January 31, 2017

Today we’re going to answer questions from listeners. We’re focusing on development today, and if we don’t get to your question, we will get to it soon, so go ahead and get in touch if you have a question that you would like answered. We also apologize because our sponsorship form wasn’t working, but we’ve got it fixed now. If you’re interested in becoming a sponsor, please check out our Sponsorship page and fill out the form.

Some of the highlights of the show include:

  • How nonces are used: their fully defined used, how else they’re used, and where meta boxes fit in. We also discuss some of the security issues that nonces can help with.
  • Steps for a PHP developer to take to become a WordPress plug-in developer.
  • Advice on coding WP with PSR standards.
  • A discussion of object-oriented programming versus procedural, particularly the benefits of OOP.
  • The tools that we use regularly and what helped us level up as developers.
  • The best practices for making your own plug-ins and codes.

Links and Resources:

WP API Libraries:

https://wp-api-libraries.com

https://github.com/wp-api-libraries/wp-api-libraries.com

PSR standards

If you’re enjoying the show we sure would appreciate a Review in iTunes. Thanks!

Transcript
INTRO: Welcome to Apply Filters, the podcast all about WordPress development. Now here’s your hosts, Pippin Williamson and Brad Touesnard.

PIPPIN: Welcome back to Apply Filters, Episode 75. Today we’re going to answer a whole bunch of questions from listeners. We’re trying to focus on purely development questions today, so we’ll try to get through them all. If we don’t get to everything, then we’ll add on another episode here in a week or two with some more.

Before for we do that, though, a quick housekeeping note. We found out last week that the topic submission form and also the sponsorship submission form on ApplyFilters.fm were not working. If you wanted to submit a sponsorship or if you wanted to submit a topic idea, please try again. Sorry about the hiccup. It’s all working now though.

BRAD: Cool.

PIPPIN: All right. Do you want to start us off with our first question?

BRAD: Sure thing. Our first question is from Brian Wall. He says, “Hey, guys. Not sure if this qualifies as a whole episode topic, but I’m trying to understand nonces with some difficulty. I understand that wp_nonce_field creates a hidden field with a unique value inside a form that can be validated after the form is submitted. But when working with meta boxes, you also use nonces to remember which meta boxes are closed and their position. This seems like a big diversion from the intended purpose of nonces. Why are nonces used for this purpose? It doesn’t seem like a security use case. What is true, fully defined use of nonces? How else are nonces used?”

PIPPIN: I like this question a lot. There is an error in the question, but it’s good because it points out some of the confusion around nonces. I think a lot of people struggle to understand how nonces are used and what they’re used for. I know it was a topic that took me a long time to really grasp.

Nonces are used for security purposes. It stands for a number used once. It’s just a quick way to help validate a form. Now it’s not the only thing you should be using, but it’s one more thing that you can help to use. It also can help prevent resubmissions of forms.

In terms of them being used for storing meta box positions, that’s what’s not actually correct. When you drag a meta box into a new area on a post edit screen or somewhere else, it fires off an AJAX request to the admin AJAX file and then stores that position. That request that gets fired does include a nonce, but the nonce itself is not actually used to save that position.

The position and the state of it, either open or closed, is actually stored in user meta. There’s a user meta key called meta-box-order_ the post type. And so if you’re on a page post type, it’s going to save the order of all the meta boxes on that post type for you, so it’s user specific. Then if you’re on, say, a product post type, then it’s going to have another row in user meta with the other values. That nonce is just used to help validate that AJAX request.

BRAD: Cool. What are some of the security vulnerabilities, I guess, that nonces protect us against?

PIPPIN: One of them is making sure that you have a valid form submission. Let’s say that I have a form on the front end of a website, and I then have something that’s going to process the submission of that form. You can use nonces to help prevent spoofed submissions. For example, it’s a little bit harder to do a fake submission from, say, the command line or an API tool like Postman for a form that includes a nonce because, in order for that nonce check to pass, you have to generate a valid nonce. That means in order for me to spoof that request, I have to find a way to generate a valid nonce for that form and then include it with my request. Certainly doable in certain cases, but it is a little bit harder.

BRAD: Right.

PIPPIN: In some cases a lot harder.

BRAD: I think it’s also used for certain links. Like if you click on a delete link, I think, in WordPress, I believe it also has a nonce on it because–

PIPPIN: Yes, it does.

BRAD: I think the reason for that is so that if someone tried to trick you into clicking on a delete link, they would need the nonce. They would need to generate a valid nonce for that link in order for it to actually delete something.

PIPPIN: In that case, like WordPress or the plugin that’s processing that delete link is looking at the variables and the URL, the request variables. Let’s say that you have an action called delete. You could trick somebody to click on a URL that has action delete, post ID equals 57, to attempt to try to delete it. But that’s only going to succeed if you have a valid nonce on it. There’s actually a helper function in WordPress called WP Nonce URL specifically for attaching a nonce to a URL.

BRAD: Right. Cool. I think that pretty much covers it.

PIPPIN: All right. This comes from Praveen. This question was, “What would be a recommended roadmap for a PHP developer to become a WordPress plugin developer? What are the steps?”

BRAD: Hmm.

PIPPIN: Do you want to start us off with this one?

BRAD: Sure. Yeah, that’s a tricky one. I think the best thing — the thing I would probably suggest is just to work on an open source plugin. Check out Easy Digital Downloads, for example. Maybe dig through some issues and try to fix a bug that’s outstanding. I think that would be a really good way to get into it.

I think also another way would be to take a look at, like, for example, if you were interested in writing your first plugin. A good way to do it would be to get a plugin boilerplate. I believe there’s one from Tom McFarland that’s pretty popular. Use that because that plugin has kind of all of the best practices kind of baked into it already. And so it gives you that kind of proper framework to start from that a PHP developer may not be aware of. Right?

I’ve seen some plugins that have been written by developers who are not WordPress, familiar with WordPress development, and they look kind of funny. I’m sure you’ve probably seen a few of those yourself, Pippin.

PIPPIN: Oh, yeah. I think another thing that’s important is to think of WordPress as, I mean it is, a framework. Now it’s not necessarily a development framework, but it is an application framework, and so there are certain things, certain ways that you do things, built in internal APIs, et cetera. You want to try to become familiar with those.

The biggest thing for writing plugins is you need to become familiar with the actual plugin’s API. A plugin’s API is an actual API within WordPress for building plugins. Really, what it refers to is the action and filters system within the system. If you want to start building plugins, the first thing you need to do, assuming you already know PHP, in my mind is you need to understand how action hooks and filter hooks work. From there, once you have that down, it’s pretty easy to go from there.

BRAD: Yeah. The best way for me to learn, I find, is by doing something, like doing an exercise of some sort, because just reading, I find I can read a little bit, but then I have to do something with that information or it doesn’t stick. For me, reading a programming book, like if I read a Ruby on Rails book or something, that would do me almost no good. I would be much better off to try to stumble my way through building my first Rails app. I would learn so much more doing that than reading the book. The book is, for me, a complement. It’s something that I could refer to or go through and implement parts of it. Yeah, anyway.

PIPPIN: I learn very much the same way. I have to learn by doing. Maybe some of it is muscle memory. It’s not exactly muscle memory, but it’s similar. I could read a tutorial on how to do something a thousand times and not really get it until I actually sit down and write it myself.

BRAD: Yeah. Agreed.

PIPPIN: Even if I’m literally copying and pasting the code. Well, maybe not copy and pasting, but actually writing every single character myself. Copy/pasting doesn’t actually help me learn. Copy/pasting, it to me is like reading it. But the moment that I actually hit all of the keystrokes to write it out, it kind of cements it in my brain.

BRAD: Yeah. It’s like if you were setting up a new server and someone just gave you all the commands to put in the command line. You’re not actually learning anything. You’re just running commands. Yeah, you kind of have to understand what those commands are to understand what they’re doing.

PIPPIN: All right. This next one comes from Brandon Hubbard. It’s actually more of a comment than a question, but it was something that I think is very worthwhile to share. He wrote, “I work for a small WP design agency and have a small team of developers. I notice that we work with a lot of third party APIs, and it felt like we were recreating the wheel on client projects. So I created an organization on GitHub to create PHP API libraries specifically built to be used for WordPress projects.” We will include a link in the show notes.

“As APIs are constantly changing and being updated, I thought having dedicated libraries can be a way to improve standards and help developers stay up to date. I wanted to know what you would suggest as far as guidelines and rules for this project and getting other developers involved. I have a few generic guidelines written out in the GitHub read me. Also considering your teams have worked with third party APIs, if there was any code that can be contributed to this project.”

WPAPIlibraries.com is where you can find it. I could see he did actually have a question in there as well. Brad, do you want to start off with trying to answer his question?

BRAD: What was the question, like whether or not this is a good idea, I guess, basically?

PIPPIN: No. How to get other developers involved, really.

BRAD: Oh, okay. Okay.

PIPPIN: He’s built this asset, this repository of libraries that they use over and over again. Basically, I think the goal of this is so that other people can use it and so they can become more of a common thing.

BRAD: Yeah.

PIPPIN: Number one, sharing the fact that they have resources available. And number two, how to get more people involved.

BRAD: Yeah. I think first I want to comment on whether or not it’s a good idea because I feel like I like the idea in some ways, but in other ways I feel like the people that own the APIs themselves, it’s really their responsibility to have libraries available for those. Those are the people that are best positioned to keep those libraries up to date and make sure that they continue to work, right? And it’s in their best interest to do so if they want people to use those APIs.

The problem, though, is that we end up with generic PHP libraries that have a bunch of stuff in them. For example, the Amazon Web services library. It includes Guzzle. WordPress doesn’t really use Guzzle, right? It has its own kind of HTTP request API thing. Basically, if you’re using that in a WordPress plugin, you’re adding additional libraries that are doing the same thing. I think what he’s saying here is that these are libraries specifically for WordPress that are designed to work really well with WordPress.

PIPPIN: Mm-hmm. Here’s an example that he gives. Right now he’s got three, no four libraries. One of them is completed, production ready, one is in progress, and two of them are tagged as needing help.

One of them is an extension of the IDX API. I believe IDX, I could be completely wrong, but I feel like is one of the main real estate servers. Is that wrong?

BRAD: Oh, I have no idea.

PIPPIN: That’s totally wrong, I think. Okay, well, there’s an IDX RESTful API. Honestly I don’t know what that is. It has a full API, and so then the IDX broker API that he’s provided here is basically an extension of that API designed for within a WordPress installation, perhaps to make it a little bit easier to use.

BRAD: Right. I agree that I wish there were API libraries that were specifically made for WordPress and not just PHP. But I feel like this is a super ambitious project.

PIPPIN: I think it’s super ambitious for sure.

BRAD: Yeah.

PIPPIN: If it can be well maintained and get some traction, I think there’s some good possibilities here. I have an example of an API that I have always kind of rewritten myself every time and having an official API library would be quite useful, or an official WordPress version of it. The main thing that I want to see in a WordPress API library is the usage of wp_remote_post, remote_get, remote_head, et cetera, because those methods are so much easier to use and understand than, say, straight up cURL requests. They’re much, much simpler.

For example, since we do a lot with e-commerce, we work with things like the PayPal API, authorize.net, Stripe, et cetera. Now Stripe is an exception here because their API is wonderful. The PayPal API and the authorize.net API and some of the other merchant processors are a little bit trickier to set up. I have actually rewritten some of the API libraries numerous times to work with wp_remote_post and get. It would be really cool to see, say, like a wrapper to the PHP SDK with the WordPress helper functions for remote requests. That’s one example.

BRAD: Yeah. I mean I’m 100% onboard with the idea of putting a library written up on GitHub and sharing it with the world and inviting people to collaborate on it and keep it up to date. I think that’s an awesome idea. I think the trouble he might run into is trying to build a massive repo of these libraries. That’s going to be tricky, I think.

PIPPIN: Yeah. Getting other developers onboard is probably the biggest hurdle there.

BRAD: Yeah.

PIPPIN: I mean developers are — well, we’re finicky human beings.

BRAD: Yeah, but as long as it’s up on GitHub and people can find it, and you can invite them to collaborate, I think that’s great.

PIPPIN: Well, and I think probably one of the best ways to get somebody to collaborate is to release a library somebody else can use. It may be used by one person or 100 people. But the moment that somebody finds it and it solves a problem for them, that’s going to make them happy and more likely to contribute to it, so put things out there.

BRAD: Yeah, definitely. Cool, so the next question comes from Guido Scialfa. I probably didn’t say that right.

PIPPIN: We take great pride in our name butchering, so we apologize in advance.

BRAD: Well, my last name is always often butchered.

PIPPIN: It is.

BRAD: Almost always butchered, so I understand. His question is, “Can we code WPStuffs by following the PSR standards?” Can we code WordPress things by following the PSR standards?

PIPPIN: Absolutely.

BRAD: Yeah? How?

PIPPIN: For anybody not familiar, PSR standards are basically coding standards, so they dictate how you should indent your code, what kind of alignment you should use, where should you place opening and closing brackets, and a whole bunch of other. There are some more strict guidelines as well. But they are a very set and commonly referred to set of guidelines, and there’s also plugins for the various IDEs and code editors that can auto format your code to PSR. I can check for validity, things like that.

BRAD: Oh, PSR is spaces for intending, not tabs.

PIPPIN: Yeah, which makes me hate it, but….

BRAD: They’ve just eliminated 50%, at least 50% of the possible developers that will use it.

PIPPIN: Yeah. To answer the question, Guido, absolutely you can use PSR. At the end of the day, PSR is just a formatting standard. It’s a style guideline. It’s a definition guideline, et cetera, so you can use it with your own WordPress projects.

WordPress itself is not PSR and probably never will be. But in that same vein, there is an official WordPress coding standards that is basically the same thing. It’s along the same lines as PSR, but has different guidelines and rules. You can use whatever you want.

I don’t really think it’s important that you use one or the other. I just think it’s important that you use one. Even if it’s completely your own, but have standards for the kind of formatting you do, the way that you do it. Have a standard and stick to it. Beyond that, at least, now I know there are developers out there that will say terrible things to me because I think you could use whatever you want, but use whatever you want, but keep your consistency.

BRAD: Yeah. The one thing I will say about that is if you’re developing something for WordPress that you want buy-in from the community or you want contributors from the community. I think you would be much better off by using the WordPress coding standards because I think there is a lot of people in the WordPress community, a lot of developers that would be turned off by any plugin that doesn’t use WordPress’s coding standards.

PIPPIN: Another example — I agree 100% with that.

BRAD: Yeah.

PIPPIN: But lets say that I have a plugin. Take any one of our plugins we build. You give me a pull request for it, some fixes. If they’re not in the proper format to match the rest of our formatting, it will not be accepted as is.

BRAD: Yeah. I mean consistency over style is kind of one of my rules. If a piece of software is in one style, even if you hate it, you have to go with it because it looks way worse to have a chunk of code that is using a new style kind of in the middle of the project. Yeah, and no self-respecting developer is going to accept a pull request that breaks whatever convention the code base is using.

PIPPIN: Yeah, I think it’s actually pretty easy to tell when a project maintainer has stopped caring because they’ll start accepting a lot of pull requests with no style consistency.

BRAD: Yeah.

PIPPIN: It’s one sign, anyway.

BRAD: Yeah. Yeah. All right, the next question is from Michael Beckwith. He says or he just makes a request to discuss OOP, Object Oriented Programming, versus procedural. Pippin, do you want to start us off?

PIPPIN: Sure. I mean there’s a whole lot of things that we could go into here, I mean tons and tons of different topics. There are times and places to use both, but his kind of open-ended question did make me think of an example of: Where is an example where object oriented is clearly superior to procedural? And so we actually had one in the Easy Digital Downloads project recently.

The EDD checkout and the cart process, so basically when you get to the checkout screen and you see all the items in your cart, and you see the individual amounts and maybe you see taxes, and you see a purchase total, and you see a discounted amount, et cetera. That entire system was written in procedural code since version 1.0 the first time that we released EDD. In the upcoming 2.7 release, we have built a new object called EDD Cart. It has some really, really significant improvements.

Number one, we’ve measured the performance impact or the improvement from the procedural to the object, and it’s pretty significant. It’s a whole lot faster. It’s pretty obvious why when you start digging into the internals. Due to the procedural design — and now some of this was purely design flawed, not just because it was procedural, but it was still a symptom.

Let’s say that you have a function and it’s called edd_get_cart_item_price. This function is going to be called for each item in your cart. We actually measured it one time. The edd_get_cart_item_price is called 147 times in some instances of the checkout. I don’t remember — it gets called a certain number of times per cart item. There’s a few reasons for this. But basically it comes from the fact that, with the procedural code, we have a whole lot of these, all these little helper functions that pull data from sessions and pull data from the database. Then we have this big function at the end, one big wrapper function that is basically called get_cart_content_details. That retrieves a big array of all of the data in the cart.

That cart_content_details function is then called by things like cart subtotal, cart total, cart tax, et cetera. You can think there’s also — you’re going to show a cart total multiple times on the page, on the checkout page, maybe at the top and one at the bottom. Then you’re going to call the discount, and you’re going to show the discount at the top and the bottom.

Because of this, we have functions that are called hundreds of times on the checkout screen. Now, these are very, very fast functions, and so they don’t cause a lot of noticeable impact on performance, but it’s still crazy that to get one number or retrieving one number, let’s say the price of an item, and to display this page, we have to call that same function over 100 times. That was a symptom of two things: number one, some design flaws; and number two, procedural code.

Translating this into an object, we can actually bring that call down to one. Now we only have to get the price for an item one time for the entire page, and we can then reference it as many times as we want without rerunning that logic. That’s one of the big advantages that you’ll see in object oriented programming. This is just one example, but the performance impact of it in not redoing logic is a common improvement you’ll see when you translate from procedural to object oriented.

BRAD: I don’t know. I think I might have to push back on you on this because I think some people will push back on this because if you have a function, a global function, and you use global variables, you could essentially — if that global function already is set, then just return it and don’t do the rest of, it’s kind of like, right? Then you never — you kind of skip the logic every time, right?

PIPPIN: A good example of that would be how the WordPress filters and actions system works. It uses a global called WP Filter. Now that then opens up a whole other discussion of should you use globals. I don’t really want to get into that subject right now, but there’s a whole lot of people that have very strong opinions on it. That’s why I say part of our issue, part of it is a design flaw, part of it is just a symptom of procedural, and part of it not trying to avoid that.

Could we have fixed it without going object oriented? Certainly. But going object oriented is one of the ways that allows us to address it. Something like a global would be another way to do it.

BRAD: Yeah. I think what you just touched on about should you use globals, I think that is a big part of the argument here because, with object oriented, you can put things in a class. You can make them private so that they are not in the global scope and they’re not even accessible at all, even if the object is in the global scope.

I think object oriented just gives you more options. It gives you more options to protect certain variables, make things public or private, and stuff, whereas procedural–

PIPPIN: Yeah. Something to be very careful with if you decide to go, say, a procedural route that uses globals is that anything put into a global can be manipulated by anyone.

BRAD: Yeah.

PIPPIN: You may not want that.

BRAD: Absolutely. Yeah.

PIPPIN: Yeah.

BRAD: I think that’s a big part of it. I think a lot of people see classes called statically, so they’ll see a class like–I don’t know–EDD, colon, colon, and then some function name. They’ll be like, well, why is that better than just having a global function called EDD_ some function name, right? I think it’s harder to argue against because there isn’t–

PIPPIN: Yeah, I don’t think that one is nearly as black and white.

BRAD: Yeah. I don’t actually have a great argument for that besides–

PIPPIN: My best answer to that one has always just been that it’s like a pseudo name space. Let’s say that we have a static EDD cart class. We could put all of our helper methods for the cart inside of that, and then it could be like edd_cart::get_price, edd_cart::get_total, et cetera. And so we’ve just kind of pseudo name spaced your helper method. That’s really what it is in a lot of cases.

BRAD: Yeah.

PIPPIN: Unless it’s a singleton, and then it’s a whole other story.

BRAD: Right.

PIPPIN: All right.

BRAD: I do still think that OOP does — even in statically called methods, I think it gives you more options in terms of protecting variables and all that kind of stuff. I still — yeah, OOP is the way to go. I don’t agree with anyone that says anything else.

PIPPIN: There’s some more, like along with the benefits that being able to protect and make properties private or methods private. Also, it’s a little bit easier to enforce how an object or functions are used in OOP than it is in procedural. For example, there’s magic methods for, like, is set, call set, and quite a few others. Those magic methods can be very, very valuable in helping to control the exact behavior that somebody will see when they try to do something.

One example of that is we wrote an EDD payment object about a year ago. Because we were upgrading from previous versions, we were trying to be very careful with backwards compatibility. The ability to prevent somebody from setting the value of one of our properties, we wanted to strictly enforce what would happen when somebody set a property value. In this particular case, we wanted to make sure that the necessary filters and actions ran even when just setting a property directly as opposed to calling a set method. With magic methods, we were able to enforce a lot of behavior even if you just tried to directly manipulate property values.

BRAD: Right.

PIPPIN: You cannot do that in procedural.

BRAD: Right. Another thing I just thought of was auto, class auto loading. I don’t think that’s an option with procedural either, right?

PIPPIN: I don’t think so.

BRAD: I think you just need to load in all of the functions.

PIPPIN: Yeah.

BRAD: And just use them, even if you’re not going to use them. All right.

PIPPIN: All right. This next one comes from Mr. John James Jacoby or J Trip. He says, “What tools do you all use regularly and what helped you level up your abilities as developers?”

I used bbPress to level up my coding abilities.

BRAD: bbPress? Huh.

PIPPIN: A little bit of a joke, but really thanks J Trip because J Trip is one of those people that I followed a lot when I was learning development, and so things like bbPress and BuddyPress were oftentimes used as examples for me on how to do something. But beyond that, I actually have a rule for myself. I’m sure that this hurts me a lot of times.

I actually try to avoid super developer-y tools. It’s not because I don’t like them, but it’s that I don’t want to ever rely on them. I like to make them accessible in my toolbox, but I have a general rule. Maybe this comes from me traveling so much.

It is basically this: Anything that I use in my day-to-day work life, I have to be able to replace in an hour or less. Meaning, if my computer falls in a lake, gets hit by a car, run over by a truck, or something like that, I have to be able to walk into a store, buy a new laptop, and be up and running in an hour or less. If there’s a tool that doesn’t fit within that guideline, I don’t rely on it.

BRAD: What kind of tools would you eliminate?

PIPPIN: I would eliminate anything that requires a lot of local configuration that can’t be synced into the cloud. I keep my coding environments, for example, very, very lean. I don’t like big IDEs. Some of that is I don’t like big IDEs because I think they’re a lot heavier and slower. They have some very valuable tools, but I’ve never enjoyed them enough to give up some other things that I like, such as performance and lightweightness.

BRAD: Right. It’s funny. My answer to this question is basically just that. I recently tried out PHP Storm because guys on the team were — well, basically I’m the only one on our team that doesn’t use it. Ian Poulson is a huge fan of PHP Storm and has converted most of the team. I was kind of holding out, but recently I tried it out. It’s pretty damn awesome.

It is a big IDE, but it’s not very slow. I use Sublime Text is what I’m coming from, so very, very, very snappy. PHP Storm has some stuff that Sublime doesn’t that’s pretty nice, like the hooks you can easily navigate to hook definitions really quickly just by clicking on them.

What was the other thing I notice? Oh, debugging. The ex-debug. It’s not called ex-debug. It’s just debugging. The debugging tools were very good, just being able to step through the code and stuff.

I know that you can do that in Sublime. I’ve just never set it up. It’s just automatically included in PHP Storm. There’s a little bit of setup still, but not very much. But it just works really well.

When you haven’t done debugging before, like using a proper debugger where you can step through the code and stuff, you really realize, what have I been doing? Then you start thinking, oh, yeah, I just chuck in; I just echo whatever that I need or print R it to the screen, or I print R it to a log file or something to try to figure it out. It’s just so much nicer if you can step through the code and stop it and just see what all the variables are set to.

PIPPIN: Yeah, I’m definitely guilty of that.

BRAD: Yeah. I think that’s probably — if you haven’t used PHP Storm, and you’re just dismissive of it because it’s like, “Ah, it’s just a big, old, clunky IDE. I’ve tried those before. I don’t like them. I’m not going back,” I’d recommend giving it a try.

Or if you haven’t — maybe you use Sublime Text and you’re just not willing to do that and you don’t use debugging, try setting up debugging in Sublime Text. I think that’s probably a piece that a lot of developers overlook that could really level them up.

PIPPIN: I think the other example that I would give at least for me, and it’s kind of going off of my first answer in regards to bbPress, but is reading other people’s code, finding people that are doing things that you don’t know how to do, but maybe want to do, and learn from them. Don’t be afraid to ask questions too.

BRAD: Yeah.

PIPPIN: I think that — I think being open with myself and saying I need to ask somebody how this works or like to dig into it and admit that I don’t know it possibly has helped me more than anything else.

BRAD: Absolutely. I think to extend that further, if you work alone or you don’t have a team of developers, I know a lot of people, they’re a solo developer working at a small shop or whatever and you don’t have that collaboration to learn from others. If you contribute to an open source project and submit pull requests, you will get that. You get feedback from other developers, and you can learn from them. They’ll tell you what they don’t like about it. I think that would definitely help level up your abilities as well.

All right.

PIPPIN: All right. We have time for one more question?

BRAD: One more question from Michael Beckwith. He says, “What are the best practices for making your own plugins/code extensible by others beyond just providing filters/action hooks? For example, interfaces or abstract classes for payment gateways.” Hmm. What do you think?

PIPPIN: I’ve got a couple for this. We’ve been doing a bunch of reworking in some of our plugins, primarily like Restrict Content Pro and Easy Digital Downloads. Both of those have now been around for three to five years. With that, it gives us opportunities to go back and rebuild some of the internal APIs.

The payment gateway API in Restrict Content Pro, for example, got rebuilt I think about six months ago. I think we did it over the summer of 2016. It is now a lot more extensible than it used to be. It basically uses a base class. I don’t think it’s technically an abstract class, but it probably should be an abstract class.

It provides a lot of the default logic for other people that come in and build a gateway on top of it. So a payment gateway in this case would be what interfaces between your software, the WordPress plugin, and the merchant processor, so Stripe, PayPal, authorize.net, et cetera. Now when we want to go in and add a new payment gateway to Restrict Content Pro, we make a class that extends the base class, and we have a lot of the heavy lifting already done for us. That’s one good way is making sure that you use a lot of — maybe not necessarily a lot, but if you want somebody to extend something.

If it’s a new gateway or maybe for example you have a plugin that communicates with like newsletter systems: MailChimp, Convert Kit, et cetera. For that, if you want to allow other people to add in support to your plugin for additional email services, you could have a base class that handles, that defines kind of your main methods, the way things are done, the basic logic, and then all they have to do is replace some of your methods with the proper API calls to the new API endpoint. That can be very, very handy for allowing people to extend your code further.

Gateways, newsletter services, anything that communicates with an external API is a perfect place for this to happen. Or like data objects. Data objects are another good example. Maybe you have three different data types in the database. Maybe you have one base object that defines some of your shared properties between all of your objects, and then you have an object that extends that base abstract for each one of the types.

Anything to add to that?

BRAD: No. I mean I can’t really think of any beyond. This question is beyond filters and action hooks. How do you make it more extensible? I think abstract classes is the obvious answer to that.

I think your plugin, I think Easy Digital Downloads is a great example of that because it’s highly extensible. Our plugins aren’t quite as extensible as that. Our Amazon S3 plugin is fairly extensible, but it’s mostly through filters and actions.

PIPPIN: I have another example where it can be very handy to have an extendible class. In EDD and Affiliate WP and hopefully soon in Restrict Content Pro, we have an export API that handles taking data out of your database and putting it into a CSV file. For that, we have base class that handles all of the logic for creating the CSV file, outputting the headers, and structuring the columns.

The only thing that — like let’s say that you wanted to build a new export option to export a list of all of the countries that you have customers in. Maybe a country name followed by the number of customers. All you would have to do is extend our class and put in a method called get_data, and that would then just — however you need to do your logic to query the database or remote APIs or whatever, all you have to do is make that method return an array, a key value array. Then everything else is handled for you. That becomes a whole lot simpler for people to add new export options.

The same thing applies to — we’ve built these batch processing APIs in EDD and Affiliate WP now that are designed for handling big data sets. And so if you want to add an option, whether it’s for report that you display on the screen, some kind of database action, exporting data, or anything else, you can now extend that batch processing and all of the job script is handled for you.

All of the, like, writing data to a temporary file is handled for you. Converting that file into a CSV is handled for you. Basically the only thing you have to do is provide a couple of methods that say this is how many items I want to process per step, and here is how we query. Here is what we do on each step, and maybe like another item to count how many steps you’re going to have, and that’s really it. And so it suddenly becomes more easier for other plugins and other developers to add in new batch processing routines for their own data. I think the best thing you can do is think in that kind of mindset and then go from there.

BRAD: Nice. Well, should we wrap it up?

PIPPIN: Let’s do it.

BRAD: All right.

PIPPIN: All right. I think we had a few other questions left, so we’ll probably do this again next week. If you have any questions that you would like us to answer on the show, drop us a line, send us an email, send us a tweet, find us on Post Status, or somewhere else, and we’ll get it recorded.

BRAD: Yep.

PIPPIN: And we’ll include it in the next episode.

BRAD: Yeah.

PIPPIN: Thanks for listening, everyone.

BRAD: Thanks, everybody.