Our WordPress Development Methodology
In short, our methodology to create high quality WordPress themes and plugins are:
- Design consistent and intuitive UI/UX.
- Write simple, secure and high performance code.
- Prefer handcrafted solutions. Avoid 3rd dependencies.
Consistent design is to create elements which have consistent look, feel and similar behaviors which help users get used to new contexts quickly without confusion or wasting time. It improves usability and learnability.
To be consistent when creating WordPress themes, we define a solid visual hierarchy of colors, typography, grids, spacings, buttons, cards, animation... by using CSS variables and reusable components to reduce page size and keep everything consistent with minimal code.
To be consistent when creating WordPress plugins, we try to reuse UI/UX of the WordPress core and dependent plugins. It is useless to make something look cool but does not benefit end users' business. Adding pointless code just makes clients' website more bloated.
The final thing is to ensure the best user flow for consistent UX. Most of the time, we ask friends and partners to check the user flow and listen to their opinions. But if customers require, we will take time to do A/B tests with real users, collect data and feedback then improve accordingly.
We always encourage customers to have: SSL enabled, an up-to-date WordPress system, regular backups and strong passwords. These things are essential for a secure WordPress website.
Nowadays, most hosting providers install SSL and do regular backups by default. All customers need to do are to secure strong passwords and update their WordPress system.
Our duty is to write secure code and this has never been easy, especially with WordPress. A discussion of secure coding for WordPress would be a massive tome. Below is our checklist for every project:
- No backward compatibility.
- Never store credentials in plaintext.
- Perform every remote action via SSH and HTTPS.
- Write simple code, no premature or over optimization.
- Always validate input data, never trust users even the administrator.
To be honest, it's impossible to build a completely secure WordPress website because of the diversity of the WordPress ecosystem. The point is to make it so hard to exploit that no one bothers.
Responsive and SEO ready are always available by default in our products.
The most important thing is speed because people do almost everything on mobile devices nowadays. And to achieve that, we have been follow these rules which make our products lightweight:
- Avoid dependencies.
- No backward compatibility.
- No outdated best practices.
- Use up-to-date technologies.
- Try to code everything manually.
- Write simple code, no premature or over optimization.
- Never work with immature frameworks, plugins and themes.
- Minimize requests, both to database and external resources.
The other thing to be aware is the metadata of WordPress. Most people use plugins to generate custom content types - this is never a good idea. Custom content types, generated via those plugins, are stored as metadata. The slowest thing to pull out from a WordPress database is the metadata. It requires extra sanitization, serialization, unserialization and heavy SQL queries. We recommend to use GenerateWP and a child theme to extend functionality of a theme.