My WordPress cheat sheet

Don’t, don’t, don’t

Do, do, do

Post types and taxonomies

Built-in types
Posts
Pages
Attachments
Revisions
Navigation Menus
Custom CSS (additional CSS in the customizer)
Changesets (revisions in the customizer)
Built-in taxonomies
categories
tags
Posts vs. pages Pages are hierarchical and non-chronological. Posts are non-hierarchical and chronological.
Adding custom post types and taxonomies Follow that guideline. Alternatively, you can use the plugin Custom Post Type UI, but a better way would be WP-CLI.

The database

WordPress uses MySQL as a database management system.

List of tables in a default installation
wp_commentmeta
wp_comments
wp_links
wp_options
wp_postmeta
wp_posts
wp_terms
wp_term_relationships
wp_term_taxonomy
wp_usermeta
wp_users
Use WP-CLI for manual operations You can read this post: WP-CLI beats SQL.
Accessing to the database from the code Use the built-in class Wpdb.

Plugins

Creating a plugin You need at least a PHP file in the plugin directory (wp-content/plugins/) with a specific header:
<?php
/**
* Plugin Name: YOUR PLUGIN NAME
*/
However, you can put this bootstrap file in a specific folder under wp-content/plugins/ (good practice).
Must-used plugins Special path: wp-content/mu-plugins. WordPress loads mu plugins before regular plugins.
Drop-Ins plugins Special path: wp-content. Read that post for detailed explanations.

Themes

Files
style.css // main stylesheet, required
index.php // main file, required
single.php // single views (posts)
archive.php // archive view (posts)
searchform.php
search.php // search results
404.php
comments.php
footer.php
header.php
sidebar.php
page.php // pages
and many more
Built-in functions for includes
get_header();
wp_nav_menu();
get_searchform();
get_sidebar();
get_footer();
get_template_part();
And many more.
Built-in functions to get data from database
the_content();
the_excerpt();
the_title();
the_permalink();
the_ID();
And many more.
Loops of posts
<?php if ( have_posts() ) : ?>
    <?php while ( have_posts() ) : the_post(); ?>
        // code
    <?php endwhile; ?>
<?php endif; ?>

Hooks

Hooks allow for modifying behaviors, restricting some areas, and filtering data on the fly without having to modify WordPress core files.

You can use built-in hooks and add your custom hooks.

do_action() / add_action() Actions are like JavaScript events. You can run/execute code for specific screens or at a very specific loading time.
do_action( 'example_action', $arg1, $arg2 );
function example_callback( $arg1, $arg2 ) {
    // (maybe) do something with the args.
}
add_action( 'example_action', 'example_callback', 10, 2 );
apply_filters() / add_filter() Filters are meant to modify data on the fly, for example before inserting data into the database or just before display.
$value = apply_filters( 'example_filter', 'filter me', $arg1, $arg2 );
function example_callback( $string, $arg1, $arg2 ) {
    // (maybe) modify $string.
    return $string;
}
add_filter( 'example_filter', 'example_callback', 10, 3 );
actions vs. filters Technically, add_filter() and add_action() are aliases, but, as we saw in the last two points, filters require you return a value, whereas actions allow you to execute code without returning anything. Always return a value when you use a filter. Otherwise, you might override critical data with null.

The customizer

The customizer API is a built-in and extensible live-previewing feature for global options.

It’s comfortable for both users and theme creators.

List of available methods
add_action('customize_register', function( $wp_customize ) {
  $wp_customize->add_panel();
  $wp_customize->get_panel();
  $wp_customize->remove_panel();
 
  $wp_customize->add_section();
  $wp_customize->get_section();
  $wp_customize->remove_section();
 
  $wp_customize->add_setting();
  $wp_customize->get_setting();
  $wp_customize->remove_setting();
 
  $wp_customize->add_control();
  $wp_customize->get_control();
  $wp_customize->remove_control();
});
Only for administrators? By default, only administrators can use it as it needs the `edit_theme_options` capability, but it's possible to modify it:
add_filter( 'map_meta_cap', function( $caps, $cap, $user_id ) {
    $required_cap = 'edit_posts';
    if ( 'customize' === $cap && user_can( $user_id, $required_cap ) ) {
        $caps = [ $required_cap ];
    }
    return $caps;
}, 10, 3 );

Roles and permissions

WordPress comes with a decent and out-of-the-box user management you can modify and extend.

6 default roles
Super Admin (multisite)
Administrator
Editor
Author
Contributor
Subscriber
Capabilities All roles share common capabilities, but each role can have specific capabilities. Those permissions determine whether or not you can access to some features, run some operations, edit some contents, etc.

REST API

The WordPress REST API provides an interface for applications to interact with your WordPress site by sending and receiving data as JSON

List of all endpoints Read the documentation
A REST API The JSON REST API is a true REST API, you can consume it with any language you like (e.g. PHP, Python, JavaScript, etc.).

Gutenberg

Block framework The custom package is one of the easiest way to build a Gutenberg block.
Use WP-CLI You can scaffold block

Architecture

Use Bedrock Bedrock is a valuable boilerplate with a better and more secure structure for WordPress. It's powered by Composer.
Headless The modern trend is to use WordPress as a backend interface and handle the frontend without using the theme API (e.g. for a React app). Some ecosystems such as Gatsbyjs love that approach.

Multisite

WordPress can be used to manage a network of multiple websites on the same installation. You could even create your own networks or blogging systems with it.

Enable multisite
define('WP_ALLOW_MULTISITE', true);
Subdomain vs. subfolder The subdomain installation (e.g. https://*.mynetwork.com) requires a wildcard for the domain. The subfolder installation (e.g. https://mynetwork.com/*) works everywhere.
Users are "shared" All sites share the same user's tables. The multisite mode does not duplicate wp_users and wp_usermeta, but still, each site has its own users.
SQL tables Additional tables come with the multisite mode:
  • wp_blogs: list of all sites in the network
  • wp_blogs_versions: list of the database version status for each site
  • wp_registration_log: records the admin user created when each new site is created
  • wp_signups: users that have registered for a site with the login registration form
  • wp_site: list of all site URLs
  • wp_sitemeta: site data for each site of the network
Domain mapping Domain mapping is a native WordPress feature (4.5++) that allows for mapping multiple domains to the same installation, but the domains should be already mapped to the same DNS server as the installation.
Multi-networks and beyond A multisite installation is a network of websites, but it's possible to go even further with a multi-network installation if, for some valuable reasons, you need to build a galaxy of websites with multiple solar systems.