Want to create a plugin to extend WooCommerce? WooCommerce plugins are the same as regular WordPress plugins. For more information, visit Writing a plugin.
Your WooCommerce extension should:
- Adhere to all WordPress plugin coding standards and best practice guidelines for harmonious existence within WordPress and alongside other WordPress plugins.
- Have a single core purpose and use WooCommerce features as much as possible.
- Not do anything malicious or underhanded — for example, inserting spam links or upselling services outside of the WooCommerce.com ecosystem.
- Not subvert or override Marketplace connections in core — for example, extensions cannot create branded top-level menu items or introduce their own telemetry.
- Adhere to Marketplace compatibility and interoperability guidelines.
Merchants make use of WooCommerce extensions daily, and should have a unified and pleasant experience while doing so without advertising invading their WP Admin or store.
Note: We provide this page as a best practice for developers.
Check if WooCommerce is active
↑ Back to topMost WooCommerce plugins do not need to run unless WooCommerce is already active. You can wrap your plugin in a check to see if WooCommerce is installed:
// Test to see if WooCommerce is active (including network activated). $plugin_path = trailingslashit( WP_PLUGIN_DIR ) . 'woocommerce/woocommerce.php'; if ( in_array( $plugin_path, wp_get_active_and_valid_plugins() ) || in_array( $plugin_path, wp_get_active_network_plugins() ) ) { // Custom code here. WooCommerce is active, however it has not // necessarily initialized (when that is important, consider // using the `woocommerce_init` action). }
Note that this check will fail if the WC plugin folder is named anything other than woocommerce
.
Main file naming
↑ Back to topThe main plugin file should adopt the name of the plugin, e.g., A plugin with the directory name plugin-name
would have its main file named plugin-name.php
.
Text domains
↑ Back to topFollow guidelines for Internationalization for WordPress Developers, the text domain should match your plugin directory name, e.g., A plugin with a directory name of plugin-name
would have the text domain plugin-name
. Do not use underscores.
Localization
↑ Back to topAll text strings within the plugin code should be in English. This is the WordPress default locale, and English should always be the first language. If your plugin is intended for a specific market (e.g., Spain or Italy), include appropriate translation files for those languages within your plugin package. Learn more at Using Makepot to translate your plugin.
Follow WordPress PHP Guidelines
↑ Back to topWordPress has a set of guidelines to keep all WordPress code consistent and easy to read. This includes quotes, indentation, brace style, shorthand php tags, yoda conditions, naming conventions, and more. Please review the guidelines.
Code conventions also prevent basic mistakes, as Apple made with iOS 7.0.6.
Custom Database Tables & Data Storage
↑ Back to topAvoid creating custom database tables. Whenever possible, use WordPress post types, taxonomies, and options.
Consider the permanence of your data. Here’s a quick primer:
- If the data may not always be present (i.e., it expires), use a transient.
- If the data is persistent but not always present, consider using the WP Cache.
- If the data is persistent and always present, consider the
wp_options
table. - If the data type is an entity with
n
units, consider a post type. - If the data is a means or sorting/categorizing an entity, consider a taxonomy.
Logs should be written to a file using the WC_Logger
class.
Prevent Data Leaks
↑ Back to topTry to prevent direct access data leaks. Add this line of code after the opening PHP tag in each PHP file:
if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly }
Readme
↑ Back to topAll plugins need a standard WordPress readme.
Your readme might look something like this:
=== Plugin Name === Contributors: (this should be a list of wordpress.org userid's) Tags: comments, spam Requires at least: 4.0.1 Tested up to: 4.3 Requires PHP: 5.6 Stable tag: 4.3 License: GPLv3 or later License URI: http://www.gnu.org/licenses/gpl-3.0.html
Changelog.txt
↑ Back to topAll plugins need a standard changelog.txt file.
Your changelog.txt
file should look like this:
*** WooCommerce Extension Name Changelog *** YYYY-MM-DD - version 1.1.0 * Added - Useful new feature * Fixed - Important bug fix YYYY-MM-DD - version 1.0.1 * Fixed a bug YYYY-MM-DD - version 1.0.0 * Initial release
Changelog Entry Types
↑ Back to topTo showcase the different types of work done in a product update, use any of the following words to denote what type of change each line is:
add
added
feature
new
developer
dev
tweak
changed
update
delete
remove
fixed
fix
Plugin Author Name
↑ Back to topConsistency is important to us and our customers. Products offered through WooCommerce.com should provide a consistent experience for all aspects of the product, including finding information on who to contact with queries.
Customers should be able to easily differentiate a product purchased at WooCommerce.com from a product purchased elsewhere, just by looking through their plugin list in WordPress.
Thus, the following plugin headers should be in place:
- The
Plugin Author
isYourName/YourCompany
- The
Developer
header isYourName/YourCompany
, with theDeveloper URI
field listed ashttp://yourdomain.com/
For example:
/**
* Plugin Name: WooCommerce Extension
* Plugin URI: https://woocommerce.com/products/woocommerce-extension/
* Description: Your extension's description text.
* Version: 1.0.0
* Author: Your Name
* Author URI: http://yourdomain.com/
* Developer: Your Name
* Developer URI: http://yourdomain.com/
* Text Domain: woocommerce-extension
* Domain Path: /languages
*
* WC requires at least: 2.2
* WC tested up to: 2.3
*
* License: GNU General Public License v3.0
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
*/
Declaring required and supported WooCommerce version
↑ Back to topUse the follow headers to declare “required” and “tested up to” versions:
- WC requires at least
- WC tested up to
Plugin URI
↑ Back to topEnsure that the Plugin URI
line of the above plugin header is provided. This line should contain the URL of the plugin’s product/sale page on WooCommerce.com (if sold by WooCommerce) or to a dedicated page for the plugin on your website.
Woo Plugin Header For Updates
↑ Back to topWooCommerce core looks for a Woo
line in the plugin header comment to check for updates to your plugin from WooCommerce.com. This line looks like this:
Woo: 12345:342928dfsfhsf8429842374wdf4234sfd
When submitting your extension or adding a new version, we will automatically add this to the header of your main file. You are not required to add it manually, but you can opt to include it before uploading.
This is only used for products sold on WooCommerce.com. Ensure you do not use this for your product versions listed on WordPress.org or elsewhere. Including this header in other versions will prevent updates from working.
Vendors can find this snippet for their WooCommerce.com products by logging in to their logging into the Vendors Dashboard and going to Products > All Products. Then, select the product and click Edit product page. This snippet will be in the upper-right-hand corner of the screen.
See the plugin header comment example above for how the Woo
header looks in context.
Make it Extensible
↑ Back to topDevelopers should use WordPress actions and filters to allow for modification/customization without requiring users to touch the plugin’s core code base.
If your plugin creates a front-end output, we recommend to having a templating engine in place so users can create custom template files in their theme’s WooCommerce folder to overwrite the plugin’s template files.
Use of External Libraries
↑ Back to topThe use of entire external libraries is typically not suggested as this can open up the product to security vulnerabilities. If an external library is absolutely necessary, developers should be thoughtful about the code used and assume ownership as well as of responsibility for it. Try to only include the strictly necessary part of the library, or use a WordPress-friendly version or opt to build your own version. For example, if needing to use a text editor such as TinyMCE, we recommend using the WordPress-friendly version, TinyMCE Advanced.
Use of Third-Party Systems
↑ Back to topPlugins cannot send executable code through third-party systems. Loading code from documented services is allowed, but communication must be secure. Executing outside code within a plugin is not allowed.
For instance, using third-party CDNs for non-service-related JavaScript and CSS is prohibited. Iframes should not be used to connect admin pages.
Remove Unused Code
↑ Back to topWith version control, there’s no reason to leave commented-out code; it’s annoying to scroll through and read. Remove it and add it back later if needed.
Comment
↑ Back to topIf you have a function, what does the function do? There should be comments for most if not all functions in your code. Someone/You may want to modify the plugin, and comments are helpful for that. We recommend using PHP Doc Blocks similar to WooCommerce.
Avoid God Objects
↑ Back to topGod Objects are objects that know or do too much. The point of object-oriented programming is to take a large problem and break it into smaller parts. When functions do too much, it’s hard to follow their logic, making bugs harder to fix. Instead of having massive functions, break them down into smaller pieces.
Test Extension Quality & Security with Quality Insights Tool
↑ Back to topIntegrate the Quality Insights Toolkit (QIT) into your development workflow to ensure your extension adheres to WordPress / WooCommerce quality and security standards. The QIT allows the ability to test your extensions against new releases of PHP, WooCommerce, and WordPress, as well as other active extensions, at the same time. Additionally, the toolkit includes a command-line interface (CLI) tool that allows you to run and view tests against development builds. This helps to catch errors before releasing a new version. The following tests are available today:
- End-to-End
- Activation
- Security
- PHPStan
- API
- PHPCompatibility Tests
- Malware Tests
- Performance Tests (Coming soon)
- PHP Minimum Version Tests (Coming soon)
Maximize Compatibility and Reliability Through Custom E2E Tests
↑ Back to topWe strongly encourage the contribution of E2E tests for your extensions built on top of the Quality Insights Toolkit(QIT) custom E2E testing framework . By sharing these tests with us, you play a crucial role in ensuring true compatibility across different WordPress and WooCommerce versions, various PHP environments, and alongside other popular extensions. Our Custom E2E testing framework, equipped with a dockerized development environment and easy-to-use command tools, empowers you to design and execute comprehensive tests using Playwright that are tailored to your plugin’s unique functionalities. Not only does this initiative help mitigate potential compatibility issues before they affect users, but it also enhances the overall reliability of the products within our marketplace. Participating in this process not only contributes to a robust ecosystem but also elevates your extension’s reputation for quality and reliability. Please visit the QIT Custom Test documentation to begin leveraging the power of custom tests to guarantee your extension works seamlessly in real-world scenarios and stands out in the competitive marketplace.
Test Your Code with WP_DEBUG
↑ Back to topAlways develop with WP_DEBUG mode on, so you can see all PHP warnings sent to the screen. This will flag things like setting a variable before checking the value.
Separate Business Logic & Presentation Logic
↑ Back to topIt’s a good practice to separate business logic (i.e., how the plugin works) from presentation logic (i.e., how it looks). Two separate pieces of logic are more easily maintained and swapped if necessary. An example is to have two different classes — one for displaying the end results, and one for the admin settings page.
Use Transients to Store Offsite Information
↑ Back to topIf you provide a service via an API, it’s best to store that information so future queries can be done faster and the load on your service is lessened. WordPress transients can be used to store data for a certain amount of time.
Logging Data
↑ Back to topYou may want to log data that can be useful for debugging purposes. This is great with two conditions:
- Allow any logging as an ‘opt in’.
- Use the WC_Logger class. A user can then view logs on their system status page.
If adding logging to your extension, here’s a snippet for presenting a link to the logs, in a way the extension user can easily make use of.