How to make your plugin compatible with WordPress Multisite?

How to Enable WordPress Multisite for your Plugin

So you have written a WordPress plugin, and need to enable it to work with WordPress Multisite.  Multisite allows the Network admins to install plugins on all their network blogs at once.

When it comes to plugin development, adding this feature is really not too difficult, but there are not many tutorials available to follow.  And while working on this feature, I came across one prominent tutorial with code that just didn’t  work.  So here’s the code that actually works!  This is written for version 4.3 and should work for WordPress versions as early as 3.0.0.

The code shown below is an excerpt from my Check Amazon Links WordPress Plugin.  Of course, you will have to change the function and class names to the names used in your plugin.

Code that actually works!

First, the Hook.  My hook looks like this because my activate function is inside of the class AmazonLinkCheckerCore:

register_activation_hook( __FILE__, array( 'AmazonLinkCheckerCore', 'activate' ) );

This hook will run on both single sites and multisite WordPress installations.  There is no need to specify a different activation hook for multisite, if you write the function as follows.

The function that’s called:

     public static function activate($network_wide) {
		if(is_multisite() && $network_wide) { 
                // running on multi site with network install
		        global $wpdb;
			$activated = array();
			$sql = "SELECT blog_id FROM $wpdb->blogs";
			$blog_ids = $wpdb->get_col($sql);
			foreach($blog_ids as $blog_id) {
				$activated[] = $blog_id;
			update_site_option('azlc_multisite_activated', $activated);

		} else { // running on a single blog

		// this sets a transient and should only be done once 	
                // put any code that should only happen once, network-wide, here:


Note that my activation code uses a transient to display the settings page after activation. Setting this transient on each blog caused a big bug, so I moved that code outside of the foreach loop.  If you don’t use a transient, just delete that line, but I left it here for demonstration purposes.  If you do use a transient, then change the code to point to the function that you wrote that generates the transient.

The function that’s called by the above function:

      public static function implement_activation() {
            // put your activation code here
            // for example, install databases
            // initialize options
            // whatever your plugin already does on activation, move here


You will also need to change your deactivation code so that it works in a similar manner to the above activation code.  Depending on your plugin, you may need to loop through all of the blogs and perform your deactivate code on each one.

Add this to your deactivation code:


Also, add code to check if any new blogs were installed on the network

This code will check if there are any new blogs installed and it will activate the plugin on those too.   This ensures that your plugin always runs on every single blog on the network.

	add_action('admin_init', array('AmazonLinkCheckerCore', 'multisite_check_activated'));

	public static function multisite_check_activated() {
		global $wpdb;
		$activated = get_site_option('azlc_multisite_activated');
		if($activated == 'false') {
			return false;
		} else {
			$sql = "SELECT blog_id FROM $wpdb->blogs";
			$blog_ids = $wpdb->get_col($sql);
			foreach($blog_ids as $blog_id) {
				if(!in_array($blog_id, $activated)) {
					$activated[] = $blog_id;
			update_site_option('azlc_multisite_activated', $activated);



Other Considerations

  • If you have a settings page, it will appear on each blog.  If you want to make the settings universal across all network blogs, you will have to implement a way to copy the settings from one blog to all.  Read this tutorial: How to make your plugin have universal settings on Multisite WordPress.
  • You may find settings that should always be the same on all blogs.  In that case, you want the setting to be a SITE OPTION instead of a regular option.  Instead of “update_option” use “update_site_option.”

Your feedback is important

I write this blog with sincere hope that I can help other WordPress developers.  Please let me know if this helped you, or if I made a bad error.  Thanks!


How to Debug WordPress WP-Cron Jobs?

Debugging php code that’s run by WordPress Cron is difficult because:

1) If you don’t know how to force the wp-cron job to run, you have to wait for it to be called on schedule. WP-Cron jobs are often run on an interval like hourly, daily, etc.

2) You can’t see any error messages on the website, even if you have WP-DEBUG set to TRUE.

Today I’ve had a lot of success in debugging wp-cron jobs. This is what I now know how to do, and I’m saving it here for my own future reference, and perhaps it will help you too!

Force WP-Cron Job to Run

This worked for me in WordPress 4.2.2
1. Install the plugin Core Control.
2. In WordPress Admin, go to Tools->Core Control.
3. Check off “Cron Module” and click save.
4. Click the link “Cron Tasks”
5. Click on “Run Now” next to the cron job you are debugging.
6. If an error occurs, it will say “Error occurred” at the top of the page.

Wordpress Core Control Plugin Cron Tasks Module
WordPress Core Control Plugin Cron Tasks Module

View PHP Error Messages

There are two ways I was able to view the error message today.  There should be a better way, and perhaps there is, but this is what I figured out.

View PHP Error Log

It turns out that my development server, which is a WAMP setup, is already recording all php errors in this file:


If you are running a local server, you may discover that error messages are already being recorded.  If not, here are instructions on how to set up the PHP error log for WordPress.

Because the log file had been recording errors (and notices) for what seems like a century, the file was huge.  To simplify debugging, I deleted the log file contents and saved it as a blank file.  Then I ran my cron job and checked the file again.  Ta-da!  My error was prominently displayed.

View PHP Error Message in PHP Storm with XDebug


If you can’t log errors or view the PHP error log, you can view the error while debugging… Keep reading to find out how…

Fix Problems that Don’t Cause Error Messages

Sometimes programming errors are errors in logic, or errors where you use the wrong variable (maybe a typo) and it doesn’t throw an exception but rather the program just doesn’t work correctly.

That’s when a debugger is really helpful!  If you don’t understand debugging, I suggest this course:  Debugging the Web: Javascript.  Yes, it’s about javascript, but it explains concepts that you can use in any programming language with any debugger. I watched it recently and the knowledge gained definitely applies to debugging WordPress.

These are the 3 pieces of software I use to debug WordPress and PHP:

  1. Xdebug
  2. PHP Storm
  3. XDebug Helper Chrome Extension

These are the tutorials I used to set up debugging:

How I debugged the WordPress Cron Job

  1. Set a breakpoint on the first line of the function called by wp-cron.
  2. Click “Play”
  3. When it stops at my breakpoint, click “Step Into” repeatedly until I see my error.

In my case, the error message was displayed in the debugger, next to the error_handler function (see the line above the blue line).  The text is gray, but it shows the contents of the $message variable:

Debugging WordPress with PHP Storm


And there you go, one more way to view your PHP error.  Hope this has helped you.  If you have any questions, I will try to answer them.

More About WP-Cron

WP-Cron can cause WordPress problems and might make your site run slow.  But, cron jobs often do very important tasks and disabling them will cause problems.  Here is how to fix this issue:

Properly Setting Up WordPress Cron Jobs


Sanitizing & Validating User Input for Amazon Product Advertising API

Summary:  Remove apostrophes to prevent Amazon from returning “No Results”

As a security-conscious web programmer, I always sanitize user input. It’s something you have to do to prevent attacks like SQL Injection and Cross-Site Scripting.  Basically it means that you never trust user input to be safe, and you always filter or sanitize it to remove potentially dangerous input.   PHP has lots of filters for sanitization, so that part is easy.  For Amazon item search, my PHP code filters the user input like this:

if(isset($_POST['title']) && !empty($_POST['title'])) {
     $search_values['Title']= filter_var($_POST['title'], FILTER_SANITIZE_STRING);

But there’s a second step.   In addition to sanitizing data, you also want to validate it to make sure that it’s in the expected format.  But, in order to validate correctly, you have to understand the rules about what’s expected. Sometimes the rules are obvious, but other times you’re working with a bit of a black box.

Third party APIs are like black boxes.  You can’t read the code.   You only have the documentation to rely upon.   Giving the wrong input will get you errors or no results, and you might not know what you’re doing wrong.  So, you need to experiment and see if you can figure out what’s allowed and what’s not.

This post is specific to the Amazon Product Advertising API, which is an Amazon service that allows you to look up product information, like availability, pricing, keyword search, etc.

I use the Amazon Product Advertising API for several different projects, and for one of them, my application uses the ItemSearch operation. Specifically, I often search the Books category by Title.

Amazon’s API behaves differently than the search function on their site.  On their site, if you put in an apostrophe, the site just ignores it.  When using the API, you get no results.

So, the solution is to always strip the user input of all apostrophes. Or, if you’re a fellow programmer, you might call them single quotes. If you leave the apostrophe in, you’ll get no results. If you remove it, you hopefully get lots of results!

In my program, I am sending the user input via an HTML Form using Ajax.  My browser actually encodes the user input before sending it to the server.  It encodes the apostrophe character as its html entity which is '.

So, in my back end PHP code, I remove the apostrophe with this:

str_replace("'", "", $my_search_string);

Problem solved!   In actuality, I have combined that function with my code for sanitization, and the whole thing looks like:


if(isset($_POST['title']) && !empty($_POST['title'])) {
     $search_values['Title'] = str_replace("'", "", filter_var($_POST['title'], FILTER_SANITIZE_STRING));