スキルを検索.../

Wp Plugin Development | Skills Pool

Skill ファイル

Wp Plugin Development

Use when developing WordPress plugins: architecture and hooks, activation/deactivation/uninstall, admin UI and Settings API, data storage, cron/tasks, security (nonces/capabilities/sanitization/escaping), and release packaging.

gzlo0 スター2026/03/26

職業
カテゴリ: CMS・プラットフォーム

スキル内容

When to use

Use this skill for plugin work such as:

creating or refactoring plugin structure (bootstrap, includes, namespaces/classes)
adding hooks/actions/filters
activation/deactivation/uninstall behavior and migrations
adding settings pages / options / admin UI (Settings API)
security fixes (nonces, capabilities, sanitization/escaping, SQL safety)
packaging a release (build artifacts, readme, assets)

Inputs required

Repo root + target plugin(s) (path to plugin main file if known).
Where this plugin runs: single site vs multisite; WP.com conventions if applicable.
Target WordPress + PHP versions (affects available APIs and placeholder support in $wpdb->prepare()).

Procedure

0) Triage and locate plugin entrypoints

Run triage:

関連 Skill

クイックインストール

Wp Plugin Development

npx skills add gzlo/gzl-terminal

Skill をダウンロードリポジトリを開く

作者: gzlo
スター: 0
更新日: 2026/03/26
職業

このページの内容

node skills/wp-project-triage/scripts/detect_wp_project.mjs

Detect plugin headers (deterministic scan):

node skills/wp-plugin-development/scripts/detect_plugins.mjs

If this is a full site repo, pick the specific plugin under wp-content/plugins/ or mu-plugins/ before changing code.

1) Follow a predictable architecture

Guidelines:

Keep a single bootstrap (main plugin file with header).
Avoid heavy side effects at file load time; load on hooks.
Prefer a dedicated loader/class to register hooks.
Keep admin-only code behind is_admin() (or admin hooks) to reduce frontend overhead.

See:

references/structure.md

2) Hooks and lifecycle (activation/deactivation/uninstall)

Activation hooks are fragile; follow guardrails:

register activation/deactivation hooks at top-level, not inside other hooks
flush rewrite rules only when needed and only after registering CPTs/rules
uninstall should be explicit and safe (uninstall.php or register_uninstall_hook)

See:

references/lifecycle.md

3) Settings and admin UI (Settings API)

Prefer Settings API for options:

register_setting(), add_settings_section(), add_settings_field()
sanitize via sanitize_callback

See:

references/settings-api.md

4) Security baseline (always)

Before shipping:

Validate/sanitize input early; escape output late.
Use nonces to prevent CSRF and capability checks for authorization.
Avoid directly trusting $_POST / $_GET; use wp_unslash() and specific keys.
Use $wpdb->prepare() for SQL; avoid building SQL with string concatenation.

See:

references/security.md

5) Data storage, cron, migrations (if needed)

Prefer options for small config; custom tables only if necessary.
For cron tasks, ensure idempotency and provide manual run paths (WP-CLI or admin).
For schema changes, write upgrade routines and store schema version.

See:

references/data-and-cron.md

Verification

Plugin activates with no fatals/notices.
Settings save and read correctly (capability + nonce enforced).
Uninstall removes intended data (and nothing else).
Run repo lint/tests (PHPUnit/PHPCS if present) and any JS build steps if the plugin ships assets.

Failure modes / debugging

Activation hook not firing:
- hook registered incorrectly (not in main file scope), wrong main file path, or plugin is network-activated
Settings not saving:
- settings not registered, wrong option group, missing capability, nonce failure
Security regressions:
- nonce present but missing capability checks; or sanitized input not escaped on output

See:

references/debugging.md

Escalation

For canonical detail, consult the Plugin Handbook and security guidelines before inventing patterns.

02

Inputs required

040) Triage and locate plugin entrypoints

051) Follow a predictable architecture

062) Hooks and lifecycle (activation/deactivation/uninstall)

073) Settings and admin UI (Settings API)

084) Security baseline (always)

095) Data storage, cron, migrations (if needed)

ソフトウェア開発者

CMS・プラットフォーム

Notion

Notion API for creating and managing pages, databases, and blocks.

CMS・プラットフォーム

Prose

OpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.

自動化ツール

Coding Agent (bash-first)

Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (spawn in temp dir), (3) refactoring large codebases, (4) iterative coding that needs file exploration. NOT for: simple one-liner fixes (just edit), reading code (use read tool), thread-bound ACP harness requests in chat (for example spawn/run Codex or Claude Code in a Discord thread; use sessions_spawn with runtime:"acp"), or any work in ~/clawd workspace (never spawn agents here). Claude Code: use --print --permission-mode bypassPermissions (no PTY). Codex/Pi/OpenCode: pty:true required.

自動化ツール

Continuous Learning

Automatically extract reusable patterns from Claude Code sessions and save them as learned skills for future use.

アーキテクチャパターン

Security Review

在添加身份验证、处理用户输入、处理机密信息、创建API端点或实现支付/敏感功能时使用此技能。提供全面的安全检查清单和模式。

CMS・プラットフォーム

Widget Generator

Generate customizable widget plugins for the prompts.chat feed system

ソフトウェア開発者