Fix Hyphens in WordPress Media Titles

Dashes and Hyphens

Minor WordPress version updates are fairly safe to apply. I had never seen a serious bug being introduced in a maintenance release – heck, that’s what the releases are for, right?

That is, until a friend reached out saying that all Media uploads that had spaces in their file names started getting hyphenated titles. Sure, she could manually fix the titles after the upload, but with image-intensive sites, that’s just not practical.

I did some digging and it turns out that this is a known bug introduced in WP v4.6.1. The fix is ready for WP 4.6.2, but as of this writing there is no date scheduled for that release.

There is, however, a workaround in the ticket, and I’m adding it here for your benefit. Just copy the code below and paste it at the end of your theme’s functions.php file. Make sure to paste it before any closing ?> tag. Actually, if your functions.php has a closing ?> tag at the end of the file, feel free to remove it. It’s bad practice to keep them lying around that way.

Kudos to @SergeyBiryukov for the fix.

function wp37989_fix_encoded_attachment_titles( $data ) 
    if ( empty( $_FILES ) ) 
        return $data;

    $file = current( $_FILES );
    $ext  = pathinfo( $file['name'], PATHINFO_EXTENSION );
    $name = wp_basename( $file['name'], ".$ext" );

    $data['post_title'] = sanitize_text_field( $name );

    return $data;
add_filter( 'wp_insert_attachment_data', 'wp37989_fix_encoded_attachment_titles' );

Remember to remove it after you install WordPress 4.6.2. It won’t break anything if you don’t, but it’s redundant and will just take up some un-necessary CPU cycles.



P.S. Check out our Website Care Services and let us help you keep your site up and running.

The Latest Rumors About WordPress Are Wrong


Calypso has been the hottest topic in the WordPress community over the past week, following this announcement from Matt Mullenweg. While many have praised the development as genius, and a long time in coming, others have been less generous in their comments. In fact, there are some rumors and ideas being fervently discussed in various WordPress groups that are flat out wrong.

It all stems from confusion about what Calypso really is, and how it’s changing WordPress and the future development of that platform. Developers who have invested incredible amounts of time to create themes and plugins that are based on the traditional WordPress platform are understandably concerned that all of that work, and the basis for their businesses, could be going up in smoke.

We’re going to review how WordPress works today, how Calypso changes the platform, and what that really means to developers and site owners alike.

The Players

To understand how WordPress works in the background, let’s think about what happens when you go to a fast food restaurant. You order a burger and a few moments later you’re walking to your table with a tray filled with food. Is it magic? Nope. Behind the scenes, several employees were working hard to get your burger assembled to the chain’s standards. In the same fashion, when you load a web page, several things go on behind the scenes until a few moments later you see the page you requested.

HTTP Requests

There are 2 main actors in play when you access a web page. The first one, considered the front end, is the browser. When you type in the URL or click a link, the browser calls the second actor – the web server – requesting that page. The server identifies the type of file being requested and reads it into memory. Depending on the type of file, it will execute a set of instructions and then spit out the result for the browser to display. Simple enough, right? But where do PHP, MySQL, and JavaScript come into play?

PHP is considered a server-side language. It’s just one of many, but like any server-side language, it has no say whatsoever in what the browser does. The same goes for MySQL, one of many database systems. The web server calls the PHP script, which in turn calls the database, before generating the HTML code that gets sent back to the browser. That’s pretty much all that the browser reads.

However, a basic HTML page is dull and isn’t very useful by today’s standards. So browsers also have the ability to style the HTML output using CSS (Cascading Style Sheets), as well as execute predefined instructions that it gets from JavaScript blocks or linked external files.

For example, here’s what the site looks like with- and without CSS styling. Site with CSS Site without CSS


Bottom line – JavaScript is for browsers, PHP and MySQL are for servers (with the exception of Node.js which is a mini web-server that runs JavaScript in the back end. Calypso runs on a thin layer of Node.js to generate the initial page, but has not dropped PHP/MySQL altogether). More on this in a moment.


REST means Representational State Transfer. It is an architecture style that relies on regular HTTP requests from the front-end to the back-end. In short, it’s basically a one page load that calls several other mini page loads during the same run. Each mini call loads a piece of information.


WordPress is a Content Management System; system being the operative word. Its strength comes from the ability to extend it with plugins and themes. All WordPress plugins and themes are written in PHP and use MySQL to fetch and store data. In, the number of plugins and themes are limited and users do not have the power to install new ones – only to turn on those already vetted by Self-hosted users have over 10,000 plugins to choose from, again, all of which are built in PHP/MySQL.

The Problem

Now, let’s get back to Calypso. I saw a slew of incorrect reports and conclusions because of this statement on Calypso’s home page:

“The new codebase, codenamed “Calypso,” moves away from MySQL and PHP. It’s built entirely in JavaScript, and communicates with only using our REST API.

This statement led people to believe that no longer uses any PHP and MySQL. If that were true, it would mean that either they broke hundreds of plugins and themes that relied on the database, or modified them all to work with the new technology. Neither are likely. Especially since they say they use REST API.

It’s also a very confusing statement. The new codebase communicates with itself using their REST API? If you’re running from inside a single codebase, there’s really no reason to make an external HTTP request to yourself.

The fact is that Calypso,’s new Admin Interface is mostly just that – an Interface – a Client Side interface. Using our fast food analogy, to suggest that would no longer use PHP/MySQL is like you asking yourself for a burger, not using any bread or meat, and still expecting to get a tray filled with the same exact food as a result.

The PHP server language, and the MySQL database structure, is still a very necessary element to WordPress’s ability to deliver filling content.

This has been confirmed by WordPress:

The old page (or any web page, for that matter) never had any PHP and MySQL to begin with – just a ton of HTML, CSS, and lots of JavaScript. Is Calypso better than the original admin interface? Sure, it looks better and runs faster, but the announcement had misleading statements that essentially blows it out of proportions. and Security Concerns

Calypso is the new Admin interface for It can, however, work for self-hosted WordPress sites. (We recommend self-hosted WordPress, where you can use the SBI! for WP plugin. If you’ve installed WordPress from cPanel or downloaded it directly from, you have self-hosted WordPress.) If you have Jetpack installed and its Manage module enabled, you can use the new Calypso admin interface. However, if you follow the basics of WordPress security, then you’ll find that it won’t work at all. This is because it relies on the XML-RPC API, which many WordPress professionals agree should be turned off at all times as it has been the target of extensive attacks. WordPress 4.4 will be releasing an improved REST API, and hopefully Calypso will adopt that for communicating with self-hosted WordPress sites.

Alternatives to Calypso

So, you saw that you can manage multiple sites with Calypso and you really want to be able to do that without putting your self-hosted site at risk by enabling XML-RPC? ManageWP, InfiniteWP, and WPDash, just to name a few, provide good alternatives.

WordPress User Impact

What does Calypso mean to the average self-hosted WordPress user? Absolutely nothing. Maybe in the future, but not now. So there’s no need for alarm or action. But you should be aware of it, because it may create some changes for self-hosted WordPress in the future. And we don’t want you to be caught off guard. Trust us to give you up-to-date, ACCURATE information, without hype.

This article was written by Vinny Alves for SiteSell and originally appeared in the SiteSell Blog and has been republished with permission.

How to move a WordPress site in 10 minutes or less

WordPress Hosting

I’ve had a VPS server at for years to host UseStrict Consulting and other websites. I really enjoyed having root access and all the liberties that come with it. It was going really smoothly until I decided to try out Bitnami instead of the native PHP + Apache installs on my Ubuntu server – “if it ain’t broke…”, right?

But I did touch it and it did break. It turns out Bitnami has some php-fpm memory leaks that I couldn’t get around, and I figured I’d had enough of having to do sysadmin work for the time being. I decided I’d move to a managed hosting company where they’d take care of those issues for me. After some digging, I heard great things about SiteGround (yes, it’s an affiliate link – I like it so much that I endorse it) and decided to try it out.

After moving a few of my sites, I thought I’d share my experience on how to move a wordpress site. Yes, the title says it’s done in 10 minutes or less – I have it down to less than 5, honestly. It depends on how much practice you have, so your mileage may vary. 🙂

The rest of this article will assume that your new host give you access to cPanel and simple one-click WordPress installs. Let me know in the comments if you want the non-cPanel version and I’ll write it up.


Here are the ingredients you’ll need for a quick and easy move:

  1. SSH or SFTP Access to both old and new servers;
  2. cPanel access on the new server;
  3. Access to your domain’s DNS settings;
  4. Remember to replace all occurrences of below with the domain you’re moving;

If you’re not familiar with SSH, you’ll be able to do everything using SFTP and other tools like phpMyAdmin, but I find SSH faster. If you’re stuck with a Windows computer, look into getting PuTTY installed. In my days of having to use Windows, I’d also always use Cygwin.

Move a WordPress Site

The first thing you need to do is make sure your new host is ready to receive your domain. Go to your cPanel Home and set up the domain you want to move. If it’s your account’s primary domain, that’s already done. If it’s a secondary domain, create it as an Addon Domain. Let’s assume it’s an addon domain.

Creating an Addon Domain

Click on the Addon Domain icon in the domains section of cPanel. You’ll be taken to a page with a form to set up the new domain.

cPanel Addon Domains Icon

cPanel Addon Domains Icon

Fill in the form with your new domain. The rest (except for the password fields) will automatically be filled in for you. Feel free to change the default values, but for the purpose of this tutorial, we won’t change anything.

Create an AddOn Domain

Create an AddOn Domain

Click ‘Add Domain’ and this part is done. Next, we set up WordPress on the new domain.

Setting up WordPress

Back in your cPanel home, look for and click on the WordPress autoinstaller. Yes, you can choose to install WP yourself, but then you probably wouldn’t need these steps at all. But I digress…

cPanel Autoinstallers

cPanel Autoinstallers

SiteGround uses Softaculous to install applications. Granted, I don’t have much experience with cPanel (I’ve always done stuff manually) so I don’t know if it’s something every host uses or not. When you click on the WordPress autoinstaller, you’re taken to the Overview screen in the installer page. I’ve done this a few times now, and for some reason I’m wired to look for an install button at the bottom of the page. It’s not there. Look for the blue install button right next to the Overview tab.

WordPress Install Button

WordPress Install Button

Once you click on the ‘Install’ button, you’re presented with some basic fields to fill in. As you’re moving your site from your old host here, you really care about the following only:

  • Protocol (whether it’s HTTP or HTTPS)
  • Domain (select the AddOn domain that you just created)
  • Directory (leave empty to install WordPress under /home/youraccount/www/
  • Language (select the language of your existing WP install)

Now, you’ll have to live with the fact that the database name and credentials will be different, so if you have any third-party connections to your existing WordPress install, make sure to change them later.

Click ‘Install’ and wait until the progress bar finishes. You’re now ready to receive your old WordPress.

Export Your Old WordPress

The main thing here is that you want to export a dump of your old WordPress database. I use the terminal via SSH whenever I can. If you don’t like to use a terminal and SSH, export it via phpMyAdmin.

This is what I’d typically do via the terminal (on the old server):

$ mysqldump -u <username> -p  <database> | gzip -c > old-wp-dump.sql.gz

Adding the password to the command line isn’t safe, so we leave it out and get prompted for it after we hit enter. Note that we’re also compressing on-the-fly.

Once you’re done with the database, make sure to create a tarball of your old wp-content directory as well.

$ cd /path/to/wordpress/install
$ tar -czvf old-wp-content.tar.gz wp-content/

Download both files to your computer (or leave them temporarily in a place where you can access them via a browser on your old server).

Import Into the New Server

Now we need to get those two files into the new server. I’m still using SSH, but you can use SFTP if you want to.

First thing to do is to back up your new server’s automatically-created wp-content directory (or rename it using SFTP):

$ mv /path/to/www/ /path/to/www/

Back up the automatically-created database. You can find the credentials in your new wp-config.php file.

$ mysqldump -u <new-username> -p <new-database> | gzip -c > new-wp-backup.dump.sql.gz

Now move the old server’s files to your new server. If you chose to leave them in a place accessible via a browser, you can use wget (if it’s available in your new host – it is on SiteGround) to download them directly to your server. Otherwise use SCP or SFTP to upload them from your computer.

We’ll need to uncompress the files soon. Unfortunately, SiteGround doesn’t have gunzip, but you can get around that with gzip -d (and even create an alias for it in your ~/.bashrc file – alias gunzip="gzip -d ")

It’s time to do the actual move. The following commands will read the compressed information and handle them accordingly. To import the database, use mysql:

$ gunzip -c old-wp-dump.sql.gz | mysql -u <new-username> -p <new-database>

Again you’ll be prompted for the password after hitting enter. All of the old tables will be created, replacing the new ones as long as you used the correct table prefix when you ran the autoinstaller.

Now uncompress your old wp-content:

$ mv old-wp-content.tar.gz /path/to/www/
$ gunzip -c old-wp-content.tar.gz | tar -xf -

Replace the Auth Keys and Salts

WordPress uses several Authentication Keys and Salts. In order to avoid issues logging into your new server’s install, you’ll have to replace the salts in the new wp-config.php with the ones from your old one.

The entry in wp-config.php typically looks like this:

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these using the [email protected] secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 * @since 2.6.0
define('AUTH_KEY',         ';LM|C1Op{p`aE>6 FTO64{n#J2c,5KDK6:UxO.OGjHp[`<d%Wj<Fxid-Y_3}#rIn');
define('SECURE_AUTH_KEY',  '6b*K_`ie.A7b2):A-0&|arFv]+b04hT2g93TTRUJHBfp>DL=vJ-a}A9Rh:POjGg@');
define('LOGGED_IN_KEY',    'Q8853bl6ZP-F>r(>wpJhbQu>M|Jt{b6zCcUwR3oyA/6+y<~l#-~,JA-WE.L{ht+@');
define('NONCE_KEY',        'GzVYsIDpbKi%4,[email protected]>I=cM VF[u6AuQF20Cta)Hr9s<hh');
define('AUTH_SALT',        'FmSUv`pq2|%K}yb~r*e)+(,G1}:7I7;/TBxg>h_Ejm0HDD:Y^G&x,yf9t9IRD$3p');
define('SECURE_AUTH_SALT', 'C,QO;+Iu0xw&U}x7}+O_2PS#wn:&z?zh5:75Ys}b[emM2W@.0RT|;dgR+R<u8%[B');
define('LOGGED_IN_SALT',   'T_[R}qRiDS2Ye2z|V:A8?ogn,nU[}[+!wcD#W!X.2)ZC8n5*)sC*Y%Ks*&vo++eT');
define('NONCE_SALT',       '[lP_CFP70&i6l- )z(6Cw <o<0ZDG?sxJ&o&.t|m!xkX!z3$QLB.[dG9XRHE^ yd');

Test It

Your migration is now ready for testing. Pull up your new server’s IP address from your cPanel home and add it to your /etc/hosts file (C:\Windows\System32\Drivers\etc\hosts in Windows)

Save the file and test your website. You should not see any difference at all when viewing it or logging in.

Once you’re satisfied, change the DNS A entry to point from the old IP to the new IP and that’s it! You’ve moved your website successfully. Allow for a couple of days of DNS propagation before taking your old one down.

As an added bonus, if you’re dealing with a high-traffic site that gets lots of database changes, you can set up Remote MySQL connections in cPanel, whitelisting your old server’s IP for incomming connections, and then change your old server’s wp-config.php to connect to your new server’s MySQL database. That way changes coming from people who still have a cached DNS entry pointing to the old server will be made on the new database automatically.

A Technical SBI! for WordPress Review

SBI! for WP

It’s no secret that I spend my days working for SiteSell. I joined the SiteSell developer team as a Perl programmer in 2010 to work on their SBI! product. This was shortly before starting to develop WordPress plugins during my free time.

SBI! is a suite of tools to help entrepreneurs build online businesses, regardless of the niche – from cat pictures, to everything asphalt, birthday cakes, costumes – you name it, I’ve seen it! And they’re all very happy campers. SBI! offers them the Action Guide (a huge online book containing steps to follow to get their business up and running), hosting, a site builder, and a ton of other support tools. Perhaps one of the most important is Brainstorm It! – a keyword tool that helps people find their niche and decide which keywords to use in their content, based on interest (monthly searches) and competition (number of sites using the keyword).

One thing SBI! wasn’t prepared to do, however, was help struggling WordPress users with their own sites. So I took it upon myself to try and convince management to address this problem, due to my love of WordPress and its plugin interface.

Fast forward a few years and I find myself as the lead developer for SiteSell’s WordPress division, working on SBI! for WP, an adaptation of the tried and tested SBI! product.

Mike Allton, Susanna Perkins, and myself made up a team tasked with using The Lean Start Up methodology to find out how to best supply SBI! tools to a WordPress audience. After several months talking to bloggers and infopreneurs, we came to the conclusion that adapting Brainstorm It! to work within WordPress would be the best way to get started. And so SBI! for WP was born.

Review of the SBI! for WordPress Initial Process

When a user signs up for SBI! for WP, they get access to a fully revised Action Guide (aka the AG), especially tailored for WordPress users – from choosing hosting to how to select the best plugins . The AG was structured as an online course for ease of use, with completion progress and even a points system.

Once the user is familiar with the steps he needs to take, he can go to the Brainstorm It! tool (on SiteSell’s servers) to set up his niche and Master Keyword List  (the MKL) – a list of up to 5000 keywords related to the business, along with the numbers for interest, competition, and potential.

Review of the SBI! for WP Technical Background

The next step is to download and install the SBI! for WP plugin on their own site (my pride and joy). It’s hard not to get too technical, but this is a technical site so bear with me. I used the MVC Starter Plugin for WordPress (by yours truly), so the code is clean and concise, neatly separated into Models, Views, and Controllers. Communication with SiteSell’s servers is done via back-end API calls, and only when absolutely necessary.

For performance purposes, and as this is purely an Admin tool, it doesn’t even get instantiated on the front end. Once the user installs it, they receive a Welcome admin pointer with the option to take a tour of the settings. When the user connects to SiteSell’s servers, their MKL is downloaded to their site so that they have quick access to the keywords while writing posts or pages (or whatever other Custom Post Type they choose to use the keywords on).

If they want to use a keyword that is not in their MKL, they have the option to add it from the WordPress admin, and both systems are kept in sync. For larger systems that have multiple roles creating/editing content, the admin can choose which roles will have access to the keywords.

When using the keywords in the Edit Post/Page screen, the user also has access to Competitive Insights – a list of sites that use the selected keyword, offering opportunity to reach out and make partnerships. We also keep track of all posts and pages using that keyword within the user’s site.

All in all, SBI! for WP is an awesome service/plugin and I’m tremendously proud to be a part of it!

How to Identify Good WordPress Plugins in 4 Easy Steps

How to Identify Good WordPress Plugins in 4 Easy Steps

Over the past few months I’ve been working with Mike Allton and Susanna Perkins on a project that will try to give info-preneurs using WordPress an edge on creating content for their audience. On one of the less busy days, I wrote the post below detailing how I choose plugins for my clients.


How to Identify Good WordPress Plugins in 4 Easy Steps


So you’ve finally decided what the focus of your website should be and are ready to set up your WordPress install. You now need to select your theme and a series of plugins to build upon the core functionality you get from WordPress out of the box. With thousands of options to choose from, getting a plugin or theme that will not blow up and bring your site down is a challenge.

There are a few steps you can follow to ensure you have good quality WordPress Plugins for your site. Even if you aren’t a developer and can’t understand a single line of code, using these guidelines as a rule of thumb will give you some level of security.

These are the steps I take when helping my clients decide whether to adopt a plugin or not.

1. Check What Others Have To Say

With close to 40,000 plugins at the time of this writing, offers the ability for users to rate plugins. In the early days, it was possible to select the number of stars for a plugin without commenting on it. To make things fair for authors, people now have to state why they are casting their votes and the authors have the chance to defend themselves, if needed. Plugins with too many low-star ratings should raise a red flag, as long as the comments actually make sense. Be careful of detractors that are only out to troll authors without actually trying to provide constructive criticism.

2. Authors Should Provide (Fast) Support also offers support forums where users can ask authors for help. Some authors choose to provide support on their own sites. Personally, I think this is valid for paid plugins, but free plugins support should be kept where the free plugins are downloaded. Look for how many resolved topics there are in the recent past, and the time it takes for authors to reply. Authors get notified of new topics immediately, and should have a good reason to not reply within a reasonable time frame.

3. Plugins/Themes Should Be Updated Frequently

Let me take a poetic license here… Code is a Living Entity. There’s seldom such a thing as writing a plugin and never touching it again. It is virtually impossible for any piece of code to not need updates from time to time. With the wide variety of environments out there, there’s bound to be a scenario where a bug patch is needed. Also, is always releasing new updates to the core, and plugins and themes need to keep up. The plugin page will tell you when it was last updated, and up to which version of WordPress it has been tested with.

4. Check For Coding Best Practices

Granted, this part is a bit harder to do if you are not a developer. There are, however, a few things you can look for to identify a well written piece of software. You can find the source code in the “Developers” section of the plugin page in

Code is like a house – Keep it clean or it’ll become full of bugs. Proper spacing and indentation helps developers to easily understand what each part of the code does, as well as the intention of the previous developer when writing that piece. Another thing that helps understand code is commenting. If you look at the core WordPress files, you’ll see that they went to great lengths to properly document what each piece should do. No author remembers EVERYTHING they had in mind when writing code. If they say they do, run away – they’re either lying or they’re dangerously smart and might try to take over the world.

Object Oriented code is a Good Thing– Gone are the days when people could write code without structure. If you see words like class, static, public, private, protected, or extends, it is quite likely that the developer knew what s/he was doing. For the simpler plugins, this might be overkill as it usually comes hand-in-hand with more files and folders and it might be like killing a fly with a shotgun, but the danger of PHP is that it is so easy to use that it becomes easy to write BAD code.

Closing PHP tags are tricky – PHP comes with open and close tags, <?php and ?> respectively. Any white space after a close tag will be rendered by the web server, many times prematurely. If you see errors such as ‘headers already sent’, the culprit is likely to be white space after a closing PHP tag. Using closing tags at the end of a PHP file is not only unnecessary, but frowned upon. It’s better to see a comment indicating the end of file, than an actual closing tag.

Code should be tested – There are several techniques to test software. WordPress comes with a suite of test files that run via phpunit, a robust PHP testing tool. Plugins and themes should be tested, too. Look for a directory called ‘test’, or simply ‘t’ containing at least one PHP file.


Even if you follow all of these steps to the letter, you might still come across a bug. However, it is much less likely to happen and, if it does, you should be able to get fast support from the author. After all, you did follow step 2, right?

Important Changes to USC Plugin Sales and Support

When I started selling WordPress plugins at UseStrict Consulting, I planned to provide life-time updates and free support for all. As it turns out, there are a few fundamental flaws with this business model:

  1. There’s no control over unauthorized copies;
  2. Providing free support takes time away from coding new and exciting things;
  3. There is no business growth;

Over the following weeks, I will be implementing a plugin licensing system, and support will be provided to subscribers only. I believe this will be a win-win situation, as I will be able to provide (even) faster support and better plugins.

I’m still studying how to handle old clients, and will post updates as soon as I have more information.


MVC Starter Plugin for WordPress: Parent Class Overview

Inheritance with MVC Starter Plugin for WordPress

Except for Models, all classes in MVC Starter Plugin for WordPress are extensions of the Parent Class, defined in plugin-name.php. This makes it possible to call methods like load_lib() from anywhere in the child classes. This is important also because MVCSP works with singletons whenever possible.

Yes, I’m aware of the war regarding singletons, but when you look at debug logs and see that WordPress reloads your plugin at least twice in some cases, you really want to make sure that you’re not doing things more often than you should. If you still want to avoid singletons in load_lib(), you can. Refer to the section on that method to know more.

Support for PHP < 5.3

MVC Starter Plugin for WordPress comes with a bootstrap() method that instantiates/serves singletons. It relies on the native function get_called_class(), which was made available in PHP version 5.3. For those few who still run on PHP 5.2 and under, I strongly recommend that you have your hosting company upgrade or switch hosting companies to a more serious one. If that’s not a possibility, you can still use this Starter Plugin because it implements its own get_called_class() if the native one doesn’t exist. Like all methods, it is slower than native calls, so it really is better if you upgrade to a modern PHP version.

Best practices

In order to keep my code easily maintainable, I tend to follow these guidelines:

  • Place add_action and add_filter calls in the __construct() of Controllers
  • Make sure to check that admin-related logic is indeed running under the admin with checks to parent::is_admin().
  • Do the same for front-end logic, checking that parent::is_admin() is false.
  • Avoid having calls to non-controller methods inside the Parent Class constructor, with the odd exception of an abstract class that needs to be loaded beforehand.
  • NEVER have a closing PHP tag at the end of any file. Nobody likes to deal with “headers already sent” errors caused by extra space or newlines that shouldn’t be there. Instead, use a comment to indicate that the file has finished.
/* End of file file-name.php */
/* Location: plugin-dir/file-name.php */

Let me know if there are any other best practices you’d like me to add here.

MVC Starter Plugin for WordPress: Set Up

Template Variables

After you download the MVC Starter Plugin for WordPress, you’ll need to replace a few template variables across all existing files with values of your choosing. They are:

PLUGIN_NAME, PLUGIN_DESC, PluginClass, and <plugin-dir>

  • PLUGIN_NAME: The actual name of your plugin. This will appear in the Installed Plugins screen and in the Admin -> Settings submenu.
  • PLUGIN_DESC: The description of the plugin. This will appear in the Installed Plugins screen.
  • PluginClass: The overall class of your plugin. MVCSP is Object Oriented and all Controllers, DAOs, and Views should extend the parent class.
  • <plugin-dir>: MVCSP borrowed the end-of-file style from CodeIgniter, in the sense that it does not close PHP tags but instead has a comment to indicate that the file is not truncated. The <plugin-dir> tag is only used as part of that comment.

The Set-Up Helper Script

There are several methods to replace the template variables with your desired values. I personally like to use grep or find piped into a Perl one-liner. To make things easier, I included a script which takes a few parameters and runs some shell commands in the background. This only works for people using Mac or Linux machines, or probably Windows with Cygwin (not having used Windows in years, I haven’t had a chance to test it). Run it without any parameters and this is what you get:

Usage: perl ./ --long-name="The Plugin Name" --desc="Full Plugin Description" --class-name="DesiredPHPClassName"

All 3 parameters are required. Use a valid class name or your plugin will throw an error during activation.

The parameters are self-explanatory.

Note: Once you’ve run the script, the file plugin-name.php will be renamed to whatever name of the domain is. So suppose you extract the Starter Plugin zip file contents in to a directory called my-plugin, the file plugin-name.php will be renamed to my-plugin.php. WordPress will then have my-plugin/my-plugin.php as the plugin signature.

That’s all there is to setting up the Starter Plugin. You can now activate it in your Admin -> Installed Plugins.

If you want to set up your plugin to run tests, refer the Running Tests section.

MVC Starter Plugin for WordPress

A Little Background

This is the seventh anniversary of UseStrict Consulting. It was born out of my passion for Perl, long before I ever thought of writing plugins for WordPress.

A lot has changed since then – I fell in love with building WordPress plugins in 2011. Like with Perl back in 1998, it started as an itch that needed scratching. My first plugin wasn’t a simple task. I wanted to get live shipping rates from Canada Post to use on my wife’s online pharmacy running eShop. The end result was messy, but it worked… and still does!

Fast forward 4 years. Enter the MVC Starter Plugin for WordPress.

MVC Starter Plugin for WordPress

The MVC Starter Plugin for WordPress is the result of best practices adopted from CodeIgniter, Catalyst, and of course, the WordPress Codex. It is a robust Object Oriented Model/View/Controller framework for WordPress plugins. I haven’t released it to Github yet, as it’d be nice to get some peer feedback before I do that.

The framework comes with a few handy methods and classes, as well as test files which can serve as templates for your own tests. They are designed to work with the WordPress Unit Test Suite and phpunit. I’ll be adding the documentation below as time permits, but feel free to download MVC Starter Plugin and play around with it!


  1. Download
  2. Set Up
  3. The Parent Class
    1. Overview
    2. Method: bootstrap()
    3. Method: __construct()
    4. Method: is_admin()
    5. Method: load_lib()
    6. Method: load_all()
    7. Method: render_template()
    8. Method: set_env()
    9. Method: get_env()
    10. Method: log_msg()
  4. Admin Notices Controller
    1. The Notice Pool
    2. Method: set_notice()
  5. The Settings API
    1. Setting Controller Class
    2. Settings DAO and Model Classes
    3. The Settings View
  6. Ajax
    1. The Ajax Controller
    2. The Ajax Request Model