WordPress powers over 40% of the web, and its plugin architecture is one of the reasons why. Building a custom plugin lets you add features to any WordPress site without touching the theme or core files. Here’s how to create your first one from scratch.
Plugin File Structure
Create a folder in wp-content/plugins/ with your plugin name (e.g., my-custom-plugin/). Inside, create the main PHP file with the same name. WordPress will detect it automatically via the plugin header comment.
The Plugin Header
At the top of your main PHP file, add the required header block that tells WordPress about your plugin, including its name, description, version, and author. This is what appears in the Plugins admin panel.
Using Hooks: Actions and Filters
WordPress plugins work through hooks. Actions allow you to execute code at specific points (e.g., wp_enqueue_scripts to add CSS/JS). Filters let you modify data before it’s used or displayed (e.g., the_content to alter post content).
Adding a Shortcode
Shortcodes let users drop plugin output anywhere in a post or page using brackets like [my_shortcode]. Register one with add_shortcode('my_shortcode', 'my_callback_function') and return your HTML from the callback.
Adding an Admin Settings Page
Use the admin_menu action hook and add_options_page() to create a settings page under the WP admin Settings menu. Store options with update_option() and retrieve them with get_option().
Security Best Practices
- Always sanitise user input with
sanitize_text_field()or similar - Escape output with
esc_html(),esc_attr(),esc_url() - Use nonces to protect forms from CSRF attacks
- Check user capabilities before performing admin actions
Need a custom plugin built for your WordPress site? Ozlin Info specialises in bespoke web development for Australian SMEs. Contact us to discuss your requirements.