I have a new theme I've designed (as a PSD) that needs to be developed. My biggest concern is to have the most stable and secure theme as possible. One that can be the best it can be to withstand the potential pitfalls of breaking during WP and plugin updates. I won't shortcut quality when hiring a developer, so I'm making the assumption that code will be well written.
Since I'm not a developer, I hope I expressed these question well enough so I don't embarrass myself too much.
A) Should I have a preference if the site is developed with a framework (Genesis, Bootstrap, etc...) or if it's written without a framework (just HTML5/CSS3/media-queries, etc...)? On one hand, I think a framework will present another layer or potential update issues, but on the other hand, I wonder if a well established framework (like Genesis) produces a more stable theme.
B) If a feature can be hard-coded vs using a plugin, is that a better option for long-term stability and security?
C) If you were to give me a few important tips that I should articulate to my developer, to create the most stable and secure theme, what would you suggest?
A) both are good options, with their pros and cons. A framework can provide a base code other people will be able to recognize easily and speed up development for example, but can be too heavy depending on your design
B)I'm an advocate of features and functionality in plugins, not themes, because most of the time they need to remain when a user changes theme. Example : custom post types, contact form, SEO settings, sliders, etc. Theme is for layout, design, plugins are for functionalities. And no, putting functionalities in the functions.php isn't faster than plugins.
C) use WP core functions whenever possible, don't reinvent the wheel. Sanitize all users input/output If there is any. You shouldn't have to worry much about multisites for a theme. Use theme check and thème test drive plugins during development to follow the WP theme guidelines
Thank you, Remy. Your take on using plugins vs custom coding makes perfect sense. You're right, I want to be able to easily change themes every couple years.
Seems opinions, based on my research and conversations over the past 24-hours, are leaning more toward hiring a Genesis developer, versus a roll your own solution. The biggest reason is because I'm so concerned with stability and security.
All depends upon you and your site's/theme's complexity.
1. If you need your theme to be clean and not flooded with unnecessary functionality then go for a starter theme rather then a theme framework(Genesis, Whiteboard). Theme frameworks are good when your site uses most of the functionality provided, else its a unnecessary overhead. A good starter theme to build upon will be 'Underscores' http://underscores.me
2. About features: these should be implemented using plugins. Starter themes don't come with so many features which make them lightweight and faster. Its a very good practice to implement the features through plugins, so that in future if you are changing the theme, your features don't get lost. :)
3. While developing:
-- Keep WP_DEBUG value true and use debug bar plugin to check for any errors, warnings, extra memory consumptions etc.
-- Do not use any deprecated functions while developing.
-- Always sanitize the user inputs and take care of XSS attacks.
-- Use WordPress defined functions to interact with Database, even if you need direct interaction with DB always wrap the queries inside $wpdb -> prepare which will take care of any SQL injections.
-- Theme checker plugin is a must while developing a theme.
-- Write lean, well-commented code following theme guidelines provided by WordPress so that on later stage any other developer can understand the code very easily. http://codex.wordpress.org/Theme_Review
Code is Poetry. :)
Thank you, Nirmal. Your comments about plugins match up with what I'm hearing through my research. Thank you as well for the "while developing" checklist.