Episode 75: Your Development Questions, Answered

Today we’re going to answer questions from listeners. We’re focusing on development today, and if we don’t get to your question, we will get to it soon, so go ahead and get in touch if you have a question that you would like answered. We also apologize because our sponsorship form wasn’t working, but we’ve got it fixed now. If you’re interested in becoming a sponsor, please check out our Sponsorship page and fill out the form.

Some of the highlights of the show include:

How nonces are used: their fully defined used, how else they’re used, and where meta boxes fit in. We also discuss some of the security issues that nonces can help with.

Steps for a PHP developer to take to become a WordPress plug-in developer.

Advice on coding WP with PSR standards.

A discussion of object-oriented programming versus procedural, particularly the benefits of OOP.

The tools that we use regularly and what helped us level up as developers.

The best practices for making your own plug-ins and codes.

Links and Resources:

WP API Libraries:

PSR standards

If you’re enjoying the show we sure would appreciate a Review in iTunes. Thanks!

Transcript

INTRO: Welcome to Apply Filters, the podcast all about WordPress development. Now here’s your hosts, Pippin Williamson and Brad Touesnard.

PIPPIN: Welcome back to Apply Filters, Episode 75. Today we’re going to answer a whole bunch of questions from listeners. We’re trying to focus on purely development questions today, so we’ll try to get through them all. If we don’t get to everything, then we’ll add on another episode here in a week or two with some more.

Before for we do that, though, a quick housekeeping note. We found out last week that the topic submission form and also the sponsorship submission form on ApplyFilters.fm were not working. If you wanted to submit a sponsorship or if you wanted to submit a topic idea, please try again. Sorry about the hiccup. It’s all working now though.

BRAD: Cool.

PIPPIN: All right. Do you want to start us off with our first question?

BRAD: Sure thing. Our first question is from Brian Wall. He says, “Hey, guys. Not sure if this qualifies as a whole episode topic, but I’m trying to understand nonces with some difficulty. I understand that wp_nonce_field creates a hidden field with a unique value inside a form that can be validated after the form is submitted. But when working with meta boxes, you also use nonces to remember which meta boxes are closed and their position. This seems like a big diversion from the intended purpose of nonces. Why are nonces used for this purpose? It doesn’t seem like a security use case. What is true, fully defined use of nonces? How else are nonces used?”

PIPPIN: I like this question a lot. There is an error in the question, but it’s good because it points out some of the confusion around nonces. I think a lot of people struggle to understand how nonces are used and what they’re used for. I know it was a topic that took me a long time to really grasp.

Nonces are used for security purposes. It stands for a number used once. It’s just a quick way to help validate a form. Now it’s not the only thing you should be using, but it’s one more thing that you can help to use. It also can help prevent resubmissions of forms.

In terms of them being used for storing meta box positions, that’s what’s not actually correct. When you drag a meta box into a new area on a post edit screen or somewhere else, it fires off an AJAX request to the admin AJAX file and then stores that position. That request that gets fired does include a nonce, but the nonce itself is not actually used to save that position.

The position and the state of it, either open or closed, is actually stored in user meta. There’s a user meta key called meta-box-order_ the post type. And so if you’re on a page post type, it’s going to save the order of all the meta boxes on that post type for you, so it’s user specific. Then if you’re on, say, a