Sample code snippets for a secure and performant WordPress.com VIP site
The code and narrative here is meant to augment the VIP Documentation.
While our documentation provides a reference for the features of the VIP Platform and how to develop on it, we've gathered here some sample code that directly illustrates the main points.
You're welcome to copy, use, and amend the examples here for use on your site.
This repository contains snippets of example code.
It's organized into topics, with separate README files that drill down into code samples. All code samples are designed to work and comply with VIP coding standards and guidelines. Examples of what does not work will be in the README document, never in a php file.
Unlike plugins, which usually are more involved and provide configuration options accessible through wp-admin, most bits of code here will be all you need to perform a particular task. Where you actually put the snippets is up to you and may depend on how your code is structured.
Please do change the function and hook prefixes to suit your theme or plugin and avoid a naming collision. And customize the code to your needs.
Please see CONTRIBUTING.md.
If you have questions about a particular example and need assistance implementing it for your site, and are a VIP client or partner, then please open a support ticket with us and we'll help clarify or assist you in solving your particular problem.
Install PHPCS and use it to help identify possible issues. Most of the examples here will use WordPress-VIP-Go standards.
A sample PHPCS configuration is included, but you can run PHPCS without it by setting up a general configuration.
You'll be using Git and GitHub to manage your code and deploy it to your WordPress environments.
Security practices prevent third parties from impacting your site and users in various ways, or even using your site to cause malicious attacks against other sites.
Sanitization of user and third party inputs helps to prevent web-based attacks that can cause loss of data, user manipulation, or unauthorized changes or access.
Common causes of errors are: declaring functions that haven't been loaded, acessing values without checking their type
Learn how to add user roles, etc.
Use WP_DEBUG, utilize the debug bar, and monitor error logs with a view to keeping logs as empty as possible.
For example, if deprecation warnings are thrown frequently, they should be resolved.
If code occasionally throws warnings because of unexpected data, adding a bit of extra result checking helps keep the error logs relatively clean.
In production, errors are surfaced for VIP sites in New Relic. Errors should be addressed promptly.
With a clean error log (i.e. no errors or warnings or notices at all) it's easy to configure New Relic alerts to flag new issues.
Avoid throwing uncaught errors. Instead, use New Relic noticeError to send messages directly to New Relic.
Performance tuning, and optimization strategies, help your site scale, perform better with fewer resources, and be more reliable.
Query optimization helps your WordPress queries run faster as your tables grow.
Basic caching techniques avoid repetitive requests for the same thing.
Advanced caching techniques expand on caching to avoid some issues that caching can introduce, or protect your site from certain spiky usage patterns.
You can enable Jetpack search on your site and offload common WordPress search functionality to an Elasticsearch cluster. This provides a more robust index of content than using MySQL LIKE queries.
Avoid running any queries, remote requests, or code that may result in an expensive request on a 404 page. It may be tempting to supply a list of possibly related articles but a sudden search engine sweep of old URLs may cause site instability with a lot of queries. If using a cache, do not replenish the cache when empty.
The REST API was designed for flexibility, but on a site with a lot of articles, it may need some query filtering to optimize.
There are also potential issues with frequent REST requests from browsers with GET parameters.
These items did not fit anywhere else, but may be helpful in certain cases.