305 – WordPress from A to Z – Part 1
In today’s episode, we break done some of the key phrases and terminology in WordPress.
Is there a plugin for that?
With more than 50,000 plugins in the WordPress repository, it’s hard to find the perfect one. Each week, I will highlight an interesting plugin form the repository.
For more great plugins, download my 50 Most Useful Plugins eBook.
Give allows you to start accepting donations on WordPress with Give.
WordPress from A to Z
- WordPress Core Concepts: CMS, Multisite network, plugin, theme.
- Content types: attachment, category, page, post, post format, post type, tag, taxonomy, term, revision.
- File types: child theme, config file, functions file, include file, stylesheet, template file, template hierarchy, template part.
- WordPress Data: database, database table, loop, metadata, query.
- Permissions: capability, role.
- Security: NONCE keys, SALT keys, sanitization, validation.
WordPress Core Concepts
A CMS, or Content Management System, is a system that lets users add content to a website without having to directly code that content into web pages. A CMS uses a database to store content and then a set of files which will be used to output that content into a web page.
A Multisite network is a network of sites sharing one WordPress installation. By activating Multisite you can host as many sites on your WordPress installation as you need, from two to millions.
A plugin is a set of code that adds extra functionality to your WordPress site. This could be as simple as changing the login logo or as complex as adding e-commerce functionality.
A theme is a set of files that WordPress uses to output content. It will always include at least two files: style.css and index.php. The stylesheet is necessary as it includes essential information about the theme and also adds styling to your site. The index.php file includes code such as the loop which is used to fetch data from the database and display it on the page.
An attachment is a file which you upload to a page or post in your site. It could be an image, video or audio clip which you embed in your content, or it could be a file which is accessed by a clickable link that WordPress creates when you upload the file.
Category is an in-built taxonomy that comes with WordPress, that you can use to classify your posts. Categories are hierarchical, which means they can have parent and child categories.
A page is a post type that comes as default with a standard WordPress installation. Use it for static content that you don’t need to list in your blog page or elsewhere on the site.
This is where things can get confusing. A post is a post type, but can also be used to refer to all post types. For users the term ‘Post’ normally means the post type you use to create blog posts, articles, updates etc. For developers it can be used to describe all posts contained in the wp_posts table, including posts, pages and more.
Post format is a taxonomy that you can use to display your posts in different formats. By creating template files for different post formats you can show things like video, quotes, images and text differently. This isn’t used much any more.
Post types are different types of content that you use for different purposes. WordPress comes with a number of post types available to you by default. These are:
- Navigation menu items
Tag is a built-in taxonomy within WordPress. Use it to identify posts on specific topics, in more detail than you would with categories.
A taxonomy is a classification of your posts (of whatever post type). WordPress comes with four built-in taxonomies:
- Post formats
- Link categories (not use anymore)
A term is an item in a taxonomy. So if you’ve added some categories to your posts, each of those categories is a term in the category taxonomy.
A revision is a version of a post (or page etc.) that’s stored in the database in case you need to revert to it at a later date. This can be useful if you accidentally delete some content for your post or something else goes wrong.
A child theme is a theme which you use to add extra code to a parent theme. If you want to edit a theme you’ve bought or installed from the theme directory you should always use a child theme to do this, instead of editing the theme directly. This is because any changes you make to the theme will be lost when it’s updated.
The config file, or
wp-config.php, defines how your WordPress installation is configured. It’s sometimes edited by WordPress itself as you make changes in the admin screens, or you can edit it directly (with care!).
The functions file, or
functions.php, is a file in a theme that doesn’t display content on pages. Instead, you use it to add functionality to your theme.
An include file is a file you add to a plugin (or sometimes a theme) to hold code separately from the main plugin file. It can be useful to do this when adding a large amount of code to add specific functionality.
The stylesheet is a theme file which includes all of the CSS styling for the theme or all visuals for your site.
A template file is a file within your theme that’s used to output content on a page of your site. Every theme must include one template file: index.php.
The template hierarchy is the system WordPress uses to identify which template file to use when displaying a given page on a site.
A template part is a theme file that contains the code for just one part of a template file. You use this to store code that you want to use in multiple template files, such as the header (header.php), sidebar (sidebar.php) and footer (footer.php). You can call each of these with getheader(), getsidebar() and get_footer() respectively, in your template files.
The database stores all of the data relating to your WordPress installation. This will include content (posts, pages, attachments etc.), user data and options such as configurations you’ve made to plugins.
A table in the WordPress database holds a specific kind of data. For example, wp_posts holds data relating to posts (which includes all post types, not just Posts).
The loop is the code in your theme that queries the database and fetches and outputs the current post. For a single post or a page it will run once while on an archive page it will loop repeatedly until all relevant posts have been output.
Metadata is data about data. WordPress stores posts (and pages, attachments etc.) in the wp_posts table in the database. Fields in this table are limited to a predefined list including the post title, post content, date it was created, its status and excerpt.
But what if you want to add extra data to your post that isn’t covered by one of those fields? That’s when you need metadata, sometimes referred to as custom fields.
WordPress runs a query every time it access the database and fetches content to output. So every page on your site will be populated by a query, which is coded via the loop.
A capability lets a user perform a given action, such as editing posts (editposts) or installing plugins (installplugins).
Each user role has a defined set of capabilities assigned to it, which define what some with that role can do. You can add or remove capabilities from roles using the addcap() and removecap() functions.
A user role defines what that user is able to do on your site. The default roles that come with WordPress are:
- Super Admin – can manage a Multisite network of sites (only relevant if Multisite has been activated).
- Administrator – can manage a single site in a standard WordPress installation or a site within a Multisite network..
- Editor – can publish and manage posts including other people’s posts. They can’t manage site settings.
- Author – can write, publish and manage their own posts but no-one else’s.
- Contributor – can write and manage their own posts but cannot publish them. They submit them for an Editor or Administrator to review and publish.
- Subscriber – can’t add content but can view content you’ve restricted to subscribers or make comments if that’s restricted too.
NONCE stands for Number used ONCE. It’s a number that can only be used once, normally within a URL. So, for example, if someone attempts to reset their password in WordPress they will be sent a link that includes a nonce. Once they’ve clicked on that link they can’t use it again. This means that someone else can’t use the same link to change their password again.
Use nonces to make your code more secure, for example when saving data via a plugin.
SALT keys are added to your wp-config.php file to add a layer of security to your site. These are secret keys without which WordPress won’t work. There are four of them: AUTHKEY, SECUREAUTHKEY, LOGGEDINKEY, and NONCEKEY.
These work by preventing hackers from accessing the cookies that store data about your site (such as login credentials). You should refresh them on a regular basis – roughly every two months. Our security plugin like Defender makes this easy.
Sanitization is the process of cleaning input data before it’s saved. For example, if you add a meta box in the post editing screen with a text box, you use a sanitization function to ensure any text input to it is stored in the correct format.
So if you’re saving an email address, sanitization will ensure that it’s stored correctly and will come out of the database as an email address when it’s output elsewhere.
Sanitisation follows validation, which is about checking that inputs have been entered correctly.
Validation is the process of checking that data is valid before it’s saved to the database. You add validation functions whenever you’re coding some sort of input such as a text box.
Thank you to those who use my affiliate links. As you know I make a small commission when someone uses my link and I want to say thank you to the following people. For all my recommended resources, go to my Resources Page
Full TranscriptBusiness Transcription is provided by GMR Transcription.
In today’s episode, we are going to talk about the different key phrases and terminology that we use within WordPress, right here on Your Website Engineer podcast, episode No. 305.
Hello, everybody. Welcome back to another episode of Your Website Engineer podcast. My name is Dustin Hartzler, and today I’m going to attempt to try to figure out some of the key phrases and key terms that I throw around here each and every week on the podcast, and go through and define them. And, I know that this should’ve been an episode that fir – should’ve been episode No. 2 of this podcast, but this is something that I think is important, and I think you’ll get a lot of value out; just knowing exactly what some of these terms mean.
Before that, let’s go ahead and dive into the news. The first one is: there was a piece out of WPTavern that was a response piece to an article that Pippin Williamson wrote. And, he – Pippin is a – the lead developer behind Easy Digital Downloads, Restrict Content Pro, and AffiliateWP, and just a really well-known plugin developer in the WordPress community. The article is called “Pippin Williamson shakes up a page review – Page Builder plugins with critical review.” And, it’s really – this is a nice article to – that piggybacks on the article that Pippin wrote.
And, Pippin took some time to go through, and demo, and take a look at almost a dozen different WordPress Builder plugins, and just critique them, look at them, see how they worked. And, essentially, he was looking at to see how they work with his plugins because a lot of times they get support requests on these page builders weren’t working properly with his plugins. So, he just wanted to see what it was all about, and he basically took some time and wrote this really, really long article. It’s linked to in the article within WPTavern.
But, basically, he did a full evaluation, and he looked at all of the different things – he had some standard criteria and whatnot. And, the cool part is – and the reason why I’m linking to the WPTavern article is: it’s got a behind-the-scenes a little bit, about how some of the plugin developers from these plugins have actually been changing some of the critiques that Pippin has made.
And so, I think that’s really neat, and says a lot about Pippin’s reputation in the WordPress community; that he did this as an unbiased approach, and some of the plugin developers are actually fixing the things that he’s pointed out. So, I thought that was a really neat thing. And, if you’re interested in seeing about the – about what’s happening in the WordPress community when it comes to page builders, then this is a perfect article for you to read.
Another thing that I want to share is the Plugin of the Week, and this one – I believe I’ve talked about it before in the past, but I’ve just heard this one a lot in the news lately. And, it’s the Give plugin, and it is a WordPress donation plugin, and it basically allows you to start accepting donations with WordPress on your website. And so, it’s got a bunch of stuff built in. You can do a goal tracker– with a giving campaign. You can do a single page. A hassle-free donor giving page. You can do – you can make sure that there’s zero commission charges. You own all donation data.
There’s just a bunch of stuff that’s built into this, and it is a free plugin on the WordPress repository, so if this is something that’s interesting to you, go ahead and check that out, and there’ll be a link to it in the shownotes on episode No. 305.
Alright, today we’re going to dive in and we’re going to talk about different terms that I use every week when just describing things within the WordPress community, and WordPress space, and whatnot. And so, I just wanted to go through, and – these aren’t all of them. They’re as many as I could think of, but let’s just go ahead and dive right in. I’ve got them broken down into categories, and the categories are WordPress Core Concepts, Content Types, File Types, WordPress Data, Permissions, Security, Admin Tools, and Code. So, we’re gonna dive in, and just take a look at each of these in this area.
So, under the WordPress Core Concepts, you might have heard the terminology or acronym CMS, and that stands for Content Management System. And, it is a system that lets users add content to a website without having to directly code that content into a page. A CMS uses a database to store data, and then uses a set of files, like WordPress, in a theme or plugins, which would generate a output for the content of the website. And, that’s what a CMS is. So, WordPress is one of the most popular CMS’s that are out there.
Multisite Network is the next term, and it is a network of sites sharing one WordPress installation. By activating Multisite, you can host as many sites on your WordPress installation as you need; from two, to 2 million. And, the biggest multisite network is actually WordPress.com. It’s just a giant WordPress multisite installation. The next one is plugin. You may know what this one is, but a plugin is a set of code that adds extra functionality to your WordPress site. It could be as simple as changing the login, or logo, or as complex as adding E-commerce functionality. You can add plugins from your plugin screen from within your WordPress directory, you can write your own, you can buy them, or you can download them free from the WordPress plugin repository.
And, the last one in this category is a theme, and a theme is a set of files that WordPress uses to output content. It always includes two files: there’s a style – CSS, and index.php. The style sheet is necessary because it includes essential information about the theme. It also adds styling to your site, and the index.php file includes code such as the loop (which we’ll talk about in a little bit) and it’s used to fetch data from the database, and display it on a page. There could be a lot more type – file types inside your theme, but those are the two generic ones that you need for every single theme.
Alright, Content Types. What are Content Types within WordPress? Well, we’ve got Attachment, and this a file where you upload a page or a post to your site. It could be an image, or video, or audio clip, or PDF document that you wanna embed in your content. And, it’s something that you want to be able to be clicked on, or used within your WordPress site. Category is a in-built taxonomy that comes with WordPress. That means that you can classify your post with a category. So, you can break your post down into– even, what I’ve done on my website is: video, audio, and– text. You can break them up in that way, or whatever. You can really categorize your post to make it easy for people to find things across your website.
A page is a post type that comes as a default post type with a standard WordPress installation. It’s used for static content that you don’t need to list in your blog page, and it doesn’t update regularly. Some sites are based entirely around pages instead of posts, and most of these will have a hierarchical structure with a parent and child pages. Post – and this is where things can get a little bit confusing – a post is a post type, but it can also be used to refer to other post types. For the term post, it’s most generally used to create blog posts, or articles, or news updates, or things like that. But, for developers, a post can describe all posts contained within the wp_post table, including post pages, and more.
And so, it gets a little bit confusing there because a post is basically like a blog post, but then every piece of content is actually stored in the post table. So, within wu converse, then all of your order data, and your product data – that’s all stored within the orders – with – all within the post table of your WordPress database. The post format is a taxonomy that you can use to display your post in different formats. This is one– that had a lot of value a few years ago. They had different post format types, and now this is– a dinosaur of a term because we don’t use that very often anymore.
A post type, and this is – there’s five standard post types that come with WordPress: it’s post, pages, attachments, navigation menu items, and revisions. And, you can add your own post type, and these are most commonly referred to as custom post types. And, you can define what they do. So, on some websites, or like on my website, I have a webinar post type. And so, I put all my webinar information there. I have a speaking post type, where I put all of the information about the events where I’m speaking in that post type.
The next one is tag, and it is a built-in taxonomy within WordPress, and you use to identify posts on specific topics– in more detail than you would with category. So, if you think that a category would be like desserts on a recipe website, then maybe a tag would be “chocolate”, or “cake”, or “pie”, whatever that is. So, it’s a little bit more – better of a descriptor than a category.
A taxonomy is a classification of your post– of whatever type you maybe have. It comes built-in – WordPress comes with four built-in taxonomies: they’ve got Categories, and Tags, and Post Formats, and Link Categories, which – Link Categories are kind of old and we don’t use those anymore. But you can build in your own custom taxonomies. Basically, a custom taxonomy is a category for your custom post site. And so, that’s what a taxonomy is.
A term: a term is an item inside of the taxonomy. So, if you’ve added categories to your post, then each of the categories is a term in the category taxonomy. And a revision: a revision is a version of a post, or a page, that’s stored in the database in case you need to revert it at a later date. This is useful when you accidentally delete content from your post, or something else goes wrong.
The next one is – the next area that I wanna talk about are File Types. And so, we’ve got some different names for different file types: so, we’ve got Child Theme, and a child theme is a theme where you use to – use – add extra code to a parent theme. If you wanna edit a theme that you’ve bought or installed from a theme directory, you should always use a child theme to do this, instead of editing the theme directly. This is because any changes you make to the theme will be lost when it is updated. And so, you build a child theme.
A config file – or this is also referred to as “wp-config.php” defines how WordPress installation is configured. It is something edited by WordPress itself as you make changes to the admin screens, or you can edit it directly with – via FTP. You can also use the config file to activate multisite, or turn debugging on, or off.
The function file is – also sometimes called “functions.php” – is a file in your theme that doesn’t display content on your page, and instead you use it to just add functionality to your theme. The functions file will include things like adding customizer support, feature image support; any kind of custom functions that you add to your theme. A theme doesn’t have to have a functions.php file to work. And, other things that you can do with a functions.php file: you can rearrange the content of your website, you can filter things out so that you don’t see them on your site; you can do a lot of really cool things with the functions.php file.
The include file – an include file is a file that you add to a plugin, or sometimes a theme, that holds codes separately from the main plugin file. It can be useful to do this when adding a large amount of code to add specific functionality. It – for example, you may use it to include a file to add customizer support to a theme. So, that’s the include file.
The style sheet is a theme file which includes all of the CSS, or all of the cascading style sheet’s styling for your theme. And this is basically all of the colors, all of the images, all of the visuals behind what your theme looks like. It is also the file that includes the important details about a theme that include: the author, the name of the theme, the version number, things like that. So, that’s what the style sheet is.
The template file – the template file is a file within the theme that’s used to display content on the page of your site. So, everything must clude one, which we mentioned earlier, was index.php. But some themes include template files that – for specific content types, like page.php, or archive.php, and single.php. So, those are template files.
The next one to define is called template hierarchy, and this is a system that WordPress uses to identify which template file to use when displaying a given page on a site. Some template files are more specific to individual content than others. So, for example, WordPress will work through them in descending order if specifity – specicifity – until they find the one in your theme. So, this means that if your theme doesn’t have a template file for specific content type, it will fall back to a more generic file, ultimately defaulting to index.php.
The next one is template part, and a template part is the theme file that contains the code for just one part of the template file. You can use this to store code that you want to use within multiple files, such as the header.php, or sidebar.php, or footer.php. And then you can use these, and you can use functions called “get_header”, “get_sidebar”, and “get_footer”.
Alright, now let’s take a look at the WordPress Data. So, the database – this is a term we need to talk about referring to the data, and this database stores all of the data relating to your WordPress installation: it includes all content (so, posts, and pages, attachments, etc.) and user data options, configurations you made with plugins. All of that is stored in the WordPress database. The database consists of 11 tables when it comes default out of the box, but sometimes plugins will add their own tables to manage data and put data into your WordPress database. So, you should never edit your database directly. Instead, use WordPress Admin to make changes.
The next one is database table. So, a table in WordPress is– a table – let’s see. A table in the WordPress database holds specific kinds of data. So, “wp_post” holds all data relating to posts, and– there’s a table for taxonomy terms, and metadata, and stuff like that. And so, that all goes in those specific tables. Another thing when it comes to data is the loop, and the loop is a code in your theme that queries the database, and fetches, and outputs the current post. For a single post, or a page, it will run once, while on an archive page, it will loop repeatedly until all relevant posts have been outputted.
Metadata is data about data. It sounds kinda ridiculous, yeah, I know. But let’s explain it with a little bit more of an example. WordPress stores posts in the wp_post table in the database. Fields in this table are limited to predefined lists, including the post title, post content, date it was created, status report, etc. But if you want to add extra data to your post that isn’t covered by one of those fields, then that’s when you need metadata, which is sometimes referred to as a custom table. And then this can be anything that you want, from the weather to – when you created it, to the post data relating to SEO.
The query – the WordPress runs the query every time it accesses the database, and fetches content to output. So, every page on your site will be populated by a query, which is coded via the loop. And so, WordPress automatically queries the correct content depending on what’s being viewed. So, if you are looking at a single post, then the code will loop – will fetch the post; while it’s looking at an archive page, the loop will run over, and over again, so it’s output all of the posts necessary to go on that page. So, that’s the WordPress query.
Alright, now let’s look at Permissions real quick. There’s two that I wanna define here, and one is capability, and this lets a user perform a given action’s– like editing a post, or installing plugins. Each user role has defined set of capabilities assigned to it, which defines of what some that a role can do. And you can modify, and change these, especially if there’s a WordPress plugin. I think it’s called User Role Editor. Something like that, that you can go in, and you can say what each level and which role can do what.
And speaking of role, this is a– term that defines what a user’s able to do on your site. So, a super admin can manage a multisite network of all of sites. Administrator is usually what most people have on their website, and they can manage a single site, and they can do pretty much everything. Editor can publish, and manage posts, but they can’t manage site settings. An Author can write, and publish, and manage their own posts, but no one else’s. A Contributor can write, and manage their own posts, but cannot publish them. They must wait for an editor or admin to review, and publish. A Subscriber can’t add content, but can view content, and they can make comments if that’s a restrict – a subscriber can also look at restricted content, which is really nice.
Alright, when it comes to Security, we’ve got nonce keys, N-O-N-C-E. And this stands for “numbers used once.” It is basically a number that can be used once, normally within a URL. So, for example, if someone attempts to reset their password in WordPress, they’ll be sent a link that includes a nonce. Once they’ve clicked on that link, it can’t be used again. That means if someone else sees that, and they try to click on that same link, they can’t change their password again. So, that’s a nonce. Salt keys are what you add to wp_config file that add an extra layer of security to a site. They are secret keys within WordPress won’t work, and so there’s four of them: there’s an auth key, a secure auth key, a logged in key, and a nonce key.
They work by preventing hackers from accessing the cookies that store data about your site, such as login credentials. You should refresh them on a regular basis; roughly every two months. Our security plugins like Defender make this really easy. Sanitation is the process of cleaning your input data before it’s saved, be – for example, if you add a metabox in the post editing screen with a text box, you can use sanitation function to ensure that any text is stored in the correct format. If you’re saving an email address, sanitation will ensure that it’s correctly stored as an email address, and it doesn’t have any injected data that’s built into it.
Validation is the process of checking the data to make sure it’s valid before you’ve saved it to the database. You can add a validation box whenever you’re coding to some input, such as a text box. So, if you are a user that’s required to put an input, a validation will check to make sure it looks like an email address (i.e. that it’s in the correct form), and if it isn’t, then it won’t be accepted, and the user will see an error message. Once that data is validated, it should be sanitized to make sure that it is indeed a valid email address.
I’ve got two more sections, but I think I will save those for next week, and we’ll just wrap this episode up with – thanks so much for tuning in this week, and we’ll continue this list next week, just to make sure that this podcast doesn’t go super, super long. So, until next week, take care, and we’ll talk again then. Take care. Bye-bye.