Review: WordPress Bible by Aaron Brazell

WordPress Bible by Aaron Brazell

My rating: 4 of 5 stars

Note: This page contains affiliate links. Please see Affiliate Disclosure.

This is a comprehensive WordPress book; topics include getting started, plugin development, theme development, content management, and maintenance. I’m a web designer who creates WordPress sites for small businesses, so I focused on SEO, plugin recommendations, and theme development, and skimmed plugin development. My favorite parts were those about SEO for WordPress, CPTs (custom post types), the Loop and WP_Query, template files, hooks, template tags, and theme best practices.

This book is by far the largest, most technical WordPress book I’ve read so far. It’s the perfect desk reference for WordPress developers. Its 700+ pages contain explanations, PHP code snippets, and tables of hooks, tags, and parameters. The book was published in 2011 and covers WordPress 3.1. Author Aaron Brazell is a WordPress core contributor, and technical editor Mark Jaquith is one of the WordPress core developers.

The book focuses almost exclusively on PHP, and barely discusses HTML, CSS, JavaScript. The author recommends reading HTML, XHTML, and CSS Bible by Wiley to learn HTML and CSS.

Theme and plugin development

  • register_sidebars creates multiple widgetized areas (sidebars). You can even skip arguments to use WordPress defaults.
  • home.php displays the home page of the blog, not necessarily the homepage of the site. is_home() is true when on the blog home page.

The WordPress database

  • The db object is assigned to the handler $wbdb. When you need to interact with the database, make the $wpdb object global with global $wpdb;.
  • The posts table is a good place to store data, as an alternative to creating new tables. WordPress ignores post_types it doesn’t recognize.
  • The options table should be used to store settings.
  • Use insert() to insert data into MySQL. Data should be raw (unescaped) since WordPress handles sanitization.
  • Use $wpdb->prepare() to sanitize SQL statements to protect against SQL injection.

Data sanitization

  • esc_html() takes a string of text to be encoded as a single argument, and returns a sanitized string of HTML to a variable.
  • esc_attr() escapes HTML attributes. Its usage is identical to esc_html().
  • esc_url() sanitizes URLs, and esc_url_raw() sanitizes URLs for non-HTML use.
  • prepare() escapes data going into MySQL.

Plugin recommendations

Theme recommendations

Host recommendations

Filed Under: 

Want tips to rocket-boost your website?

Simply sign up.
Ready to Blast Off?

Let's talk.

Contact OptimWise
crossmenuarrow-right