Skip to content

iwritec0de/wp-dev

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.claude-plugin
.claude-plugin
 
 
agents
agents
 
 
commands
commands
 
 
hooks
hooks
 
 
scripts
scripts
 
 
skills
skills
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

WordPress Dev

WordPress development plugin for Claude Code — enforces WPCS, blocks insecure code patterns, provides WP/WooCommerce development guidance, and connects to live WordPress sites via MCP.

Quick Start

Add to your project's .claude/settings.json:

{
  "permissions": {
    "plugins": {
      "wp-dev": true
    }
  }
}

Workflows

New Plugin Development

/wp-scaffold plugin my-plugin       # 1. Generate plugin boilerplate (WPCS + security)
                                     #    Hooks auto-enforce standards on every edit
  ↓
Write plugin code                    # 2. pre-edit: secret scanning
                                     #    post-edit: WPCS + ESLint + Prettier
  ↓
/wp-test                             # 3. Run PHPUnit / Jest tests
/wp-security-audit                   # 4. Full security scan (12 categories)
/wp-perf-audit                       # 5. Static performance analysis
  ↓
Session end                          # 6. on-stop: full WPCS + tests + PHPDoc check

New Theme Development

/wp-scaffold theme my-theme          # 1. Generate theme boilerplate
/wp-gutenberg-layout landing page    # 2. Visual page prototyping with blocks
                                     #    (discovers available blocks via MCP)
  ↓
Write templates                      # 3. Hooks enforce standards
/wp-test                             # 4. Run tests

Gutenberg Block Development

/wp-scaffold block my-block          # 1. block.json + edit.js + save.js + render.php
/wp-gutenberg-layout                 # 2. Discover core blocks, compose layouts
/wp-test js                          # 3. Run Jest / wp-scripts tests

WooCommerce Development

/wp-scaffold woo-product-tab         # 1. Product data tab boilerplate
                                     #    (woocommerce skill: CRUD, hooks, HPOS)
/wp-security-audit                   # 2. Security scan (includes HPOS checks)
/wp-perf-audit                       # 3. Performance scan (WooCommerce-aware)

Security Workflow

Automatic:
  pre-edit hook  → secret scanning (JWT, PEM, credentials)
  post-edit hook → WPCS checks on changed files

Manual:
  /wp-security-audit                 # Full 12-category audit via agent
                                     # CRITICAL → WARNING → INFO severity
                                     # Fix by severity (CRITICAL first)

Performance Workflow

/wp-perf-audit                       # Static analysis (no site needed)
                                     # Unbounded queries, N+1, autoload bloat
  ↓
/wp-perf                             # Live diagnostics (requires MCP connection)
                                     # Real query counts, slowest queries, hook timing
  ↓
Fix findings                         # wordpress-performance + wordpress-database skills

Debugging

The wp-debugging skill activates automatically for WordPress errors:

1. Enable WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG
2. Read debug.log for error details
3. Systematic 4-phase process:
   Root cause → Pattern analysis → Hypothesis → Fix
4. Tools: error_log(), WP-CLI, Query Monitor, Xdebug
5. 3-strike rule: if 3 fixes fail, question the architecture

Hook Reference

/wp-hooks-ref save_post              # Look up specific hook
/wp-hooks-ref woocommerce_checkout   # Search by prefix
/wp-hooks-ref auth                   # Search by topic

Skills (14)

Core WordPress

Skill Purpose
wordpress-engineer Full WP development: themes, plugins, security, performance, hooks, WP-CLI
wordpress-patterns CPT, taxonomies, meta boxes, REST API, Settings API, cron, transients, AJAX
wordpress-standards Naming conventions, file organization, coding style, PHP 7.4+, PHPDoc
wordpress-security Output escaping, input sanitization, nonces, capabilities, SQL safety
wp-hooks Hook documentation, scanning, parameter extraction
wordpress-database $wpdb, custom tables, schema versioning, WP_Query, meta queries, caching
wordpress-performance Query optimization, caching strategies, hook profiling, autoload management
wordpress-i18n Translation functions, text domains, JS translations, RTL support

WooCommerce

Skill Purpose
woocommerce CRUD objects, hooks, product data, checkout, payment gateways, shipping, HPOS

Gutenberg

Skill Purpose
gutenberg-layout Block discovery, layout generation, responsive design, block composition

Quality

Skill Purpose
wp-testing PHPUnit + WordPress test suite patterns, factories, REST testing, WooCommerce
wp-debugging Systematic debugging: WSOD, plugin conflicts, REST API, WP_DEBUG, Query Monitor
php-cleanup Dead PHP code, unused Composer deps, unused imports — composer-unused, Psalm, PHP-CS-Fixer
verification Evidence-based completion gate: phpunit, phpcs, php -l, wp eval

Commands (8)

Command Purpose
/wp-scaffold Generate plugin, theme, block, CPT, REST, widget, shortcode, WooCommerce boilerplate
/wp-hooks-ref Quick hook reference lookup by name, prefix, or topic
/wp-security-audit Comprehensive 12-category security scan via agent
/wp-perf-audit Static performance analysis via agent
/wp-perf Live performance diagnostics via MCP adapter
/wp-test Run PHPUnit, Jest, or wp-scripts tests (auto-detect)
/wp-gutenberg-layout Generate Gutenberg page layouts with visual prototyping
/wp-cleanup Dead PHP code / unused Composer dep / unused import cleanup (scan, fix, deps, imports, unused-code, config, init)

Agents (4)

Agent Model Purpose
wp-theme-developer sonnet Theme development: block/classic/hybrid, template hierarchy, FSE, child themes
wp-gutenberg-block-developer sonnet Custom blocks: block.json, edit/save, variations, Interactivity API, dynamic blocks
wp-security-auditor sonnet Security audits: escaping, sanitization, nonces, SQL, capabilities, HPOS
wp-perf-analyzer sonnet Performance: unbounded queries, N+1, hook weight, autoload, caching

Hooks & Quality Gates

Pre-Edit (every file edit)

  • Python secret scanning: JWT tokens, PEM keys, hardcoded credentials
  • File protection checks

Post-Edit (after file changes)

  • WPCS formatting and analysis
  • ESLint + auto-fix for JS/TS files
  • Prettier for code formatting
  • TypeScript type checking (tsc --noEmit)

On-Stop (session end)

  • PHP syntax validation (php -l)
  • Full WPCS check
  • PHPUnit test run
  • PHPDoc completeness verification
  • JavaScript quality gates

MCP Server

Connects directly to a WordPress installation for live site interaction.

Capabilities

  • Manage posts, pages, and custom post types
  • Read and update site options/settings
  • Interact with users and roles
  • Access plugin and theme data
  • Execute WP-CLI commands on the connected site
  • Pull live site structure for development reference

Setup

  1. In your WordPress admin, go to Users > Profile > Application Passwords and create a new application password

  2. Set the environment variables:

    export WP_SITE_URL="https://your-site.com"
export WP_USERNAME="admin"
export WP_APPLICATION_PASSWORD="xxxx xxxx xxxx xxxx xxxx xxxx"

  3. Verify with /mcp — the WordPress server should appear with available tools

Security

  • Never commit application passwords to version control
  • Use environment variables or a .env file (gitignored)
  • Create a dedicated WordPress user with minimal required capabilities
  • Consider using a read-only role for production sites

License

MIT

About

WordPress development plugin for Claude Code

Topics

claude claude-code claude-code-plugin claude-skills

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages