WordPress As An Application Framework

A summary of my notes from my SyntaxCon 2017 “WordPress As An Application Framework” presentation.


Constraints of working in and around the WordPress application.

Built-In Overhead

Using any framework adds overhead to your application.  It is the trade-off for rapid development with well-vetted components.   The bigger the framework the more overhead.

WordPress did not originate with the intent to become an application framework.  In addition, Automattic continues to be driven by Matt’s what some would consider an over-zealous desire to maintain backwards compatibility with prior releases of the core product.   Along with those attributes comes some overhead you may not see in other frameworks.

WordPress Heartbeat

The “heartbeat” is one example.   WordPress is configured to fire off a “heartbeat” every 60 seconds.   When the heartbeat process executes it loads the entire WordPress application and runs configured “heartbeat tasks”.   That means all plugins and themes are loaded and executed, often doing nothing.   Depending what you have running on your site that can be a lot of overhead.    Most plugins and themes do not “short circuit” when the heartbeat happens despite the fact that they do not do anything to process or influence “heartbeat tasks”.   That means more overhead do literally do nothing.

On a positive note, one of the advantages of writing your own application on top of WordPress is that you are controlling the environment.  You can craft your own plugins and theme to short circuit if that piece of your app is not doing “heartbeat stuff”.   In the top of most of my plugins you will find the following line which basically says “don’t load up anything else in this plugin when the heartbeat comes in” saving file I/O and server memory.



Benefits of having pre-defined libraries and UI components.

Time Savings

Time savings at each phase of development.


Flexibility of WordPress as a foundation.


Extensibility of WordPress both internally and via exposed services.


Scalability of the application.

WordPress Plugin Overhead

I recently wrote an article on why you should bury the bulk of your plugin PHP code at least TWO levels deep from the top-level directory.  The short version: WordPress builds a list of every single PHP file in the plugin directory and first level subdirectories then opens every single one and reads the first 8K scanning for the /* Name: string to build a list of plugins and their meta.  This is triggered by the get_plugins() function in WordPress Core.

More investigation of WP Core 4.7.3 get_plugins and how moving your php files at least 2 levels deep can impact performance is warranted.  Understanding when WordPress is going to run this function will help you determine what the overall performance impact will be and whether or not it is worth modifying your plugins.

My old-school computer background tells me that file opens and string regex comparisons are costly even on today’s fastest solid state drive servers.    The operating system overhead of opening and closing files tends to be costly especially when servers now have millions or billions of file address pointers to  sift through to find the proper memory or disk offsets.  If you are running on one of the millions of old-school spinning magnetic disk servers that are still out there the performance hit will be even more significant.

What Calls get_plugins()



Import WordPress Administration Screen

Direct load, no function/method.

$plugins = get_plugins( ‘/’ . $plugin_slug );


Edit plugin editor administration panel.

Direct load, no function/method.

$plugins = get_plugins();


If $_REQUEST verify-delete is set.

if ( $folder_plugins = get_plugins( ‘/’ . $plugin_slug ) ) {



Administration API: Core Ajax handlers

function wp_ajax_update_plugin()

Ajax handler for updating a plugin.

$plugin_data = get_plugins( ‘/’ . $result[ $plugin ][‘destination_name’] );


Core class used for updating/installing language packs (translations)

public function get_name_for_update

Get the name of an item being updated.

$plugin_data = get_plugins( ‘/’ . $update->slug );


Upgrade API: Plugin_Upgrader class

public function plugin_info

This isn’t used internally in the class, but is called by the skins.

Needs further investigation.   If I recall this method is widely used.

$plugin = get_plugins(‘/’ . $this->result[‘destination_name’]); //Ensure to pass with leading slash

Called by:
  • class-plugin-installer-skin.php : $plugin_file = $this->upgrader->plugin_info();
  • class-plugin-upgrader-skin.php : $this->plugin = $this->upgrader->plugin_info();
  • class-plugin-upgrader.php:  $this->skin->plugin_info = get_plugin_data( WP_PLUGIN_DIR . ‘/’ . $plugin, false, true);


List Table API: WP_Plugins_List_Table class

public function prepare_items

Undocumented but in WP_List_Table this is what sets the list of items to show.

Looks like this will be called every single time you go to your plugins tab on WP Admin.

$all_plugins = apply_filters( ‘all_plugins’, get_plugins() );


WordPress Dashboard Widget Administration Screen API

function wp_dashboard_plugins_output

If you have plugins setup on your WP Admin Dashboard and the transient is expired….

$plugin_slugs = array_keys( get_plugins() );


WordPress Plugin Install Administration API

function install_plugin_install_status

Determine the status we can perform on a plugin.

If the status is install.   Minimal impact as it only will happen during a plugin install.

$installed_plugin = get_plugins(‘/’ . $api->slug);


WordPress Plugin Administration API

function validate_plugin

Validate the plugin path. Checks that the file exists and is a valid file. See validate_file().

Happens during plugin activation.

$installed_plugins = get_plugins();

Called By
  • plugin.php activate_plugin()
  • plugin.php validate_active_plugins()


WordPress Administration Update API

function get_plugin_updates


This is likely called from the update plugins routine that runs every 12 hours by default. This runs every time the function is called.

$all_plugins = get_plugins();

Called by
  • update-core.php :list_plugin_updates()
  • class-wp-automatic-updater.php : send_email() when success



A simple set of functions to check our version 1.0 update service.

function wp_update_plugins

Check plugin versions against the latest versions hosted on WordPress.org.

$plugins = get_plugins();

Why Your WordPress Plugin Should Have Almost Nothing In The Main Folder

As we continue to roll out our Store Locator Plus SaaS service built on top of WordPress as our application foundation we continually refine our plugin, theme, and API architecture.    One of the issues I noticed while testing performance and stability is how WordPress Core handles plugins.    Though WordPress caches plugin file headers there are a lot of cases where it re-reads the plugin directories.

What do I mean by “read the plugin directories”?

WordPress has a function named get_plugin_data().   Its purpose is simple.  Read the metadata for a plugin and return it in an array.   This is where things like a plugin name, version, an author come from when you look at the plugins page.

However that “simple” function does some notable things when it comes to file I/O.   For those of you that are not into mid-level computer operations, file I/O is one of the most time consuming operations you can perform in a server based application.   It tends to have minimal caching and is slow even on an SSD drive.   On old-school rotating disks the performance impact can be notable.

So what are those notable things?

It is best described by outlining the process it goes through when called from the get_plugins() function in WordPress Core.

  • Find the WordPress plugins directory (easy and fast)
  • Get the meta for every single file in that directory using PHP readdir and then…
    • skip over any hidden files
    • skip over any files that do not end with .php
    • store every single file name in that directory in an array
  • Now take that list of every single file and do this…
    • if it is not readable, skip it (most will be on most servers so no saving time here)
    • call the WP Core get_plugin_data() method above and store the “answers” in an array , to do THAT, we need to do THIS for all of those files
      • call WP Core get_file_data() which does this..
        • OPEN the file with PHP fopen
        • Read the first 8192 characters
        • CLOSE the file
        • Translate all newline and carriage returns
        • Run WordPress Core apply_filters()
        • Do some array manipulation
        • Do a bunch of regex stuff to match the strings WordPress likes to see in headers like “Plugin Name:” or “Version:” and store the matching strings in an array.
        • Return that array which is the “answers” (plugin metadata) that WordPress is interested in.
    • take that array and store it in the global $wp_plugins variable with the plugin base name as the key to the named array.

In other words it incurs a LOT of overhead for every file that exists in your plugin root directory.

Cache or No Cache

Thankfully viewing a plugin page tends to fetch that data from a cache.   The cache is a string stored in the WP database so a single data fetch and a quick parsing of what is likely a JSON string and you get your plugins page listing fairly quickly.   However caches do expire.

More important to this discussion is the fact that there are a LOT functions in the WordPress admin panel and cron jobs that explicitly skip the cache and update the plugin data.  This runs the entire routine noted above to do that.

Designing Better Plugins

If you care about the performance impact of your plugins on the entire WordPress environment in which it lives, and you SHOULD, then you may want to consider a “minimalist top directory approach” to designing your plugins.

Best Practices on the Plugin Developer Handbook mentions “Folder Structure” and shows an example of having something like this as your plugin file setup:

However they don’t get into the performance details of WHY you should have an includes directory and what goes in there.

In my opinion, EVERYTHING that is not the main plugin-name.php or uninstall.php file should go in the ./includes directory.  Preferably in class files named after the class, but that is a discussion for another blog post.

If possible you may even want to try making plugin-name.php as minimalist as possible with almost no code. Even though the fread in WordPress Core get_file_data() only grabs the first 8192 characters, most of that content is “garbage” that it will not process because it is not part of the /* … */ commentary it is interested in.   If you can get your main plugin-name.php file to be something like 4K because it only includes the header plus a require_once( ‘./includes/main-code-loader.php’); or something similar the memory consumption, regular expression parser and other elements used by get_file_data() will have less work to do.

No matter what your code design, it is going to have some performance impact on WordPress.   My guess is it will be especially notable on sites that have 3,987 plugins installed and are running an “inline” WordPress update.   Ever wonder why that latest version of your premium (not hosted in the WordPress Plugin Directory) plugins don’t show up?   It could be because WordPress spent all the time granted to a single PHP process reading the first 8K of 39,870 files because all those plugins had a dozen-or-so files in the root directory.

Help yourself and help others.  Put the bulk of your plugin code in the includes folder.  The WordPress community will thank you.


Wiring WordPress Media Uploader Into Your Web App

As predicted, the “premium” theme I purchased to make things happen on the HereMusic.Live site needs more tweaking.  Today I am diving into the proper way to wire the WordPress media uploader into a plugin after learning the theme not only cannot handle a media file with parenthesis in the name but it also is dropping the media title into the URL field on the form.  Ugh.

Most of the magic for the WordPress Media interface is managed via JavaScript.    I’m going to focus on the JavaScript portion of the code, assuming an app already has a basic form on an admin page that needs media uploaded and gets the URL put into a form element.   I’m also going to assume you know how to attach basic “on click do this” to an HTML element using jQuery or inline onClick methods.

Rip Out Thickbox

The old-school method of attaching to the WordPress media uploader was to tie into the Thickbox-driven media interface.   If you look into an existing WordPress plugin or theme and see the JavaScript littered with tb_show() and window.send_to_editor references there is a very good chance it is using the outdated Thickbox model.

I’m not sure where this model is breaking down on my WordPress 4.7 site but somehow the html parameter on the send_to_editor() call is only receiving a string containing the file title.

Time to rip it out and replace it with the thinner and generally better-designed wp.media model.  It was introduced eons ago (in modern web app terms) and should be the go-to method for implementing this feature.

Insert wp.media

As with many of the “black magic” features of WordPress, wp.media is not well documented on the new developer guides and function references.   Most of the knowledge we’ll need has to come from the “old” Codex wp.media pages.

The basic concept is simple:  When the user clicks the add button create a new wp.media JavaScript object and open it.

wp.media Details

We start by defining a media_frame variable in JavaScript at a global scope so we can make it a singleton; in essence don’t fire up a new popup wp.media form every time someone clicks the button.

Next we attach an anonymous function to the click event on the button that will do some general maintenance, set some properties for the wp.media object, and tell that object what we want to do when the user selects a file.   Remember that whether the user has just uploaded a new file or picked from an existing file the application considers this a ‘select’ action in either case.    The last step of this click function is to open the wp.media object which fires up the standard WordPress upload/select window.

Example Details

The initial implementation:

Always preventDefault() on these actions to prevent conflicts with other things that may be attached to the click event stack in  your web app or browser.

Check if the media_frame global variable is active.  If it is then our media form is open somewhere.   Re-open it (show it) and leave.  This cuts down on the overhead of re-creating the window object every time we click the button.

Create the wp.media object and attach it to the media_frame variable.  This is a single instance of the media selector.  Pass in some attributes for the window title, button label, and multiple selection options.   Later we’ll use localize_script() in the PHP side of the code so we have an app that is gettext() , and thus i18n/l10n, compatible.

Before we get into the frame  processing ,  grab a sibling field on the HTML form that contains the add button we clicked to fire up the form.  My example HTML form has an input text field with the class mea_box_upload_file where we put the URL for the file we are selecting.

The select is processed with an .on( ‘select’ … ) trigger.    When the user clicks the “Use This” button (our label for the select button) it will fire the anonymous function defined here.   The details of the file they selected is retrieve in the media_frame.state().get(‘selection’).first().toJSON() call.    I then use the variable I set earlier that points to my URL field on my HTML form and set the value to the file’s url property.

With all the triggers and properties set for the media window I can now open the media selector as the last step of the button click process.


Follow Up Feb 1 2017

Additional notes and a complete code example.

First – wp.media has a frames property where you can (should?) attach your active frame instead of managing it “by hand” within your JavaScript.

Second – return false from the function that you invoke the media from.   Depending on where you call your modal open() you may get the entire stack of media windows opening.  In my plugin I was getting my custom modal plus a default modal provided by WordPress on an admin setting page.

Third – I’ve refactored the default code you see on nearly EVERY example of doing the frame open where it first checks to see if the frame exists, if it does return frame.open() and if it does not do the setup then return frame.open().   Nearly every time you call the same method twice within a few lines of code it can be refactored to be more efficient.  That is included in my example.

New Example

This is from my Store Locator Plus code.    I use a block scope variable that I change every time a user clicks a button so I know which setting to update with the image URL the user selected.    This allows the on(‘select’) code for the window frame itself to remain static.  Better caching and code compression can happen with this setup.

The class the creates the HTML code.  Obviously a partial example as this web app uses all kinds of objects and inheritance to manage oft-repeated code segments.


JavaScript: wp.media

The Codex says… JavaScript Reference wp.media.


This magic WordPress function will enqueue all of the JavaScript elements needed to work with the media uploader provided by WordPress core.

Needs to be fired in/after admin_enqueue_scripts in the call stack.

The Codex says… wp_enqueue_media() 

The Code Reference says… wp_enqueue_media().

Hacking WordPress – Articles About Coding Plugins and Themes

Recently I’ve begun building a music directory site.    I purchased a premium theme and the accompanying premium plugins.    Sadly, premium does not necessarily mean well-written.   Turns out this theme and the associate plugins do a few good things, look great on the surface and do a lot of really horrid things in the background.   If I were launching a personal site, like this bio blog, I’d not worry about it.   However the long term goal is to build a music directory that handles hundreds-of-thousands of page loads every month.   It needs to be fast without having to run it on IBM’s Watson to do so.

I’ve decided to fork the theme and the plugins and start hacking them into shape.    Coming soon will be the first in a series of “hacking WordPress” articles.   The first article will be about how to now load your plugin code on every single admin page on the site.

If you are writing WordPress Themes or plugins and have a question or an idea for a post, please let me know.   If I can’t answer the question myself I will try to find a guru that can.


%d bloggers like this: