Author: Ankit Panchal

How I Handle Support Without Losing My Mind
When I released my first few plugins, I was excited to see people using them.
Until the support tickets started rolling in.

Some were polite. Some were rude. Some made no sense.
And at one point, I was spending more time answering emails than writing code.

That’s when I realized: support isn’t just about solving problems — it’s about managing energy.

Here’s what I do now to keep support sane, consistent, and (mostly) stress-free.

1. I Document Everything Once

If I find myself answering the same question more than twice, I write a public answer.
- I create a help doc or FAQ.
- I link to it from the plugin page.
- I include it in the plugin settings UI if needed.
This reduces back-and-forth.
More importantly, it respects both my time and the user’s time.

2. I Don’t Rush Replies

It’s tempting to reply instantly, especially when someone’s frustrated.
But I’ve learned that urgency creates anxiety.

Unless it’s critical, I give myself permission to reply in 24–48 hours.
And most users are okay with that — as long as they feel heard.

3. I Separate Support from My Creative Time

I don’t check support when I’m in “build mode.”
Instead, I batch replies once or twice a day — usually in the afternoon when my energy dips.

This way, support doesn’t hijack my creative flow.

4. I Use Snippets, Templates, and Saved Replies

Over time, I’ve built a library of saved replies for common situations:
- Troubleshooting steps
- “This is not a bug, it’s expected behavior”
- “Here’s a snippet to solve that”
It’s not robotic — it’s efficient.
And I always personalize the start and end of every message.

5. I Accept That Not Everyone Will Be Happy

Some users will never read the docs.
Some will blame your plugin for a conflict caused by something else.
Some just want to vent.

I don’t take it personally anymore.
I do my best, but I don’t carry it beyond that.

Final Thought

Support is part of the job.
But it doesn’t have to steal your time, your energy, or your joy for building.

Set boundaries, stay kind, and automate where it makes sense.
And remember — for every tough support ticket, there’s a happy user you helped quietly. That’s who you’re building for.
June 9, 2025
Dev Tip #4: Handling AJAX in WordPress (The Clean Way)
Using AJAX in your plugin can make it feel fast and modern — but if you don’t structure it right, it can become messy and insecure fast.

Here’s how I handle AJAX calls the clean and secure way in WordPress.

1. Enqueue Your Script with ajaxurl

When enqueuing your JavaScript, always localize it with the ajaxurl.
add_action( ‘admin_enqueue_scripts’, function() { wp_enqueue_script( ‘my-plugin-admin’, plugin_dir_url( __FILE__ ) . ‘admin.js’, [ ‘jquery’ ], ‘1.0’, true ); wp_localize_script( ‘my-plugin-admin’, ‘myPlugin’, [ ‘ajax_url’ => admin_url( ‘admin-ajax.php’ ), ‘nonce’ => wp_create_nonce( ‘my_plugin_nonce’ ), ] ); });
```
add_action( 'admin_enqueue_scripts', function() {
    wp_enqueue_script( 'my-plugin-admin', plugin_dir_url( __FILE__ ) . 'admin.js', [ 'jquery' ], '1.0', true );
    
    wp_localize_script( 'my-plugin-admin', 'myPlugin', [
        'ajax_url' => admin_url( 'admin-ajax.php' ),
        'nonce'    => wp_create_nonce( 'my_plugin_nonce' ),
    ] );
});
```
2. The JS Side (Calling AJAX)
jQuery(document).ready(function($) { $(‘#my-button’).on(‘click’, function() { $.post(myPlugin.ajax_url, { action: ‘my_plugin_do_something’, nonce: myPlugin.nonce, data: ‘SomeValue’ }, function(response) { console.log(‘Server says:’, response); }); }); });
```
jQuery(document).ready(function($) {
    $('#my-button').on('click', function() {
        $.post(myPlugin.ajax_url, {
            action: 'my_plugin_do_something',
            nonce: myPlugin.nonce,
            data: 'SomeValue'
        }, function(response) {
            console.log('Server says:', response);
        });
    });
});
```
3. The PHP Side (Handling AJAX)
add_action( ‘wp_ajax_my_plugin_do_something’, ‘my_plugin_do_something_callback’ ); function my_plugin_do_something_callback() { check_ajax_referer( ‘my_plugin_nonce’, ‘nonce’ ); // Capability check if needed if ( ! current_user_can( ‘manage_options’ ) ) { wp_send_json_error( ‘Not allowed’ ); } $value = sanitize_text_field( $_POST[‘data’] ?? ” ); // Do something here… wp_send_json_success( ‘Success! You sent: ‘ . $value ); }
```
add_action( 'wp_ajax_my_plugin_do_something', 'my_plugin_do_something_callback' );

function my_plugin_do_something_callback() {
    check_ajax_referer( 'my_plugin_nonce', 'nonce' );

    // Capability check if needed
    if ( ! current_user_can( 'manage_options' ) ) {
        wp_send_json_error( 'Not allowed' );
    }

    $value = sanitize_text_field( $_POST['data'] ?? '' );

    // Do something here...

    wp_send_json_success( 'Success! You sent: ' . $value );
}
```
Bonus: For Frontend Users

If you want AJAX support on the frontend too:
add_action( ‘wp_ajax_nopriv_my_plugin_do_something’, ‘my_plugin_do_something_callback’ );
```
add_action( 'wp_ajax_nopriv_my_plugin_do_something', 'my_plugin_do_something_callback' );
```
This lets non-logged-in users run the same AJAX handler — great for forms, voting, tracking, etc.

Final Thought

Keep your AJAX code:
- Localized with nonces
- Protected with check_ajax_referer()
- Cleanly separated in JS and PHP
- Always sanitized and validated
Done right, it makes your plugins feel snappy and pro.
May 28, 2025
Dev Tip #3: Plugin Security Basics I Never Skip
Security isn’t the flashiest part of plugin development — but it’s the part that breaks trust the fastest when ignored.

These are the basics I always keep in mind while building plugins. They’re simple, but missing even one of them can open up real problems.

1. Escape Output, Always

Whenever I print something to the screen, especially user-generated content or dynamic settings, I escape it properly:
echo esc_html( $setting_value );
```
echo esc_html( $setting_value );
```
Use the right escaping function for the context:
- esc_html() for regular text
- esc_attr() for input values
- esc_url() for links
- wp_kses_post() if allowing some HTML
If you forget this, it opens doors to XSS attacks.

2. Sanitize Input Before Saving

Before saving anything to the database — whether it’s from a form or a setting screen — I sanitize it.
$sanitized = sanitize_text_field( $_POST[‘your_field’] );
```
$sanitized = sanitize_text_field( $_POST['your_field'] );
```
Other useful sanitizers:
- sanitize_email()
- sanitize_textarea_field()
- absint()
- esc_url_raw()
Even if it “looks safe,” I sanitize it anyway.

3. Always Use Nonces for Forms & AJAX

A nonce protects your forms and AJAX requests from being abused by external scripts or bad actors.

For forms:
wp_nonce_field( ‘my_plugin_action’, ‘my_plugin_nonce’ );
```
wp_nonce_field( 'my_plugin_action', 'my_plugin_nonce' );
```
On submit:
if ( ! isset( $_POST[‘my_plugin_nonce’] ) || ! wp_verify_nonce( $_POST[‘my_plugin_nonce’], ‘my_plugin_action’ ) ) { return; // Invalid request }
```
if ( ! isset( $_POST['my_plugin_nonce'] ) || 
     ! wp_verify_nonce( $_POST['my_plugin_nonce'], 'my_plugin_action' ) ) {
    return; // Invalid request
}
```
For AJAX: Same logic applies — pass and verify a nonce.

4. Capability Checks Matter

Before saving data or doing anything admin-related, I make sure the current user has permission to do so.
if ( ! current_user_can( ‘manage_options’ ) ) { return; }
```
if ( ! current_user_can( 'manage_options' ) ) {
    return;
}
```
I don’t rely only on menu access. I protect everything behind capability checks too.

5. Never Trust $_POST or $_GET Blindly

I treat all global inputs ($_POST, $_GET, $_REQUEST, etc.) as untrusted by default.
Even if it’s a simple text field, I treat it with caution.

Trust your logic, not the input.

Final Thought

You don’t need to be a security expert to write secure plugins.
Just follow these simple habits every time, and you’ll avoid 90% of common issues.

It’s not about fear — it’s about respect.
For your users, their data, and the trust they place in your work.
May 26, 2025
Why I Don’t Chase Feature Creep Anymore
In my early plugin-building days, I used to think more features meant more value.

If a user requested something, I added it.
If another plugin had a setting I didn’t, I felt like I was behind.
If I saw a competitor with a dashboard full of toggles, I thought, maybe I need that too.

But over time and through maintaining real plugins used by thousands of people, I learned something the hard way:

More features don’t make your plugin better.
They make it heavier, harder to maintain, and harder to use.

Every feature sounds useful in isolation.
The problem is, they pile up.
And soon your clean, focused plugin becomes this bloated toolbox with too many switches, too many edge cases, and too many things that can break.

I’ve been there.

I’ve had support tickets that only existed because I added a “cool” setting that three people used and fifty others accidentally triggered.

I’ve had to debug things that I didn’t even need — all because I wanted to match a checklist I saw in someone else’s plugin.

So now, I take a different approach.

If someone requests a feature, I don’t say yes right away.
I sit with it.

I ask:
- Does this solve a problem for a large number of users?
- Is this aligned with the core purpose of the plugin?
- Will this feature still make sense six months from now?
- Can this be handled by another plugin, or with a snippet?
And most importantly:
Would I want to maintain this feature myself?

If the answer is no, it’s probably not worth adding.

These days, I focus on clarity, not quantity.
I’d rather have a plugin that does one thing really well than a plugin that does ten things halfway.

Because in the end, people don’t remember how many features you had.
They remember whether your plugin worked — and whether it made their life easier.

That’s the bar I want to meet now.
May 26, 2025
Dev Tip #2: How to Load Scripts Only on a Specific Admin Page
When building a plugin, loading your scripts and styles everywhere in the WordPress admin isn’t ideal.
It adds unnecessary bloat and slows things down.

Here’s how I load my JS or CSS files only on the plugin settings page (or any specific admin page).

The Snippet
add_action( ‘admin_enqueue_scripts’, function( $hook ) { if ( $hook !== ‘settings_page_my-plugin-slug’ ) { return; } wp_enqueue_script( ‘my-plugin-script’, plugin_dir_url( __FILE__ ) . ‘assets/admin.js’, [ ‘jquery’ ], ‘1.0’, true ); wp_enqueue_style( ‘my-plugin-style’, plugin_dir_url( __FILE__ ) . ‘assets/admin.css’, [], ‘1.0’ ); });
```
add_action( 'admin_enqueue_scripts', function( $hook ) {
    if ( $hook !== 'settings_page_my-plugin-slug' ) {
        return;
    }

    wp_enqueue_script(
        'my-plugin-script',
        plugin_dir_url( __FILE__ ) . 'assets/admin.js',
        [ 'jquery' ],
        '1.0',
        true
    );

    wp_enqueue_style(
        'my-plugin-style',
        plugin_dir_url( __FILE__ ) . 'assets/admin.css',
        [],
        '1.0'
    );
});
```
How It Works
- $hook is passed by WordPress to tell you what admin page is currently being loaded.
- settings_page_my-plugin-slug is the ID of your plugin settings page (you get this from the slug used in add_options_page() or add_menu_page()).
- If you return early, your scripts won’t load anywhere else.
Bonus Tip

You can error_log( $hook ); on any admin page to quickly find the correct page slug during development. Super handy.

Why This Matters

This keeps your plugin lightweight, improves performance, and avoids accidentally breaking unrelated parts of the admin area with your scripts.
May 23, 2025
The Best WordPress Advice I Ever Got
I’ve been working with WordPress for over a decade now.
I’ve built plugins, worked with agencies, shipped products, burned out, restarted, and kept going.

But looking back, there’s one piece of advice that stuck with me more than anything else.

It wasn’t from a blog post.
It wasn’t from a course or a conference talk.
It was something simple that a senior dev told me during my early days:

“If you’re building for WordPress, build like you’re part of WordPress.”

At the time, I didn’t fully get it.
I was busy trying to make things look custom, unique, “better” than WordPress core.
I wanted to change everything — custom UIs, new dashboard layouts, fancy JS behavior that ignored WordPress conventions.

But that advice started making more sense the longer I stuck around.

What they meant was:
If you’re building something for WordPress users, don’t fight the platform.
Blend into it. Use its patterns. Speak its design language.
Make your plugin feel like it belongs there.

Because users already know how WordPress works.
They don’t want to learn a new UI just to enable one feature.
They don’t want your plugin to break every time WordPress updates.
They want something that feels native — something they trust.

And that shifted how I build.

I started focusing more on:
- Clean, native UI using WordPress components
- Logical settings that match how WordPress core does things
- Avoiding unnecessary custom code when WordPress already solves it well
- Writing code that respects hooks, filters, roles, and capabilities
That one mindset saved me hours of future maintenance, made support easier, and helped users feel at home using my tools.

It also helped me enjoy building more — because I wasn’t reinventing the wheel. I was working with the system, not against it.

It sounds simple. But it’s easy to forget, especially when you’re trying to build something cool or different.

So if you’re working on a plugin, a theme, or even just a small tweak, remember this:

Don’t try to make WordPress look like your plugin.
Make your plugin feel like part of WordPress.

That’s the best advice I ever got — and I’m still following it today.
May 21, 2025
Dev Tip #1: How to Add a Custom Admin Notice in WordPress
Sometimes your plugin or theme needs to show a message in the WordPress admin area — maybe a success message after saving settings, or a warning if something is missing.

Here’s how I usually do it:
Keep it simple, clean, and native.

The Snippet
```
add_action( 'admin_notices', function() {
    if ( ! current_user_can( 'manage_options' ) ) {
        return;
    }

    echo '<div class="notice notice-success is-dismissible">';
    echo '<p>Your custom admin notice goes here.</p>';
    echo '</div>';
});
```
How It Works
- Hooks into admin_notices, which is used by WordPress to display messages at the top of admin screens.
- notice-success gives it a green success style. You can also use:
  - notice-error (red)
  - notice-warning (yellow)
  - notice-info (blue)
- is-dismissible makes it closable.
- Always wrap with a capability check like manage_options to avoid showing notices to users who don’t need to see them.
Bonus: Show it only on specific pages

You can limit where the notice appears like this:
```
if ( get_current_screen()->id === 'settings_page_my-plugin' ) {
    // show notice
}
```
I use this pattern in almost every plugin I write.
Clean admin messages go a long way in making your tools feel more polished and professional.
May 13, 2025
5 Things I Always Do Before Releasing a Plugin
I’ve released quite a few WordPress plugins now — some for fun, some for clients, and some that grew beyond what I expected. Over time, I’ve built a personal routine I follow before shipping anything live.

It’s not a checklist I copy-paste. It’s more of a rhythm — things I’ve learned to do to avoid headaches later, support questions, or just that awkward moment of realizing I forgot something basic after release.

Here are five things I always make sure I do before hitting publish.

1. I install it on a fresh site — like I’m the user

This is the biggest one.

I spin up a blank WordPress install and install the plugin from scratch. No dev tools, no pre-loaded test data, no shortcuts. Just like a user would.

Does it activate without errors?
Does it make sense out of the box?
Is anything confusing without me explaining it?

This one step has saved me from pushing broken versions more than once.

2. I ask: does it explain itself?

Most users don’t read documentation. So I try to make sure the plugin explains itself as much as possible once it’s activated.

That could be:
- A welcome notice with a link to settings
- A simple description on the settings screen
- Field labels that are clear, not clever
- Reasonable default options so it “just works”
If someone can’t figure out what to do in under 30 seconds, I go back and fix it.

3. I test uninstall and cleanup

This used to be an afterthought for me. Now it’s mandatory.

I deactivate and delete the plugin — and then I check:
Did it leave behind any junk?
Custom tables, options, transients?

I want my plugin to clean up after itself if the user removes it.
If they don’t want it anymore, it should respect that and disappear fully.

4. I check if I’d be proud to link to it

Before I submit the plugin to the repo or promote it anywhere, I stop and ask:
If someone landed on this, would I feel good linking them to it?

Is the readme clear?
Is the description honest?
Are the screenshots helpful?

If it feels rushed or half-baked, I pause and fix it first.

5. I remind myself it doesn’t have to be perfect

This one took me years to learn.

There’s always something more I could add — another setting, another tweak, another feature. But the longer I wait for “perfect,” the more likely I am to lose momentum.

Now I try to release a solid, simple version. Then improve it over time.

Because a working plugin in the hands of users is always better than a perfect one sitting on my desktop.

Every plugin teaches me something new, but these five habits have stayed with me.

They help me build with more care, release with more confidence, and support users better from day one.

If you’re building your first (or fiftieth) plugin, maybe this list will help you too.

And if you have your own “before launch” ritual, I’d love to hear it.
May 13, 2025
How I Decide What Plugin to Build Next

I’ve built quite a few WordPress plugins over the years. Some turned out great and are now active on thousands of sites. Others were quiet side projects that didn’t go very far. And some are still sitting half-finished in my dev folder.

Whenever I wrap up one plugin, I always end up asking myself the same question:

What should I build next?

There’s no perfect formula. But over time, I’ve found a few things that help me figure it out.

It usually starts with a small problem

Most of my plugin ideas come from something that annoys me while working on a site.
Maybe it’s a missing feature. Maybe something feels harder than it should be.
Or maybe I find myself doing the same thing again and again and thinking, “I wish this was easier.”

That’s often the spark.

Sometimes I also notice patterns — like when I see the same question pop up in support forums or multiple people asking for a similar solution. That’s usually a good sign that the problem is real.

I try to keep the idea small

I like plugins that do one thing really well.
Not big toolkits. Not feature-packed dashboards.
Just something simple and focused that solves a problem cleanly.

If I can explain what the plugin does in one short sentence, that’s usually a green light.

If I need to explain it in a paragraph, it probably needs more thought.

I ask myself: would I use this?

This one matters a lot to me.

Even if an idea sounds useful, I stop and ask:
Would I actually install this on my own site and use it regularly?

If I’m not excited to use it myself, I probably won’t enjoy building or maintaining it either.

I don’t care how “big” it is

Some of my smallest plugins have been the most popular.
One of them was just four lines of code — and it’s now used on over a thousand sites.

So I don’t worry if an idea seems too simple.
If it helps someone, it’s worth building.

I check if it really needs to be a plugin

Not every idea should become a plugin.
Sometimes it’s better as a blog post, or a tutorial, or just a code snippet.
I only build it as a plugin if it feels like something that truly belongs inside WordPress — something that improves how people use the admin or manage their site.

And finally… I go with what excites me

If I feel like opening my editor and starting right away — that’s the best sign.
If I’m forcing it or overthinking, I usually let the idea rest.

Because building is just one part. Maintaining the plugin, answering questions, and improving it takes energy too. So I only move forward if I feel a genuine pull toward the idea.

May 9, 2025
I Started a YouTube Channel — xwpankit
This year, I decided to try something new.

After years of writing plugins, blog posts, and building quietly, I’ve started a YouTube channel called xwpankit — focused entirely on WordPress.

It’s not about tutorials or polished course content (not yet, at least).
It’s about quick ideas. Things I’ve learned. Tips that might help you ship faster, write cleaner code, or just feel more at home in the WordPress ecosystem.

I’m starting with Shorts — fast, useful, no-fluff videos you can watch in under 60 seconds.

Things like:
- Plugin dev tips I wish I knew earlier
- Core features people overlook
- UI/UX ideas I’ve picked up
- Behind-the-scenes of building tools used on 30,000+ sites
Eventually, I’ll add longer videos too — maybe tutorials, maybe just thoughts from the road.
But for now, I’m keeping it light, consistent, and real.

If you’re into WordPress, building products, or just curious how I work — subscribe here.

It’s a new way for me to share what I’ve always loved about WordPress:
That it’s not just a CMS — it’s a canvas.

Let’s see where this goes.
May 4, 2025