Ruhani Rabin
4 min readMay 25, 2020


WordPress is the first and one of the most popular choices of global giants like Sony Music, BBC America, MTV News, The New Yorker, and so many other names for the purpose of website development. WordPress is a solid CMS platform that marks the release of about more than thousands of blogs, almost every day.

However, during the task of its development, it is not a surprise to encounter mistakes. Any developer has to accept the fact that mistakes are a part of the development process because it proves your gut to risk on new ideas.

We are making a list of seven common possibilities that lands you in a troublesome situation. Let us discuss them to avoid the blunders that the developers face more often while designing WordPress tools and plugins.

Code Compatibility Missing

A bad-written code or incompatible plugins can cause a range of problems that all the developers are so far familiar with. It is absolutely ridiculous and careless to ignore the code compatibility. Hence, we can maximize the usefulness of the plugins and reduce performance-related issues to handle this afore-mentioned issue.

The compatibility of PHP and WordPress version is the foremost thing to be taken into consideration even before writing the first line of coding. It must be ensured that the designed code supports the latest updates as well as recent versions so that it is always useful.

Thus, it becomes a necessity to have a clear understanding of your potential market and compatibility before stepping into the world of plugin development.

Switching Off The Debug Mode While Development

The Debug mode is set to ‘off’ by default in live environments to avoid printing errors and PHP notices. In the case of WordPress plugin development, it should not be practiced anymore because it tends to provide the most necessary configuration for debugging that you can make use of.

When the debug mode is turned ‘on’, it alerts about the code errors and easily enables the task of finding warnings. After developing the WordPress plugin locally with the help of the following lines, do not forget to disable it again.

define( 'WP_DEBUG', true ); 
define( 'WP_DEBUG_LOG', true )

Most developers forget about the debugging tools of WordPress and fail, as they overlook this particular step.

Wrong Choice of Function Names

Being a plugin developer, you must keep in mind that it is silly to trust generic names for your code. It is likely to create code conflict when other plugins make use of the same function names. First, distinct and descriptive names must be the first choice of developers to be able to differentiate with other plugin functions. Second, adding prefixes to the function names is the greatest remedy to impart a unique function name.

Takeaway- If your mind feeds on only using a short and simple name for the functions, it might lead your code to a poor naming convention scenario which must be avoided. Trust to prefix your functions with PHP classes and you are good to go.

Ignoring WordPress Nonces

WordPress keeps its security very tight. It is the responsibility of the plugin developers to reduce vulnerabilities by using the safety measures ensured by WordPress.

It is quite a common mistake that most of the developers make by focusing only on the plugin functionality and not its safety. The issue can be resolved by nonce utilization in your code.

Nonces are generally, security tokens, that avoid the misuse of your URL’s and forms. Each user possesses a distinct nonce which makes the task of identifying the user’s request for a certain action, easier. Nonces are advantageous as they help to prevent SQL injections and CSRF attacks.

Not Reviewing With The Official WordPress Guidelines

It is a great failure of the developers if they do not comply with the guidelines. If you want your plugin to be submitted in the WordPress repository, you must follow the coding standards and the guidelines closely.

If your plugin includes any amount of errors, the Review Team will send you an email to fix it and resubmit the code. If they suspect any malicious intent behind the plugin development, they won’t approve it and ban it from the WordPress repository too.

The acceptance of following these standards and guidelines not only helps in raising your probability of acceptance in the WordPress community but also enables others to expand your work and use it.

No Strategy For Wiping Off The Risk of SQL Injection

SQL injection allows hackers to get access to the database information which is too valuable to afford to lose. It is an easy attempt for hackers as they can embed commands into an HTTP request and start to extract information from the database of the site.

The plugin developers must agree with the experts and use the prepare() function of the WordPress core that sanitizes the SQL queries’ parameters.

No Coding

To develop a tiny plugin, many developers opt to search for a quick solution. And very soon, they end up with a plugin of compromised functionality, flawed architecture, and wrecked codes. It is always suggested to practice organized coding from the scratch of WordPress plugin development. A wide range of tools is available for the plugin developers to help them with the easy development of WordPress plugins.

Always try to focus on maintaining clean plugin codes from the very beginning.


WordPress is such a tool that gives an appealing look to your website. You will encounter many common mistakes while going through the process of its plugin development. I have tried my best to incorporate all the mistakes that are often committed by any WordPress plugin developer.

Please share your feedback and feel free to drop in your experience in the comment section, if you were ever into developing a WordPress plugin and came across a mistake that is not mentioned above.

Originally posted at
Click here to subscribe now. Would You like to write at



Ruhani Rabin

Ruhani Rabin being a tech and product evangelist for almost 20 years. He was VP, CPO for various digital companies. Plays with Drones in his free time.