Mistakes to Avoid During Developing WordPress Plugins

Mistakes are a part of the development process for a WordPress developer. When you are new to developing WordPress plugins the success involves a lot of trial and error.

And even the most pro and seasoned players are bound to mess up occasionally. A lot of time and effort can be wasted due to some unfortunate missteps.

Errors and mistakes are by far the inevitable elements when it comes to the development area. But, understand some of the most common blunders can help individuals to avoid making it. This will benefit you as it turns out to be a prosperous and productive experience for development.

In this article, we have focused and highlighted five key errors that are often unknowingly committed. We have also made necessary efforts to include guidance and solutions steps for your reference.

Ignoring Compatibility during Coding

There are ranges of issues that incompatible and poorly coded plugins can cause which in general know by all developers.

Hence, to ensure that the usefulness of plugins is maximized and performance issues are minimized, it will be a smart option to consider the compatibility. Even before the first line of coding is written consider WordPress version and PHP compatibility.

Developing WordPress Plugins

Undoubtedly the best practice, in any case, will be to use the latest version of both the verticals. But, it is not possible for everyone to have it.

Ensure that the code is designed to support the newer version, deprecated features and latest updates as it will always be helpful. When we consider the usage statistics of the Platform, in general, most of the users are running WordPress 5.0 higher.

Compatibility with themes and plugins

When it comes to PHP the majority of the users are using version 7.0 and above while there are still some who use version 5.6. This information can be a benchmark for you.

This is because you can test the plugin’s compatibility against the latest version of PHP and WordPress. This can be directly considered as the standard of coding for your project.

You must also have in consideration that a readme.txt file is essential for submitting along with developing WordPress plugins. In many parts of the same, there are sections that can be used to clearly mention minimum versions of PHP and WordPress. For example:

=== Plugin Name ===
 Tags: spam, comments
 Donate link: 
 Requires at least: 5.0
 Tested up to 5.6
 Requires PHP: 7.1
 Stable tag: 1.1
 License: GPLv2 or later

Tools like readme generator can also be used for this purpose. Sometimes with these requirements, other users will also be motivated to upgrade.

Turning Off the Debug Mode

For live environments, by default, the WP_DEBUG mode is set to ’false’. This ensures the prevention of printing PHP notices and errors. It also safeguards server paths and scripts, therefore it also contributes to security.

But when it comes to developing WordPress plugins it should be turned ON i.e. set to true. This is because it is amongst the most essential debugging configuration to use. This step is overlooked by most of the coders all most all the time. It can either be because they do not understand how it works or they forget such debugging tools.

Individuals are alerted for an error in the code whenever the debugging mode is set to on. One can easily view finding warnings, PHP notices, and deprecated functions easily with its use.

To enable this mode, navigate to the file manager in the cPanel as the first step. Then locate the wp-config.php file and insert the following lines.

define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );

Once this is done the debug.log file will enable you to see all errors from the /wp-content folder. You must remember that as soon as you are done with locally developing WordPress plugins it should be disabled again.

If you are not comfortable in manually operating this functionality then you can also choose to use a plugin. The plugin will efficiently manage the debugging task for you. The debug mode is set to ‘true’ by default once it is activated in the testing environment.

Deactivating the plugin will disable the mode for you. For additional troubleshooting aid, other third-party programs can be used.

Wisely choosing function names

Relying on generic function names is amongst the common mistakes made by the coders. A code conflict is created with poor naming conventions if there are other programs with the same name. During the naming process, the first thing that is generally considered is a simple and short name.

Now, this thing is considered by other developers and hence just like you they could have also used the exact same name. This can cause deep trouble. The goal should be to choose the names that are descriptive and unique. Hence, in a common execution space, you can easily distinguish your program from other users.

Adding a prefix to each function is an effective strategy to avoid name collision. Consider the following simple examples. Instead of using feature_functonality you can use uniqueprefix_feature_functonality. In case the desired name turns out too long, you can also consider abbreviating it to a shorter version.

Using namespaces by wrapping functions in a class is another good option. To determine the existence of a name you can use the constant function_exist.

Neglecting Security when developing WordPress plugins

The security factor is considered extremely serious by WordPress. Minimizing vulnerabilities by responsibly implementing appropriate security measures is your job and it is often neglected.

The common mistake with some individuals is they focus too much on the functionality and completely avoid the safety. One of the most recommended ways to avoid is to use nonces in the code which are the security tokens. The misuse of URLs and forms can be avoided by such tokens.

SQL injections and Cross-site request forgery can be prevented if developers use a nonce. To authorize and authenticate requests they generate a unique and temporary timestamp.

This identity plays a crucial role in identifying if the generated requests are from trustworthy sources or not. An admin area is an example of a trustworthy source. The function wp_create_nonce() can be used to create it.

For example $nonce= wp_create_nonce(‘delete-post’);

It can also be attached to URLs <a href=”myplugin.php?_wpnonce=<?php echo $nonce; ?>’>


To add them to hidden fields on forms you can use wp_nonce_field()

<form method=”post”><?php wp_nonce_field( ‘name_of_my_action’, Unique_name_of_the_nonce_field’ );?>

<!– some inputs here … –>


You can effectively use WordPress resources to create and verify a nonce.

Official WordPress Guidelines – Review and Complying

As mentioned in the earlier section, sometimes only the functionality of a plugin is considered during the development stage. This leads to mistakes in focusing on the compliance of this functionality. Following the guidelines and coding standards are a must if you want your program to be accepted widely.

In case there are any errors in the program the review team will notify you through an email. The email will be a request to fix the issue and resubmit it. But in case that does not happen and they doubt non-compliance with malicious intent then your program can be banned.

When you consider the official guidelines and standards it will increase the chances of acceptance. Not only that but it ensures that things remain smooth with the WordPress community as well. This also gives you better credit as a developer. Hence, you can focus on developing WordPress plugins in the future as well.

Related Post: Mistakes to Avoid When Designing and Using Newsletters

About Sonnal S Sinha

Sonnal S SinhaSonnal S Sinha is a passionate writer as well as WordPress and WooCommerce rockstar who loves to share insights on various topics through his engaging blog posts. He run successful website design and digital marketing company. With 15+ years of experience in WordPress themes development, he strives to inform and inspire readers with his thought-provoking content. He helps thousands small and medium businesses and startups create a unique online presence. Follow Sonnal S Sinha for your regular dose of knowledge and inspiration.