check is are you running buddy press got smarter and his buddy press got smarter I was able to fold all of that back into each other it's common you'll see up there it says Bandhammer is the folder name and Bandhammer PHP is the file name it's common to do that but it's not required what's important about the file is this this is your plugin header now what we require is your plugin name your plugin description and your plugin version those are the only three things you have to have the rest I have this so you can see more information about the plugin I have this so you can know who I am if you need to get in touch with me for some reason probably I hope not this is because it's a multi-site thing and I say you can only activate it network on a multi-site and the text domain I don't even need anymore because the polyglots team is just amazingly brilliant and they now it just grabs the folder name it says your text domain is by default the folder name Bandhammer I don't have to fill that in that's left over from when I did have to fill those things in a super complicated one is this guy this is DreamObject's backups it makes backups of your website and copies it up to DreamObject's cloud storage it's a lot of files when you go into this one it's got even more I broke this apart because it was the only way I could keep track of everything that I was doing I have vendors, I've got libraries I've got even more I've got WPCLI commands that it's running it really is it depends on how complicated the plugin is it doesn't matter what you name the files but don't ever ever change that file name once you've decided what it is if you do it will deactivate the plugin on upgrade yeah if you ever look inside WordPress there's an option called active plugins in the WP Options table and it saves your plugin that's active as plugin folder slash file name if you change the file name it doesn't always pick up that's the same plugin so it deactivates it sometimes it gets it right but it's sort of been iffy lately and I'm not sure why and yes there's a bug ticket for it is there anything else? you guys, oh yeah there's one function that's bothering you and you want to write it your own way how would you suggest to overwrite it in your plugins so that it uses that plugin what would you guys for that okay so if there's a plugin yeah I got it if there's a plugin that has a function that you want to override what's the best way to do that it depends on the plugin some plugins are well written that will allow you to filter what the output is in certain cases what you'll have to do is write your own plugin that looks for that function or that action that does whatever it is it does removes the action because there's a way you can delete an action so you've got add action, you can use delete action delete their action and add your own the third way and this is the way that most people do it is they create a fork of the plugin which is they copy the plugin from the functions to something else and then they fix it in that it depends on what the changes that you're making if you're making a change to text that is output hopefully they have a filter and if not I would contact the developer and say I really love this plugin but I need to make this one change can you make that something filterable look up filters they kind of break my brain because it's just I'm going to wrap filter a check that says if it's filtered around my output and then somebody else can just filter it and I don't get that it just works but it does sometimes code doesn't make sense to me but I use it anyway did you have a follow up saw you moving your hand it was just your glasses I try to pay attention did that help though yes if we're using where the development of things we have child themes to secure our modifications for updates isn't there such a thing for plugins so if we add our functions whether or not it fills us in actions so the question is much like we have child themes where we can safely edit certain components of a theme safely and not have to worry about upgrades deleting them do we have a commiserate relationship with plugins we don't that's why I mentioned filters and delete action remove action and add action there is no such concept as a child plugin we were at the wordpress community summit we were discussing this exact problem by the way because it's a problem because if I have a plugin that requires WooCommerce I should be able to always easily say my plugin needs WooCommerce if WooCommerce isn't around my plugin should stop working but on top of that I should get a warning on my site if you have a child theme and you try to delete the parent theme from your site wordpress won't let you because you'll break your site it says you can't do this you're using a child theme stop obviously you can go in via ftp and just delete it anyway but wordpress when it can stop you from shooting yourself in the foot it'll do it we don't do that with plugins and we need to and it's a cause that I champion greatly because I feel that it makes things very difficult for plugin developers to continually make changes to plugins to make add-ons to other plugins without having this ability there's a track ticket where we're arguing for it more voices and people saying this would really be useful if you ever go into wordpress track and you see an idea that you really really like and you're not sure how to tell people I like this idea at the bottom of the page there's a little place where you can press a button to star it we use that to determine if people like the idea or if people are interested in what's going on and the more people who are interested the more attention we know we need to pay to make this fixed or changed in some way it'll also start emailing you every time someone updates the ticket though so please watch out some of those tickets can get pretty heavily trafficked but it's a great way to add your vote without making it too noisy and detracting from the people who are arguing the technical aspects of the problem that's enough time for one more question going once yes, you, totally what number is an average number of plugins that does not affect the performance what number is the average number of plugins that doesn't affect the performance of your site there isn't one so there was a show in the United States called name that tune people would say I can name that tune in one word or one note I can name that tune in zero notes I can crash a WordPress website and make it really really slow with one plugin I could do it with any plugin I could do it with Hello Dolly the number of plugins that you use does not directly impact the speed of your site it's the quality of the plugins that you choose to use and the way those plugins interact with each other ten people can use let's say everybody installs and activates Hello Dolly and one person has a slow site it might be because of their server it might be because of PHP it might be because of their theme has something in there where somebody says I really hate Hello Dolly so if someone has that active I'll make it slow I I'm repeatedly seeing hosting companies adding some crazy plugins that give a bad experience like object caching plugins are added dropped into GoDaddy and imagine you're running an e-commerce site and you're trying to add a product to the cart it's just done, they're caching something caching the checkout page how do you think why do you think the hosting companies are doing this adding their own plugins sure the question is why are hosting companies adding in their own plugins or plugins that they feel that you should be using even though they can sometimes poorly impact people's sites so this is a very interesting question because of what my day job is I work for DreamPress which is the managed hosting product of DreamHost and we add in object caching the reason that we do this is that for managed hosting solutions we built your server to be cashable like that to use object caching and I know that GoDaddy does this too they've actually tested with WooCommerce and out of the box a plain vanilla WooCommerce site doesn't have these problems however, like the previous question what's the number of plugins to make your site run poorly it really ends up being one, it's just one bad plugin what's most likely happening in that situation is you have one plugin that is conflicting with object cache the way in which it's saving data is a less than optimal WordPress way object caching object caching is generally used to save the queries that are being made to the database so if somebody is coming to your site and they're doing the same requests over and over again if you can cache that you make your site run faster we're not talking about caching the generated output of the page we're caching the database queries now the problem with an e-commerce store is that if you're searching for shoes and I'm searching for socks and he's searching for shirts we might get each other's cache and that would be bad because I really wasn't looking for shoes today I like my shoes but poorly written plugins can cause where that issue starts happening now out of the box object caching and WooCommerce are perfectly compatible they work great together outside of Dreamhost I strongly recommend if you're using an e-commerce store please look into memcached and object caching to make your site run faster and safer but it does have to be done carefully and it's very likely that it's a third party add-on to WooCommerce that's causing this issue hopefully GoDaddy would be responsive you contacted them and says I'm having a problem with object caching something's poisoning my cache can you help me find out I really hope that they would I trust that they would and if Dreamhost doesn't tell me and I'll go and find out who didn't and have a talk to them and it's now 101 I haven't had lunch and I'm starving so thank you everyone for coming I hope you guys did learn something and I'll be around for the rest of the week