hqhow

This collection on standards by HQHow.com

• Escape, echo, sanitize,...validate input data
• Every echo must include text-domain for the translation
• If there's empty file, delete it
• If there's the commented code, delete it on the production commit.
• If you want to regist the resources file, like CSS or JS, you must pay attention to the - performance and how it will affect to user's site
• For every output class name, they must have the plugin prefix, i.e InnoRef, the prefix should be inr-your-class-name
• Try not to override the basic elements like a, b, strong, i....you will want to mantain the consistancy of the UI through out the website
• If you want to call and run AJAX, you just do it via wp-ajax.php action, and must pay attention to logged in/out user case.

hqhow

This tip created by HQHow.com

Here is a quick function to extract the thumbnail image from the post. This is quite useful especially on older themes or if you are not using post thumbnail functionality of newer WordPress versions.

The function can be called within the loop. It will scan for image attachments and return the URL to thumbnail of the first image.

If no attachments are found, it would return the URL of the first image found (for example an externally linked image).

If no images are found, but a youtube video is embedded, it would return the thumbnail of the youtube video.

hqhow

This is created by HQHow.com

Using a nonce (number used once) is the best way to protect your plugin against a cross-site request forgery (CSRF) hacker-attack. Nonces are used on requests (saving options in admin, Ajax requests, performing an action etc) and prevent unauthorized access by providing a secret 'key' and checking it each time the code is used.

Nonces in WordPress

Nonces work in the following way:

• First you generate a nonce with a unique identifier
• You pass the nonce along other query data (link or form) to you script