Category: tech

I’m posting this list of the typical hook sequence for a wp_admin page request for no other reason than I’ve had it open in an IDE tab for about six months now, and constantly look at it. There’s no super-convenient place on the web where I can see this order absent a lot of other fluff (well okay there’s this and this which are actually quite good, but I don’t seem to look at them much.) Here, instead, with some redundancy removed, is a typical load order for an admin request:

muplugins_loaded
registered_taxonomy
registered_post_type
plugins_loaded
wp_roles_init
auth_cookie_valid
set_current_user
load_textdomain
sanitize_comment_cookies
wp_roles_init
setup_theme
unload_textdomain
load_textdomain
after_setup_theme
load_textdomain
init
registered_post_type
registered_taxonomy
widgets_init
register_sidebar
wp_register_sidebar_widget
registered_post_type
wp_loaded
auth_cookie_valid
auth_redirect
_admin_menu
admin_menu
admin_init
admin_bar_init
add_admin_bar_menus
current_screen
load-post.php
admin_action_edit
filter: replace_editor
admin_xml_ns
admin_xml_ns
admin_enqueue_scripts
enqueue_block_assets
rest_api_init
parse_tax_query
parse_tax_query
posts_selection
parse_term_query
pre_get_terms
metadata_lazyloader_queued_objects
parse_tax_query
parse_tax_query
posts_selection
metadata_lazyloader_queued_objects
parse_term_query
pre_get_terms
parse_term_query
pre_get_terms
parse_term_query
pre_get_terms
parse_tax_query
parse_tax_query
posts_selection
wp_enqueue_media
wp_enqueue_editor
enqueue_block_editor_assets
admin_print_styles-post.php
admin_print_styles
admin_print_scripts-post.php
admin_print_scripts
wp_print_scripts
admin_head-post.php
admin_head
current_screen
parse_tax_query
parse_tax_query
posts_selection
dbx_post_advanced
add_meta_boxes
add_meta_boxes_post
do_meta_boxes
do_meta_boxes
do_meta_boxes
edit_form_advanced
adminmenu
in_admin_header
wp_before_admin_bar_render
wp_after_admin_bar_render
admin_notices
all_admin_notices
in_admin_footer
admin_footer
pre-upload-ui
pre-plupload-upload-ui
post-plupload-upload-ui
post-upload-ui
print_media_templates
admin_print_footer_scripts-post.php
admin_print_footer_scripts
print_default_editor_scripts
admin_footer-post.php
shutdown

I’m currently working on two different WordPress plugin ideas, so I’m going to record them here … the theory being that if I do that I’m more likely to make substantial progress on them.

Idea 1:  a plugin to detect over-premissioned user accounts.  A very common security risk in WordPress is having lots of admin (or otherwise highly permissioned) accounts laying around when those accounts never take any actions that would require the capabilities of an administrator.  I’d like to make a plugin that detects this state of affairs based on real user behaviors and adds a indicator to user views (list, detail page) when a user has an inappropriate role.

Idea 2: A profiler for REST API endpoints a la Query Monitor or Debug Bar.  I’ve been kicking this idea around for some time now, but need to settle on an approach.  One idea might be to just extend Query Monitor in some way, though starting from scratch has a certain appeal too.  The obvious challenge is that of course results can’t be rendered on a webpage as in those other tools but must instead be returned from the testing request itself.