Plugin Sandbox
When you activate a broken plugin in WordPress, it won't break your site. If the plugin triggers a fatal error, WordPress automatically deactivates the plugin before it has a chance to wreak havoc. This fail‐safe feature makes it less risky when activating and testing new plugins. Even if the plugin does cause a white screen of death (error message), you can easily rename the plugin folder directly on your web server, and WordPress deactivates the plugin. This makes it impossible for a rogue plugin to lock you out of your own site because of an error.
On the other hand, if you were to hack the WordPress Core, you could cause fatal errors that would crash your website. This can also include causing unrecoverable damage to WordPress.
Plugin Community
A huge community is centered around plugin development, sharing knowledge and code, and creating amazing plugins. Getting involved in the community is a great way to take your plugin development skills to the next level. Chapter 16, “The Developer Toolbox,” covers many of these resources.
INSTALLING AND MANAGING PLUGINS
All plugin management in WordPress happens on the Plugins screen in the WordPress Dashboard. The menu shown in Figure 1‐2 is available only to administrators in WordPress, so non‐administrators cannot see this menu. If you use the Multisite feature of WordPress, the Plugins menu is hidden by default. You need to enable the menu using My Sites ➪ Network Admin ➪ Settings.
FIGURE 1‐2: Plugins menu
Installing a Plugin
WordPress features three different methods for installing a new plugin. Your server setup dictates which method is the best to use.
The first method uses the built‐in auto‐installer. This method enables you to search the Plugin Directory on WordPress.org directly from the Dashboard of your WordPress website. Simply visit Plugins ➪ Add New from your WordPress Dashboard to search for a plugin. After you find a plugin to install, click the Install Now button, and the plugin automatically downloads and installs.
The second method uses the zip uploader. Zipped plugin files can be uploaded, extracted, and installed by WordPress. To use this method, click the Upload Plugin button at the top of the Add Plugins page. Click the Choose File button and select the plugin zip file you want to install. After you select the plugin, click the Install Now button, as shown in Figure 1‐3.
FIGURE 1‐3: Install Now button
The third and final method to install a plugin in WordPress uses Secure (or SSH) File Transfer Protocol (SFTP). Using SFTP involves simply connecting to your web server using an SFTP client and manually uploading the plugin to your WordPress installation. To use this method, upload the uncompressed plugin folder or file to the wp‐content/plugins directory on your web server.
Managing Plugins
After you install a plugin in WordPress, you can manage it, along with all other plugins, on the Plugins ➪ Installed Plugins screen. Here you can find a list of all plugins, active or not, available in your WordPress installation. You can easily activate, deactivate, edit, update, and delete plugins from this screen.
The Plugin screen also features bulk actions for activating, deactivating, updating, and deleting plugins. Check all the plugins you want to manage and then select the appropriate bulk action from the drop‐down menu. This process makes managing multiple plugins a breeze!
Editing Plugins
WordPress features a built‐in plugin editor on the Plugins ➪ Plugin Editor screen. The plugin editor enables you to view and edit the source code of any plugin installed in WordPress. Keep in mind you can edit the source code only if the plugin file is writable by the web server; otherwise, you can only view the code.
To use the editor, select the plugin from the drop‐down menu on the top‐right portion of the Edit Plugins page. The editor lists all files associated with the selected plugin. There is also a documentation lookup feature that makes it easy to research a specific function's purpose in the plugin you are reviewing.
WARNING A word of caution when using the built‐in plugin editor: a browser doesn't have an Undo button. There is also no code revision history, so one bad code edit can crash your entire website with no way to revert the changes. It's best to use the code editor for reference only and never use it to edit your plugin files.
Plugin Directories
A lesser known fact is that WordPress actually features two plugin directories. The primary directory is located at wp‐content/plugins in a standard WordPress installation. The second, lesser known plugin directory is at wp‐content/mu‐plugins. The mu‐plugins directory, which stands for Must‐Use, is not automatically created by WordPress, so it must be manually created to be used.
The primary difference between the two is that the mu‐plugins directory is for plugins that are always executed. This means any plugin included in this directory will automatically be loaded in WordPress and across all sites in the network if you run Multisite. Mu‐plugins are always on and cannot be deactivated.
NOTE The mu‐plugins directory will not read plugins in a subfolder, so all plugins must be individual files or must include additional files that exist in a subdirectory. Any plugin files in a subfolder will be ignored unless included in the primary plugin file.
Types of Plugins
WordPress features a few different types and statuses for plugins, as shown in Figure 1‐4. You need to understand the difference when administering and creating plugins for WordPress.
FIGURE 1‐4: Types and statuses for plugins
Active: Plugin is active and running in WordPress.
Inactive: Plugin is installed but not active. No code from the plugin is executed.
Recently Active: A temporary