How Plugins Interact with WordPress
WordPress features many different APIs for use in your plugin. Each API, or application programming interface, helps interact with WordPress in a different way. The following are the main available APIs in WordPress and their function:
Plugin: Provides a set of hooks that enable plugins access to specific parts of WordPress. WordPress contains two different types of hooks: Actions and Filters. The Action hook enables you to trigger custom plugin code at specific points during execution. For example, you can trigger a custom function to run after a user registers a user account in WordPress. The Filter hook modifies text before adding it to or after retrieving it from the database.
Widgets: Allows you to create and manage widgets in your plugin. Widgets appear under the Appearance ➪ Widgets screen and are available to add to any registered sidebar in your theme. The API enables multiple instances of the same widget to be used throughout your sidebars.
Shortcode: Adds shortcode support to your plugin. A shortcode is a simple hook that enables you to call a PHP function by adding something such as [shortcode] to a post or page.
HTTP: Sends HTTP requests from your plugin. This API retrieves content from an external URL or for submitting content to a URL. Currently you have five different ways to send an HTTP request. This API standardizes that process and tests each method prior to executing. Based on your server configuration, the API will use the appropriate method and make the request.
REST API: Allows developers to interact with your WordPress website remotely by sending and receiving JavaScript Object Notation (JSON) objects. You can create, read, update, and delete (CRUD) content within WordPress. The REST API is covered extensively in Chapter 12, “REST API.”
Settings: Inserts settings or a settings section for your plugin. The primary advantage to using the Settings API is security. All settings data is scrubbed, so you do not need to worry about cross‐site request forgery (CSRF) and cross‐site scripting (XSS) attacks when saving plugin settings.
Options: Stores and retrieves options in your plugin. This API features the capability to create new options, update existing options, delete options, and retrieve any option already defined.
Dashboard Widgets: Creates Dashboard widgets. Widgets automatically appear on the WordPress Dashboard and contain all standard customization features including minimize, drag/drop, and screen options for hiding.
Rewrite: Creates custom rewrite rules in your plugin. This API enables you to add static endpoints ( /custom‐page/), structure tags ( %postname%), and feed links ( /feed/json/).
Transients: Creates temporary options (cached data) in your plugins. This API is similar to the Options API, but all options are saved with an expiration time.
Database: Accesses the WordPress database. This includes creating, updating, deleting, and retrieving database records for use in your plugins.
Theme Customization (Customize) API: Adds custom website and theme options to the WordPress Customizer. Theme customizations are displayed in a real‐time preview prior to publishing to the live website.
There are additional, lesser known APIs that exist within the WordPress Core software. To view a full list, visit the Core Developer Handbook:
https://make.wordpress.org/core/handbook/best-practices/core-apis
WordPress also features pluggable functions. These functions enable you to override specific core functions in a plugin. For example, the wp_mail()
function is a pluggable function. You can easily define this function in your plugin and send email using the Simple Mail Transfer Protocol (SMTP) rather than the default method. All pluggable functions are defined in the /wp‐includes/pluggable.php
WordPress Core file.
As an example, let's look at the wp_mail()
pluggable function, which starts with this line of code:
if ( ! function_exists( 'wp_mail' ) ) :
You can see that the code first checks to see whether a wp_mail()
function already exists using the function_exists()
PHP function. If you created your own custom wp_mail()
function, that will be used; if not, the WordPress Core version of wp_mail()
will be used.
WARNING Pluggable functions are no longer being added to WordPress Core. Newer functions utilize hooks for overriding their functionality.
You can use some predefined functions during specific plugin tasks, such as when a plugin is activated or deactivated and even when a plugin is uninstalled. Chapter 2, “Plugin Framework,” covers these functions in detail.
When Are Plugins Loaded?
Plugins are loaded early in the process when a WordPress‐powered web page is called. Figure 1‐1 shows a high‐level diagram of the standard loading process when loading a page in WordPress.
FIGURE 1‐1: Loading a page in WordPress
The flow changes slightly when loading an admin page. The differences are minor and primarily concern what theme is loaded: admin theme versus your website theme.
AVAILABLE PLUGINS
When researching available plugins, you need to know where to find WordPress plugins. You can download plugins from many places on the Internet, but this isn't always a good idea.
WARNING As with any software, downloading plugins from an untrusted source could lead to malware‐injected and compromised plugin files. It's best to download plugins only from trusted websites and official sources such as the official Plugin Directory.
Official Plugin Directory
The first place to start when researching available WordPress plugins is the official Plugin Directory at WordPress.org
. The Plugin Directory is located at https://wordpress.org/plugins
. With more than 55,000 plugins available and millions of plugin downloads, it's easy to see the vital role plugins play in every WordPress website. All plugins available in the Plugin Directory are 100 percent GPL and free to use for personal or commercial use.
Popular Plugin Examples
Take a look at some of the more popular WordPress plugins available to get a sense of their diversity:
Yoast SEO: Advanced search engine optimization functionality for WordPress. Features include custom metadata for all content, canonical URLs, custom post type support, XML sitemaps, and more!https://wordpress.org/plugins/yoast-seo
WPForms: A powerful drag‐and‐drop form builder. Create simple contact forms and powerful subscription payment forms, all without writing a single line of code.https://wordpress.org/plugins/wpforms-lite