VIP Code Samples

Sample code snippets for a secure and performant WordPress.com VIP site

About this repository

The code and narrative here is meant to augment the VIP Documentation.

While our documentation provides a reference for the features of the VIP Platform and how to develop on it, we've gathered here some sample code that directly illustrates the main points.

You're welcome to copy, use, and amend the examples here for use on your site.

How to use this repository

This repository contains snippets of example code.

It's organized into topics, with separate README files that drill down into code samples. All code samples are designed to work and comply with VIP coding standards and guidelines. Examples of what does not work will be in the README document, never in a php file.

Using code in your theme or plugin

Unlike plugins, which usually are more involved and provide configuration options accessible through wp-admin, most bits of code here will be all you need to perform a particular task. Where you actually put the snippets is up to you and may depend on how your code is structured.

Please do change the function and hook prefixes to suit your theme or plugin and avoid a naming collision. And customize the code to your needs.

Contributing

Please see CONTRIBUTING.md.

Getting assistance from the VIP team

If you have questions about a particular example and need assistance implementing it for your site, and are a VIP client or partner, then please open a support ticket with us and we'll help clarify or assist you in solving your particular problem.

General setup & getting started

Install PHPCS and use it to help identify possible issues. Most of the examples here will use WordPress-VIP-Go standards.

A sample PHPCS configuration is included, but you can run PHPCS without it by setting up a general configuration.

Working with Git

You'll be using Git and GitHub to manage your code and deploy it to your WordPress environments.

Security

Security practices prevent third parties from impacting your site and users in various ways, or even using your site to cause malicious attacks against other sites.

Sanitizing and escaping inputs and outputs

Sanitization of user and third party inputs helps to prevent web-based attacks that can cause loss of data, user manipulation, or unauthorized changes or access.

General practices with WordPress

Preventing fatal errors and warnings

Common causes of errors are: declaring functions that haven't been loaded, acessing values without checking their type

WordPress Basics: hooks and filters

Customizing WordPress

Learn how to add user roles, etc.

Debugging in development

Use WP_DEBUG, utilize the debug bar, and monitor error logs with a view to keeping logs as empty as possible.

For example, if deprecation warnings are thrown frequently, they should be resolved.

If code occasionally throws warnings because of unexpected data, adding a bit of extra result checking helps keep the error logs relatively clean.

Production issues and warnings

In production, errors are surfaced for VIP sites in New Relic. Errors should be addressed promptly.

With a clean error log (i.e. no errors or warnings or notices at all) it's easy to configure New Relic alerts to flag new issues.

Avoid throwing uncaught errors. Instead, use New Relic noticeError to send messages directly to New Relic.

Performance and optimization

Performance tuning, and optimization strategies, help your site scale, perform better with fewer resources, and be more reliable.

Query optimization

Query optimization helps your WordPress queries run faster as your tables grow.

Basic caching

Basic caching techniques avoid repetitive requests for the same thing.

Advanced caching

Advanced caching techniques expand on caching to avoid some issues that caching can introduce, or protect your site from certain spiky usage patterns.

Advanced features of the VIP Platform

Jetpack search

You can enable Jetpack search on your site and offload common WordPress search functionality to an Elasticsearch cluster. This provides a more robust index of content than using MySQL LIKE queries.

Image resizing

Filesystem

Typical issues and how to prevent them

Search on 404 page

Avoid running any queries, remote requests, or code that may result in an expensive request on a 404 page. It may be tempting to supply a list of possibly related articles but a sudden search engine sweep of old URLs may cause site instability with a lot of queries. If using a cache, do not replenish the cache when empty.

REST API performance

The REST API was designed for flexibility, but on a site with a lot of articles, it may need some query filtering to optimize.

There are also potential issues with frequent REST requests from browsers with GET parameters.

Miscellaneous things

These items did not fit anywhere else, but may be helpful in certain cases.