There are cases in which a plugin or theme needs to create a php file somewhere that can later include it. For example a captcha plugin, or some kind of a templating system like twig/smarty (In my situation it’s simple template engine for a collection of widgets).
Where should be this file created?
The only place I can think of is wp-content/uploads/, but that just doesn’t sound right 🙂
So is there a safe place where you can create files, and not worry about them being deleted on WordPress/plugin/theme update ?
One solution could be to create a child theme / directory in the themes / plugins directory…
The appropriate place IMHO would be a custom folder that you create inside the wp-content directory Read this before creating files: http://ottopress.com/2011/tutorial-using-the-wp_filesystem/
While working on a WordPress plugin, I stumbled across your question. I also first thought about creating temporary files to cache some data my plugin was creating. However, giving it a bit more thinking, this approach seems odd to me as you don’t want to have temporary data lying around on one server if you are trying to scale it using a cluster of servers.
So I searched again and it seems to valid solution for such problems is the WordPress Transients API allowing you to store data in the database with an expiration date. Of course your problem could still require locally cached files, e.g. if they are too large for the database, but at least I suggest to take a look at this option, too 🙂
You cannot rely on write access in the plugin or theme directory, so wp_upload_dir() is the only possible directory.
But I really doubt that there is a need to store the information in a new file. If the template is created by the user, store it in an option an parse the content with your regular plugin functions (for example by replacing placeholders with
strtr()).I can only think of a few good reasons a plugin would need to create a file. One is to back up complicated options that the user can export and download to move to a new site. The other is a sitemap plugin.
If your plugin has template files that the user can customize you should give the user the option to move the customized file to the current theme directory so when your plugin updates they won’t be overwritten. You can try to load the files from the theme directory first then fall back to your plugin directory.
Gravity Forms stores form uploaded files in its own folder inside of uploads. W3 Total Cache uses wp-content, login redirect uses the method I described above.
If you must create files (such as temporary files for a CAPTCHA Plugin), you should definitely use
wp-contentuploads(or a custom directory such aswp-contentplugin-slug-files).Most other custom code should really be stored in the Database.
I always suggest a PSR-0 compatible autoloader and a library folder that just works.
Some WP users might shoot you then but perhaps you’re not focused on these users, so this can be an option. Especially if you get more and more vendor specific libs.