June 20, 2025
So, you want to create your first basic WordPress plugin. Where do you start?
First, why build a plugin? Well, WordPress is super flexible because of plugins — they let you add features without messing with the core code. Sometimes existing plugins don’t quite fit what you need, so building your own gives you full control.
Set Up Your Environment for the Basic WordPress Plugin
Before writing any code, get a local development environment running. Tools like LocalWP, MAMP or XAMPP make it easy to run WordPress on your own machine. You’ll also want a good code editor — popular code editors among WordPress developers include PhpStorm, VS Code, and Sublime Text.
Create the Basic Plugin Folder and File
The foundational step in creating a WordPress plugin involves establishing a well-defined directory structure and the core plugin file. Within the wp-content/plugins/ directory of your WordPress installation, create a new folder with a unique, descriptive name, ideally using hyphens to separate words (e.g., my-first-plugin). This folder will serve as the central repository for all your plugin’s files. Next, inside this folder, create a PHP file with the same name as the folder, ensuring it ends with the .php extension (e.g., my-first-plugin.php). This main PHP file acts as the entry point for your plugin’s code and is where WordPress will look for the plugin’s header information.
At the top of that file, add the plugin header:
/*
Plugin Name: My First Plugin
Description: A simple custom plugin.
Version: 1.0
Author: You
*/
Every WordPress plugin requires a header comment at the beginning of its main PHP file. This comment block provides crucial metadata that WordPress uses to recognize and manage the plugin. The most essential piece of information is the Plugin Name, which specifies the name that will be displayed for your plugin in the WordPress admin area (e.g., My First Plugin).
While the plugin name is the only strictly required field, it is highly recommended to include other metadata such as Plugin URI: (the plugin’s website address), Description: (a brief explanation of the plugin’s functionality), Version: (the plugin’s version number), Author: (your name), Author URI: (your website), and License: (the plugin’s license, typically GPL2 for WordPress compatibility). Additional useful fields include License URI:, Text Domain: (for internationalization), Domain Path: (location of translation files), Requires at least: (minimum WordPress version), and Requires PHP: (minimum PHP version). A well-defined plugin header ensures that WordPress can correctly identify and manage your plugin.
Add a quick security check right after:
PHP
if (!defined(‘ABSPATH’)) {
exit; // No direct access allowed
}
This code checks if the WordPress ABSPATH constant is defined. If it’s not, it indicates that the file is being accessed directly, and the script will terminate, thus preventing potential security vulnerabilities.
Use Hooks to Add Functionality
WordPress runs on hooks — these are points in the code where you can “hook” into and run your own functions.
There are two main types:
- Action hooks: Do something at a certain point.
- Filter hooks: Change data before it’s used.
For example, to add a message to the footer:
PHP
function my_footer_message() {
echo ‘
Thanks for visiting!
‘;
}
add_action(‘wp_footer’, ‘my_footer_message’);
This code defines a function that echoes the desired message and then uses add_action() to instruct WordPress to execute this function when the wp_footer action is triggered.
To modify the post content:
PHP
function append_to_content($content) {
if (is_single()) {
$content .= ‘<p>This was added by my plugin.</p>’;
}
return $content;
}
add_filter(‘the_content’, ‘append_to_content’);
This code appends a message to the end of the post content specifically on single post pages. It’s crucial to remember that filter functions must return the modified data
Activation and Deactivation
WordPress provides specific hooks that are executed during plugin activation and deactivation, allowing for setup and cleanup routines.
Activation Hooks are triggered when the plugin is activated. You register an activation hook using the register_activation_hook() function: register_activation_hook( __FILE__, 'pluginprefix_function_to_run' );. Common uses include creating database tables, setting default plugin options, and flushing rewrite rules, especially when registering custom post types.
Deactivation Hooks are executed when the plugin is deactivated. You register a deactivation hook with the register_deactivation_hook() function: register_deactivation_hook( __FILE__, 'pluginprefix_function_to_run' );. These hooks are typically used for cleaning up temporary data or reverting changes made during activation [], [],. It’s important to distinguish deactivation hooks from uninstall hooks, which are used for permanently deleting plugin data.
Test It Out
Always test in a safe environment. Enable WP_DEBUG, use tools like Query Monitor, and temporarily disable other plugins to avoid conflicts.
Once development and testing are complete, the plugin needs to be packaged for installation. This involves compressing the plugin’s folder into a ZIP archive. Ensure that the main plugin file is at the root level of the ZIP file. To install the plugin, navigate to Plugins > Add New > Upload Plugin in the WordPress admin dashboard, choose the ZIP file, and click “Install Now”. After successful installation, click “Activate Plugin” to enable it. The plugin’s functionality can then be tested on the website.
Best Practices
- Prefix everything to avoid conflicts (e.g.,
myplugin_do_something()). - Follow WordPress coding standards.
- Sanitize inputs, escape outputs, and use nonces for security.
- Keep performance in mind — don’t overdo database queries.
- Comment your code and include
readme.txtif you plan to share it.
Creating a basic WordPress plugin provides a solid foundation for extending the capabilities of the platform. By understanding the fundamental concepts of plugin structure, WordPress hooks, and essential best practices, technical individuals can begin to develop their own custom solutions.
Do you like this article? Share it and send us your feedback! Check out our articles page, where you might find other interesting posts. Also, if you want to learn more about business, check out the WPRiders Blog!
This article was written by Gabi Balint, Senior FullStack Developer at WPRiders
