My WordPress cheat sheet

Be aware it's not an exhaustive list. You can click the arrow on the left to toggle elements.

The following sheet is about professional maintenance and development for customers, not WordPress for everyone as a publishing platform.

Permalink to heading Don’t, don’t, don’t Don’t, don’t, don’t

Permalink to heading Do, do, do Do, do, do

Permalink to heading Post types and taxonomies Post types and taxonomies

Built-in types
Navigation Menus
Custom CSS (additional CSS in the customizer)
Changesets (revisions in the customizer)
Built-in taxonomies
Posts vs. pages Pages are hierarchical and non-chronological. Posts are non-hierarchical and chronological.
Adding custom post types and taxonomies Follow that guideline. Alternatively, you can use the plugin Custom Post Type UI, but a better way would be WP-CLI.

Permalink to heading The database The database

WordPress uses MySQL as a database management system.

List of tables in a default installation
Use WP-CLI for manual operations You can read this post: WP-CLI beats SQL.
Accessing to the database from the code Use the built-in class Wpdb.

Permalink to heading Plugins Plugins

Creating a plugin You need at least a PHP file in the plugin directory (wp-content/plugins/) with a specific header:
However, you can put this bootstrap file in a specific folder under wp-content/plugins/ (good practice).
Must-used plugins Special path: wp-content/mu-plugins. WordPress loads mu plugins before regular plugins.
Drop-Ins plugins Special path: wp-content. Read that post for detailed explanations.

Permalink to heading Themes Themes

style.css // main stylesheet, required
index.php // main file, required
single.php // single views (posts)
archive.php // archive view (posts)
search.php // search results
page.php // pages
and many more
Built-in functions for includes
And many more.
Built-in functions to get data from database
And many more.
Loops of posts
<?php if ( have_posts() ) : ?>
    <?php while ( have_posts() ) : the_post(); ?>
        // code
    <?php endwhile; ?>
<?php endif; ?>

Permalink to heading Hooks Hooks

Hooks allow for modifying behaviors, restricting some areas, and filtering data on the fly without having to modify WordPress core files.

You can use built-in hooks and add your custom hooks.

do_action() / add_action() Actions are like JavaScript events. You can run/execute code for specific screens or at a very specific loading time.
do_action( 'example_action', $arg1, $arg2 );
function example_callback( $arg1, $arg2 ) {
    // (maybe) do something with the args.
add_action( 'example_action', 'example_callback', 10, 2 );
apply_filters() / add_filter() Filters are meant to modify data on the fly, for example before inserting data into the database or just before display.
$value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 );
function example_callback( $string, $arg1, $arg2 ) {
    // (maybe) modify $string.
    return $string;
add_filter( 'example_filter', 'example_callback', 10, 3 );
actions vs. filters Technically, add_filter() and add_action() are aliases, but, as we saw in the last two points, filters require you return a value, whereas actions allow you to execute code without returning anything. Always return a value when you use a filter. Otherwise, you might override critical data with null.

Permalink to heading The customizer The customizer

The customizer API is a built-in and extensible live-previewing feature for global options.

It’s comfortable for both users and theme creators.

List of available methods
add_action('customize_register', function( $wp_customize ) {
Only for administrators? By default, only administrators can use it as it needs the `edit_theme_options` capability, but it's possible to modify it:
add_filter( 'map_meta_cap', function( $caps, $cap, $user_id ) {
    $required_cap = 'edit_posts';
    if ( 'customize' === $cap && user_can( $user_id, $required_cap ) ) {
        $caps = [ $required_cap ];
    return $caps;
}, 10, 3 );

Permalink to heading Roles and permissions Roles and permissions

WordPress comes with a decent and out-of-the-box user management you can modify and extend.

6 default roles
Super Admin (multisite)
Capabilities All roles share common capabilities, but each role can have specific capabilities. Those permissions determine whether or not you can access to some features, run some operations, edit some contents, etc.

Permalink to heading REST API REST API

The WordPress REST API provides an interface for applications to interact with your WordPress site by sending and receiving data as JSON

List of all endpoints Read the documentation
A REST API The JSON REST API is a true REST API, you can consume it with any language you like (e.g. PHP, Python, JavaScript, etc.).

Permalink to heading Gutenberg Gutenberg

Use WP-CLI You can scaffold block

Permalink to heading Architecture Architecture

Use Bedrock Bedrock is a valuable boilerplate with a better and more secure structure for WordPress. It's powered by Composer.
Headless The modern trend is to use WordPress as a backend interface and handle the frontend without using the theme API (e.g. for a React app). Some ecosystems such as Gatsbyjs love that approach.

Permalink to heading Multisite Multisite

WordPress can be used to manage a network of multiple websites on the same installation. You could even create your own networks or blogging systems with it.

Enable multisite
define('WP_ALLOW_MULTISITE', true);
Subdomain vs. subfolder The subdomain installation (e.g. https://* requires a wildcard for the domain. The subfolder installation (e.g.*) works everywhere.
Users are "shared" All sites share the same user's tables. The multisite mode does not duplicate wp_users and wp_usermeta, but still, each site has its own users.
SQL tables Additional tables come with the multisite mode:
  • wp_blogs: list of all sites in the network
  • wp_blogs_versions: list of the database version status for each site
  • wp_registration_log: records the admin user created when each new site is created
  • wp_signups: users that have registered for a site with the login registration form
  • wp_site: list of all site URLs
  • wp_sitemeta: site data for each site of the network
Domain mapping Domain mapping is a native WordPress feature (4.5++) that allows for mapping multiple domains to the same installation, but the domains should be already mapped to the same DNS server as the installation.
Multi-networks and beyond A multisite installation is a network of websites, but it's possible to go even further with a multi-network installation if, for some valuable reasons, you need to build a galaxy of websites with multiple solar systems.