How to Build a Custom WordPress Plugin from Scratch

Building custom WordPress plugins is an essential skill for any WordPress developer. Whether you want to add unique functionality to your site or create solutions for clients, understanding plugin development opens up endless possibilities.

Why Build Custom Plugins?

Custom plugins allow you to extend WordPress functionality without modifying theme files. This keeps your code organized, maintainable, and update-safe. Here are key reasons to build custom plugins:

• Separate functionality from presentation (theme)
• Easy to activate/deactivate features
• Portable across different themes
• Professional approach to custom development
• Can be distributed or sold to others

Plugin Structure Basics

Every WordPress plugin needs a main PHP file with a specific header comment. Here's the minimum structure:

<?php
/**
 * Plugin Name: My Custom Plugin
 * Plugin URI: https://amanurrahman.com
 * Description: A brief description of what the plugin does
 * Version: 1.0
 * Author: Amanur Rahman
 * Author URI: https://amanurrahman.com
 * License: GPL2
 */

// Prevent direct access
if (!defined('ABSPATH')) {
    exit;
}

// Your plugin code here
?>

Understanding WordPress Hooks

WordPress uses hooks (actions and filters) to allow plugins to modify core functionality. Actions let you add functionality at specific points, while filters let you modify data.

Action Hooks Example

// Add custom functionality when WordPress initializes
add_action('init', 'my_custom_function');

function my_custom_function() {
    // Your code here
    register_post_type('custom_post_type', array(
        'labels' => array('name' => 'Custom Posts'),
        'public' => true,
    ));
}

Filter Hooks Example

// Modify the excerpt length
add_filter('excerpt_length', 'custom_excerpt_length');

function custom_excerpt_length($length) {
    return 50; // Change excerpt to 50 words
}

Creating Plugin Admin Settings

Most plugins need a settings page in the WordPress admin. Here's how to create one:

// Add menu item
add_action('admin_menu', 'my_plugin_menu');

function my_plugin_menu() {
    add_options_page(
        'My Plugin Settings',
        'My Plugin',
        'manage_options',
        'my-plugin',
        'my_plugin_settings_page'
    );
}

function my_plugin_settings_page() {
    ?>
    <div class="wrap">
        <h1>My Plugin Settings</h1>
        <form method="post" action="options.php">
            <?php
            settings_fields('my-plugin-settings');
            do_settings_sections('my-plugin');
            submit_button();
            ?>
        </form>
    </div>
    <?php
}

Database Operations

Sometimes you need custom database tables. WordPress provides the $wpdb global object for database operations:

global $wpdb;
$table_name = $wpdb->prefix . 'custom_table';

// Create table on plugin activation
$sql = "CREATE TABLE $table_name (
    id mediumint(9) NOT NULL AUTO_INCREMENT,
    name varchar(100) NOT NULL,
    email varchar(100) NOT NULL,
    PRIMARY KEY (id)
);";

require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
dbDelta($sql);

Security Best Practices

Security is crucial in plugin development. Always follow these practices:

• Sanitize input: Use sanitize_text_field(), sanitize_email(), etc.
• Escape output: Use esc_html(), esc_url(), esc_attr()
• Nonce verification: Protect forms with wp_nonce_field() and wp_verify_nonce()
• Capability checks: Use current_user_can() before sensitive operations
• Prepare SQL: Use $wpdb->prepare() for database queries

Plugin Organization

For larger plugins, organize your code into a proper structure:

my-plugin/
├── my-plugin.php          (main file)
├── includes/
│   ├── class-admin.php    (admin functionality)
│   ├── class-public.php   (public functionality)
│   └── class-database.php (database operations)
├── admin/
│   ├── css/
│   ├── js/
│   └── views/
└── public/
    ├── css/
    ├── js/
    └── views/

Conclusion

Building WordPress plugins requires understanding of PHP, WordPress hooks, and security best practices. Start small with simple functionality and gradually build more complex features. Always test your plugins thoroughly before deploying to production sites.

With 14+ years of WordPress experience and 240+ completed projects, I've built countless custom plugins for clients. If you need help with custom WordPress development, feel free to reach out!