PHP for WordPress

Course Scope

This section teaches PHP with WordPress as the target runtime. The goal is not generic PHP theory first; the goal is to write safe, maintainable PHP that works inside themes, plugins, admin screens, forms, AJAX handlers, REST routes, and production WordPress sites.

Modules

• PHP Cheatsheet — quick-reference coverage for PHP language features and WordPress PHP APIs
• 1. PHP Foundations for WordPress
• 2. WordPress Execution Model
• 3. Themes and Template PHP
• 4. Plugin Development
• 5. Data Validation and Security
• 6. WordPress Database and Queries
• 7. AJAX, REST, and Forms
• 8. Debugging, Performance, and Production
• 9. Object-Oriented PHP and Autoloading
• 10. Custom Post Types and Taxonomies
• 11. Custom Fields, Metaboxes, and Settings
• 12. Users, Roles, and Permissions
• 13. Media Files and Uploads
• 14. Internationalization and Localization
• 15. Cron and Background Processing
• 16. HTTP API and External Integrations
• 17. Email and Notifications
• 18. WooCommerce PHP Basics
• 19. Multisite WordPress Development
• 20. Testing, Code Quality, and Deployment

Learning Goals

• Understand enough PHP syntax to read and write WordPress code confidently.
• Use WordPress hooks, template tags, queries, plugin headers, nonces, capabilities, and escaping correctly.
• Build small features as plugins instead of editing core or overloading theme files.
• Handle user input safely from forms, AJAX requests, REST endpoints, and admin pages.
• Debug PHP and WordPress problems without guessing.
• Structure larger WordPress codebases with classes, custom data types, background jobs, integrations, tests, and deployment habits.

Course Usage

Recommended Learning Order

Follow the modules in numeric order if you are new to PHP. If you already know PHP, start with WordPress Execution Model, then focus on hooks, security, database access, and production practices.

Use the PHP Cheatsheet as a lookup reference while building. It is organized by topic rather than lesson order.

Production Rule

WordPress PHP should be boring, explicit, and defensive: validate input, check permissions, escape output, avoid direct core edits, and keep site-specific behavior in small plugins or child themes.