One of the most flexible content management systems in the entire world is WordPress, thanks to its powerful plugin architecture. Plugins enable you to enhance functionality of your website without editing core files. Though there are several thousand free and premium plugins, there are times when you might need a unique feature built for your business, workflow, or customer. That may be the time to build a custom WordPress plugin.
Table of Contents
In this tutorial, you will learn how to create a custom WordPress plugin from scratch step by step without being a full-time developer. We’ll discuss file structure, hooks, security, best practices, and more.
Understanding about WordPress Plugin
A WordPress plugin is a piece of software that hooks into WordPress and adds new functionality. It operates separately from your theme, so changing themes won’t affect your added features. Plugins are capable of performing simple tasks like adding a shortcode, but they can also carry out more complex operations like building membership systems, building payment gateways, or making custom dashboards.
WordPress plugins interact with hooks such as those.
- Actions – Triggered at specific points in WordPress.
- Filters let you change data before it is shown or saved.
With actions and filters, you can add code without modifying core WordPress files.
Setting Up Your Plugin Folder & File
-
Go to your website directory via FTP or local environment.
Navigate to:
wp-content/plugins/
-
Create a folder for your plugin, for example:
my-custom-plugin
-
Inside it, create your main plugin file:
my-custom-plugin.php
-
Now, open this file and add the plugin header:
<?php
/**
* Plugin Name: My Custom Plugin
* Description: A simple custom plugin created from scratch.
* Version: 1.0
* Author: Your Name
*/
This header tells WordPress about your plugin so it appears in the admin dashboard.
Writing Your First Function
Let’s create something small to ensure your plugin works. For example, we add a message to the footer.
function mcp_footer_message() {
echo “<p style=’text-align:center;’>Thank you for visiting our website!</p>”;
}
add_action(‘wp_footer’, ‘mcp_footer_message’);
Here’s what this does:
-
mcp_footer_message() is your custom function.
-
add_action allows WordPress to run this function when the wp_footer hook fires.
Adding Shortcodes to Your Plugin
Shortcodes let you insert custom elements into posts and pages easily.
Example shortcode: [mcp_greeting]
Add this inside your plugin file:
function mcp_greeting_shortcode() {
return “<div class=’mcp-greeting’>Welcome to our website!</div>”;
}
add_shortcode(‘mcp_greeting’, ‘mcp_greeting_shortcode’);
Now, when you type [mcp_greeting] inside a post, the message will appear.
Shortcodes are powerful for:
-
Forms
-
Custom widgets
-
Displaying database entries
-
Creating reusable content
Adding Custom Scripts and Styles
If you want to style your plugin output or add JavaScript functionality, create assets folders:
my-custom-plugin/
css/
style.css
js/
script.js
my-custom-plugin.php
Then enqueue them properly:
function mcp_enqueue_assets() {
wp_enqueue_style(‘mcp-style’, plugin_dir_url(__FILE__) . ‘css/style.css’);
wp_enqueue_script(‘mcp-script’, plugin_dir_url(__FILE__) . ‘js/script.js’, array(‘jquery’), false, true);
}
add_action(‘wp_enqueue_scripts’, ‘mcp_enqueue_assets’);
Never use direct <script> tags inside plugin code—always enqueue for compatibility and performance.
Working With Custom Admin Pages
A powerful part of plugin development is creating settings pages or tools inside the WordPress dashboard.
Add an admin menu:
function mcp_add_admin_menu() {
add_menu_page(
‘My Custom Plugin Settings’,
‘Custom Plugin’,
‘manage_options’,
‘mcp-settings’,
‘mcp_settings_page’
);
}
add_action(‘admin_menu’, ‘mcp_add_admin_menu’);
Create the settings page content:
function mcp_settings_page() {
echo “<h1>My Custom Plugin Settings</h1>”;
echo “<p>Configure your plugin options here.</p>”;
}
This gives users a place to configure plugin features.
Handling Form Submissions Safely
Security is crucial. WordPress provides nonces (numbers used once) to protect form submissions.
Example settings form:
function mcp_settings_page() {
?>
<h1>My Custom Plugin Settings</h1>
<form method=”post”>
<?php wp_nonce_field(‘mcp_save_settings’); ?>
<label>Enter Message:</label>
<input type=”text” name=”mcp_message”>
<button type=”submit”>Save</button>
</form>
<?php
}
Handle form submission safely:
if (isset($_POST[‘mcp_message’]) && check_admin_referer(‘mcp_save_settings’)) {
update_option(‘mcp_message’, sanitize_text_field($_POST[‘mcp_message’]));
}
Always remember:
-
Validate data
-
Sanitize input
-
Escape output
This prevents common vulnerabilities like XSS and CSRF attacks.
Adding Custom Database Tables (Advanced)
Sometimes plugins need their own database tables. WordPress provides the dbDelta() function.
Add this code on plugin activation:
global $wpdb;
$table = $wpdb->prefix . ‘mcp_data’;
$sql = “CREATE TABLE IF NOT EXISTS $table (
id mediumint(9) NOT NULL AUTO_INCREMENT,
name varchar(50) NOT NULL,
created_at datetime DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id)
)”;
require_once(ABSPATH . ‘wp-admin/includes/upgrade.php’);
dbDelta($sql);
Use activation hook:
register_activation_hook(__FILE__, ‘mcp_install’);
Custom tables are helpful for:
-
Forms & surveys
-
Logs and analytics
-
Custom applications
-
Saving plugin settings
Best Practices for Plugin Development
To create stable, secure, high-performance plugins, follow these best practices:
a) Use Prefixes
Avoid naming conflicts by prefixing all functions and settings (e.g., mcp_).
b) Follow WordPress Coding Standards
Indentation, naming, spacing—clean code prevents future headaches.
c) Keep Plugins Modular
Avoid large, monolithic files. Organize:
includes/
admin/
public/
d) Add Uninstall Cleanup
Remove plugin data when uninstalled:
register_uninstall_hook(__FILE__, ‘mcp_uninstall’);
function mcp_uninstall() {
delete_option(‘mcp_message’);
}
e) Avoid Adding Heavy Scripts
Only load assets when required.
f) Add Documentation
Comment your code especially if handing it off later.
Conclusion
The ability to create your own WordPress plugins allows full control. Your dependence on third-party limitations, plugin updates, and unneeded features that slow down your site is over.
Learning how to build plugins from scratch, gives you the ability to:
- Build custom solutions for clients.
- Create lightweight alternatives to bulky plugins.
- Improve site performance.
- Add unique features that stand out.
- Even sell plugins as premium products.
There are endless possibilities once you understand file structure, hooks and best practices.
