3 min readTechnical

Technical

Building WordPress Plugins with Claude Code

3 min read

WordPress plugins used to require deep knowledge of PHP hooks, filters, and the WordPress API. Now I describe what I want the plugin to do, and Claude Code writes production-ready PHP code. Here is how I build custom plugins with AI agents.

Why Custom Plugins

Sometimes a client needs functionality that no existing plugin provides. Or an existing plugin does 90% of what they need but the remaining 10% requires customization that the plugin does not support. Custom plugins fill that gap.

The Plugin Structure

Every WordPress plugin needs a main PHP file with a header comment:

php
<?php
/**
 * Plugin Name: PLAI Custom Forms
 * Description: Custom form handling with email notifications
 * Version: 1.0.0
 * Author: PLAI
 */
 
// Prevent direct access
if (!defined('ABSPATH')) exit;
 
// Plugin code starts here

That is enough for WordPress to recognize and activate the plugin. Everything else builds on this foundation.

Directing Claude Code

Here is how I prompt Claude Code for plugin development:

'Build a WordPress plugin called Contact Notifier. When a Contact Form 7 submission happens, send an email notification to the site admin with the form data formatted in a clean HTML template. Include the submitter's name, email, and message. Use WordPress wp_mail() for sending. Hook into the wpcf7_mail_sent action.'

Claude Code generates:

  1. The main plugin file with proper header
  2. The hook registration for Contact Form 7
  3. The email template with HTML formatting
  4. Error handling and logging

Common Plugin Patterns

Custom Post Types

php
add_action('init', function() {
    register_post_type('testimonial', [
        'label' => 'Testimonials',
        'public' => true,
        'supports' => ['title', 'editor', 'thumbnail'],
        'has_archive' => true,
    ]);
});

Admin Settings Pages

php
add_action('admin_menu', function() {
    add_options_page(
        'Plugin Settings',
        'My Plugin',
        'manage_options',
        'my-plugin-settings',
        'render_settings_page'
    );
});

Shortcodes

php
add_shortcode('testimonials', function($atts) {
    $testimonials = get_posts(['post_type' => 'testimonial', 'numberposts' => 5]);
    ob_start();
    foreach ($testimonials as $t) {
        echo '<div class="testimonial">' . esc_html($t->post_content) . '&lt;/div>';
    }
    return ob_get_clean();
});

The Review Checklist

After Claude Code generates plugin code, I check:

  • All output is escaped with esc_html(), esc_attr(), or wp_kses()
  • Database queries use $wpdb->prepare() for SQL injection prevention
  • Nonces are used for form submissions (CSRF protection)
  • The plugin deactivation hook cleans up any created data

AI-generated WordPress code needs security review. The agent writes correct PHP, but security escaping is easy to miss and critical to get right.

See the WordPress Plugin Developer Handbook for the complete plugin development guide.

RELATED READING

Technical2 min

The Consulting Shift I Am Making In Year Two

After a year of writing and building, my consulting practice is changing shape. Shorter engagements. Sharper outcomes.

Read
Technical2 min

The Frontend Shift: Shipping Less JavaScript In Year Two

A year ago I reached for Next.js for everything. This year I often reach for nothing.

Read
Technical2 min

The Serverless Lesson I Would Write On A Sticky Note

After a year of shipping serverless projects, one rule explains most of the wins and all of the losses.

Read