Important Practices for Developing and Selling Premium WordPress Plugins/Add-ons

  • Sanitize all the user provided inputs i.e. all the $_GET, $_POST and $_REQUEST variables when used to avoid SQL injections and XSS attacks.
  • PHP Code( includes/requires), Javascript and CSS should be included only on pages where needed to avoid making the website slow. Your plugin should not make a site suffer with performance issues.
  • The Plugin should not be getting data on all interfaces where it’s not needed. Sometimes getting data of let’s say to populate a drop down of users, might slow down a website if data is huge. Use jquery autocomplete where required, else your plugin will be crawling for websites with a large user base/content.
  • If the plugin is an add-on to existing plugins such as LearnDash. It should have a dependency check on activation so that it requires LearnDash to be active. Also somehow deactivation of LearnDash should be handled gracefully. Not handling these cases can result in fatal errors on the website causing the site to go down.
  • If you are selling the plugin, it should have a way for users to get updates from the WordPress WP-Admin Plugins area. This ensures your users get new features and bug fixes.
  • To ensure users only get updates of your plugin if they have purchased a subscription, you’ll need to have a Licensing mechanism on your own website. This way they only get updates if they have an active license key. You can use License Manager for WooCommerce which is a free plugin on top of WooCommerce or you can use Easy Digital Downloads which will be costly.

Leave a Comment

Your email address will not be published. Required fields are marked *