Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br WordPress Best Practices WordCamp Fortaleza 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
WordPress Best PracticesWordCamp Fortaleza 2016
Who am I?
● My name is Nícholas André● I’m a Web Engineer at 10up● WordPress plugin developer &
WordPress core contributor● I embrace Open Source● WordPress passionate
https://10up.github.io/Engineering-Best-Practices/
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Performance
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Efficient Database Queries
• When using WP_Query make sure to pass the appropriated params.• 'no_found_rows' => true: useful when pagination is not needed.• 'update_post_meta_cache' => false: useful when post meta will
not be utilized.• 'update_post_term_cache' => false: useful when taxonomy
terms will not be utilized.• 'fields' => 'ids': useful when only the post IDs are needed (less
typical).• Do not use ‘posts_per_page’ => -1
• This is a performance hazard. What if we have 100,000 posts?
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Efficient Database Queries
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Efficient Database Queries
• Passing cache_results => false to WP_Query is usually not a good idea. (unless you have good reasons)
• DO NOT use query_posts(). • Use either pre_get_posts or WP_Query.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Search
• If you receive a lot of search traffic, consider using ElasticSearch.
• Search queries on WordPress are slow and sucks…• https://www.elastic.co/products/elasticsearch• https://github.com/10up/ElasticPress
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
General Tips
• Do not write to the database on frontend pages as doing so can result in major performance issues and race conditions.
• Store information in the correct place. (Post Meta, Options API, Object Cache, Transients API etc).
• Certain options are “autoloaded” or put into the object cache on each page load. When creating options you can pass false to create_option to disable autoloading for that option.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Writing efficient PHP Code
• Avoid using in_array(), instead create arrays that facilitates lookups by key.• The worst case scenario is O(n), this can be problematic if using
inside a loop.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Writing efficient PHP Code
• Avoid calling a function multiple times on a loop
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Caching
• Caching is simply the act of storing computed data somewhere for later use, and is an incredibly important concept in WordPress.• Object Cache: cache in memory so data can be
retrieved quickly.• WP_Object_Cache and Transients API
• Page Cache: Cache the entire page output• Batcache is a simple WordPress plugin that uses
the Object Cache to cache page output.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Persistent Object Cache
• WordPress lets you drop in a custom object cache implementation (object-cache.php).
• Redis and Memcache let you store things in memory for fast read/write access.• https://wordpress.org/plugins/wp-redis/• https://wordpress.org/plugins/memcached/develope
rs/• Store things in memory is way faster than querying the
database.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Fragment Caching
• Fragment caching differs from Page Caching as it does not cache the entire page, just a single fragment.
• Output generated from an expensive operation should be cached in a fragment cache.• E.g: The output of a list of posts coming from
multiples subsites on a multisite network should be cached.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
What should you cache?
• Slow queries, external requests, expensive PHP functions etc.
• Remember to purge the cache whenever needed.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Ajax requests• Avoid using admin-ajax.php on the front-end. Use the Rewrite API
or create a custom rest api endpoint (preferable).
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Ajax requests
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Design Patterns
• If using PHP 5.3+ always namespace your files.
• When writing classes make sure it is atomic, well-design and fully documented.• In general you should not declare methods or
attributes as private, use protected instead.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Security
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Input Sanitization and Validation
• To validate is to ensure the data you’ve requested of the user matches what they’ve submitted.
• Sanitization is a broader approach ensuring data conforms to certain standards such as an integer or HTML-less text.
• WordPress has a lot of validation and sanitization functions.• Escape All The things and Late Escaping
• https://vip.wordpress.com/documentation/vip/best-practices/security/validating-sanitizing-escaping/
• https://vip.wordpress.com/2014/06/20/the-importance-of-escaping-all-the-things/
• When writing custom SQL queries, always use $wpdb->prepare
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Input Sanitization and Validation
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Late Escaping
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Nonces
• “Number used once” - tool to prevent CSRF• Goal: Make every request unique so an action can
not be replayed.• The WordPress implementation is not strictly numbers
but serve the same purpose.• http://example.com/wp-admin/post.php?post=1&action=trash&_wpnonce=b192f
c4204
• Update and delete actions should require a valid nonce.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Nonces
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Nonces
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Nonces
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Workflows & Version Control
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Workflows
• Use version control (SVN, GIT)• Keep track of your code is important
• DO NOT use a CBVS (Comment Based Versioning System)• DO NOT commit commented out code• Use descriptive commit messages
• http://chris.beams.io/posts/git-commit/• https://vip.wordpress.com/documentation/commit-messages/
• Keep your commits “attomic”• One task, one fix, a single unit that actually does something• Some tasks can often be broken down in smaller tasks.• New Feature = feature branch = multiples commits
• Git-flow: http://nvie.com/posts/a-successful-git-branching-model/• Establish a Workflow at the beginning of the project. It’s best to
have a company-wide workflow set.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Code Reviews
• We are humans and we make mistakes. • Code Reviews can catch bugs, missing
escaping/validation and code that does not adhere to the Code standards.
• Code Reviews help ensure performance, security, maintainability and scalability.
• We learn when we review each other's code• DO NOT trust on every single plugin available out
there.• Most of them are not truly safe and weren’t built with
high traffic websites in mind.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
WordPress Code Standards
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Code Standards
• It’s important that all developers in a project follows the same code standards.• https://make.wordpress.org/core/handbook/best-practices/codi
ng-standards/php/• https://make.wordpress.org/core/handbook/best-practices/codi
ng-standards/html/• https://make.wordpress.org/core/handbook/best-practices/codi
ng-standards/accessibility-coding-standards/• https://make.wordpress.org/core/handbook/best-practices/codi
ng-standards/javascript/• https://make.wordpress.org/core/handbook/best-practices/codi
ng-standards/css/
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Documentation
• Documentation is important.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Tests
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Unit Testing
• PHPUnit - PHP unit tests• WordPress Core Tests• WPMock
• https://github.com/10up/wp_mock• Mocha (Javascript tests)
• http://mochajs.org/
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Modern Tools
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Tools to facilitate your work
• Grunt, gulp - automated tasks• Bower, npm, composer• WP-CLI• Services
• Beanstalk - Git Service provider with automated deployments.
• Deploybot - Service that lets you automate your deployments and run build commands in the cloud.
Nícholas André • @nicholas_io • #WordCampFOR • nicholasandre.com.br
Questions?
Related Documents
