I got a call from a client. Their new junior dev was trying to use a custom function I’d built to update post meta, but it just wasn’t working. No errors, nothing in the logs. Just… silence. He was tearing his hair out, convinced he’d broken the site. The actual problem was a classic case of mismatched expectations with WordPress type safety.
He was passing an entire post object to my function, but the function was expecting a simple integer—the post ID. My code was written “defensively,” so instead of blowing up, it just quietly bailed. This is a common pattern in WordPress, but it can be a total nightmare to debug.
The Trap of “Defensive” Programming
Because WordPress has to maintain backward compatibility with ancient versions of PHP, we can’t always use modern typed properties like function update_meta(int $post_id, string $meta_value). Instead, we often rely on docblocks and manual checks inside the function. My first pass at the function looked something like this. Sound familiar?
/**
* Update post meta for a given post.
*
* @param int $post_id The ID of the post.
* @param string $key The meta key.
* @param mixed $value The meta value.
*/
function my_safe_update_meta( $post_id, $key, $value ) {
if ( ! is_int( $post_id ) ) {
return; // It's not an integer, so just stop.
}
// ... rest of the update logic
update_post_meta( $post_id, $key, $value );
}My first thought was, “This is good. It prevents fatal errors.” And yeah, it did. But what it created instead was a silent failure. The code just stopped, offering zero feedback to the developer who used it incorrectly. Here’s the kicker: this “safe” approach cost my client hours of debugging time. That’s not safe; it’s expensive.
A Better Way: Fail Loudly
For internal agency projects or client sites where you control the environment, you should favor strictness over silent flexibility. Your colleagues (and your future self) will thank you for it. Instead of just returning, we should make some noise. This approach is talked about in a great post over at carlalexander.ca, which is worth a read.
A better way to write that function is to tell the developer they’re doing it wrong. Immediately.
/**
* Update post meta for a given post.
*
* @param int $post_id The ID of the post.
* @param string $key The meta key.
* @param mixed $value The meta value.
*/
function my_strict_update_meta( $post_id, $key, $value ) {
if ( ! is_int( $post_id ) ) {
_doing_it_wrong(
__FUNCTION__,
'Post ID must be an integer.',
'1.0.0'
);
return;
}
// ... rest of the update logic
update_post_meta( $post_id, $key, $value );
}By using _doing_it_wrong(), we now create a helpful notice for the developer. If they have debugging enabled, they see an immediate, actionable message explaining exactly what needs to be fixed. No more guessing. No more silent failures.
So, What’s the Point?
The right way to handle WordPress type safety depends entirely on who you’re writing the code for.
- Public Plugin/Theme: If your code is going out to the world, you have to be more defensive and flexible. You can’t control the environment, and a fatal error could take down someone’s site. The silent-but-safe approach is often the lesser of two evils here.
- Client Work / Internal Projects: If you’re in a controlled environment, be strict. Fail loudly and provide clear feedback. It forces better coding practices and dramatically cuts down on debugging time. Trust me on this.
Look, this stuff gets complicated fast. If you’re tired of debugging someone else’s mess and just want your site to work, drop my team a line. We’ve probably seen it before.
Leave a Reply