Professional WordPress skills for Claude Code and Codex, built for code review, fast triage, and modern WordPress development workflows across performance, security, plugins, blocks, themes, WooCommerce, REST APIs, admin UI, migrations, accessibility, testing, WP-CLI operations, Playground, and PHPStan.
- Structured review workflows for real WordPress codebases
- Quick triage commands for fast audits before deeper review
- Specialized guidance for Gutenberg, block themes, and WooCommerce
- Cross-skill handoffs when a finding belongs in another domain
- Line-numbered, severity-based review output with fix guidance
- Parallel skill wrappers for both Claude and Codex
claude-skills/ # Claude-oriented skill pack with shared reference docs
codex-skills/ # Codex-oriented skill wrappers for the same fourteen domains
commands/ # Claude slash commands
public/ # README assets
docs/ # GitHub Pages single-page site
The Codex skills reuse the domain references stored under claude-skills/ so the review heuristics stay aligned without duplicating the whole reference library.
The project also includes a deployable GitHub Pages site in docs/.
Run the repository validator before opening a PR or after adding skills, commands, or docs:
python3 scripts/validate_repo.py✅ Available now · 🚧 In progress
| Skill | Focus | Status |
|---|---|---|
| wp-performance-review | Performance bottlenecks, query patterns, caching, cron, asset loading | ✅ |
| wp-security-review | XSS, SQL injection, CSRF, auth checks, file upload risks | ✅ |
| wp-plugin-development | Plugin structure, lifecycle hooks, Settings API, i18n, WordPress.org standards | ✅ |
| wp-block-development | block.json, React/JSX editor patterns, render callbacks, Interactivity API |
✅ |
| wp-theme-development | theme.json, templates, template parts, style variations, FSE patterns |
✅ |
| wp-woocommerce-dev | HPOS, CRUD APIs, payment gateway patterns, cart fragments, template overrides | ✅ |
| wp-rest-api-development | Custom REST routes, permission callbacks, schema design, request validation, response shape | ✅ |
| wp-admin-ui-development | Settings pages, admin menus, notices, screen targeting, admin form flows | ✅ |
| wp-migration-upgrade-review | Versioned upgrades, dbDelta(), backfills, rollout safety, schema changes |
✅ |
| wp-accessibility-review | Semantic markup, keyboard access, focus behavior, labels, ARIA, accessible interactions | ✅ |
| wp-test-strategy | Unit vs integration vs E2E coverage, test planning, regression risk, WordPress test gaps | ✅ |
| wp-wpcli-and-ops | WP-CLI workflows, multisite operations, search-replace safety, automation, and deployment checks | 🚧 |
| wp-playground-development | WordPress Playground blueprints, reproducible demos, zero-setup bug repros, and embed patterns | 🚧 |
| wp-phpstan-review | PHPStan for WordPress projects, baseline strategy, CI integration, and practical static-analysis review | 🚧 |
Choose the install path for the agent you want to use.
- Use Option 1 if you want the skills available inside one project for yourself or your team
- Use Option 2 if you want the skills available across your machine
- Use Option 3 if you only want one Claude skill and are fine updating it manually
Best for shared projects, client work, and teams.
# In your project root
git submodule add https://github.com/jorgerosal/wordpress-skills.git .claude/plugins/wordpress
git commit -m "Add WordPress Claude skills"To update later:
git submodule update --remote .claude/plugins/wordpress
git add .claude/plugins/wordpress
git commit -m "Update WordPress Claude skills"Best for solo usage across multiple projects.
git clone https://github.com/jorgerosal/wordpress-skills.git ~/.claude/plugins/wordpressTo update later:
cd ~/.claude/plugins/wordpress
git pullBest if you only want a single skill and do not need the full pack.
# Copy just the performance review skill
cp -r claude-skills/wp-performance-review ~/.claude/skills/If you use this option, updates are manual. Re-copy the skill when the source changes.
After installing:
- Restart Claude Code if needed
- Open a WordPress project
- Run a command such as:
/wp-perf-reviewInstall the parallel Codex wrappers if you want the same WordPress domains available as Codex skills.
mkdir -p ~/.codex/skills
cp -r codex-skills/* ~/.codex/skills/
cp -r claude-skills ~/.codex/claude-skillsmkdir -p ~/.codex/skills
cp -r codex-skills/wp-performance-review ~/.codex/skills/
mkdir -p ~/.codex/claude-skills/wp-performance-review
cp -r claude-skills/wp-performance-review/references ~/.codex/claude-skills/wp-performance-review/If your Codex setup uses a custom CODEX_HOME, copy the wrappers into $CODEX_HOME/skills/ and the shared reference tree into $CODEX_HOME/claude-skills/.
Open a WordPress project in Codex and invoke the skill naturally, for example:
Review this plugin for performance issues
Claude skills include a full review command and a faster triage command.
| Command | Use Case |
|---|---|
/wp-perf-review [path] |
Full performance review with grouped findings and fix guidance |
/wp-perf [path] |
Fast performance scan for critical patterns |
/wp-sec-review [path] |
Full security review for exploitable patterns |
/wp-sec [path] |
Fast security scan for common high-risk issues |
/wp-plugin-review [path] |
Full plugin architecture and standards review |
/wp-plugin [path] |
Fast plugin structure and standards scan |
/wp-block-review [path] |
Full Gutenberg block review across PHP and JS/JSX |
/wp-block [path] |
Fast block API and block.json scan |
/wp-theme-review [path] |
Full block or classic theme review |
/wp-theme [path] |
Fast theme structure and FSE scan |
/wp-woo-review [path] |
Full WooCommerce extension review |
/wp-woo [path] |
Fast WooCommerce compatibility and risk scan |
/wp-rest-review [path] |
Full REST API review for routes, auth, validation, and response design |
/wp-rest [path] |
Fast REST API scan for route and permission issues |
/wp-admin-review [path] |
Full admin UI review for settings screens, menus, notices, and admin UX |
/wp-admin [path] |
Fast admin UI scan for menus, settings flow, and admin asset loading |
/wp-migration-review [path] |
Full migration and upgrade review for versioned updates, schema changes, and backfills |
/wp-migration [path] |
Fast migration scan for risky upgrade patterns |
/wp-a11y-review [path] |
Full accessibility review for themes, blocks, plugins, and admin interfaces |
/wp-a11y [path] |
Fast accessibility scan for semantic, keyboard, focus, and ARIA issues |
/wp-test-review [path] |
Full test strategy review with prioritized unit, integration, and E2E recommendations |
/wp-test [path] |
Fast testing scan for existing coverage and likely test gaps |
/wp-ops-review [path] |
Full WP-CLI and operations review for custom commands, multisite scope, and maintenance workflows |
/wp-ops [path] |
Fast WP-CLI and operational risk scan |
/wp-playground-review [path] |
Full Playground review for Blueprints, repro environments, and embed flows |
/wp-playground [path] |
Fast Playground scan for Blueprint and repro issues |
/wp-phpstan-review [path] |
Full PHPStan review for config, baselines, CI wiring, and WordPress-specific analysis setup |
/wp-phpstan [path] |
Fast PHPStan scan for config and static-analysis issues |
# Review the current project for performance issues
/wp-perf-review
# Run a fast security scan on a plugin
/wp-sec wp-content/plugins/my-plugin
# Review a custom block package
/wp-block-review wp-content/plugins/my-blocks
# Review a block theme
/wp-theme-review wp-content/themes/my-theme
# Check a WooCommerce extension before release
/wp-woo-review wp-content/plugins/my-woo-extension
# Review custom REST API endpoints
/wp-rest-review wp-content/plugins/my-api-plugin
# Plan tests for a risky plugin change
/wp-test-review wp-content/plugins/my-plugin
# Review custom WP-CLI operations and runbooks
/wp-ops-review wp-content/plugins/my-plugin
# Review a WordPress Playground Blueprint or demo setup
/wp-playground-review docs/playground
# Review PHPStan setup for a plugin or theme
/wp-phpstan-review .When installed from the marketplace, commands are namespaced:
/wordpress-skills:wp-perf-review [path]
/wordpress-skills:wp-perf [path]You can also invoke the skills without slash commands or explicit command files. Ask naturally, for example:
Review this plugin for performance issues
Audit this theme for security problems
Help me debug this block.json setup
Check this WooCommerce extension for HPOS issues
Review this theme before launch
Find slow queries in this plugin
Review these custom REST routes
Check this plugin settings page
Audit this release migration before deploy
Review this WP-CLI command for operational risk
Check this Blueprint for a reliable Playground repro
Audit this phpstan.neon for WordPress plugin analysis
Review this theme for accessibility issues
What tests should I add for this change?
Claude or Codex will match the request to the most relevant skill and follow that review workflow.
| Skill | Common Triggers |
|---|---|
wp-performance-review |
"performance review", "slow WordPress", "slow queries", "high-traffic", "timeout", "out of memory" |
wp-security-review |
"security audit", "XSS", "SQL injection", "CSRF", "nonce verification", "capability check" |
wp-plugin-development |
"plugin review", "plugin architecture", "activation hook", "Settings API", "Plugin Check" |
wp-block-development |
"block review", "Gutenberg", "block.json", "InnerBlocks", "Interactivity API", "dynamic block" |
wp-theme-development |
"theme review", "block theme", "theme.json", "FSE", "template parts", "style variations" |
wp-woocommerce-dev |
"WooCommerce review", "HPOS", "payment gateway", "cart fragments", "Action Scheduler" |
wp-rest-api-development |
"REST API review", "register_rest_route", "permission_callback", "REST endpoint", "API schema" |
wp-admin-ui-development |
"admin UI", "settings page", "admin screen", "admin menu", "admin notice" |
wp-migration-upgrade-review |
"migration review", "upgrade routine", "dbDelta", "schema change", "backfill" |
wp-accessibility-review |
"accessibility review", "a11y", "keyboard navigation", "focus management", "semantic HTML" |
wp-test-strategy |
"test strategy", "PHPUnit", "integration tests", "Playwright", "coverage" |
All eleven skills produce structured findings with severity labels (Critical, Warning, Info), file references, and concrete recommendations.
- Database query anti-patterns
- Expensive hooks and page-load writes
- Object cache and transient usage
- AJAX, HTTP, and polling bottlenecks
- Template-level N+1 patterns
- Asset loading and cron issues
- XSS and output escaping issues
- SQL injection risks
- CSRF and nonce validation gaps
- Capability and authorization mistakes
- File upload handling risks
- Dangerous functions and sensitive data exposure
- Plugin headers and structure
- Activation, deactivation, and uninstall flows
- CPT and taxonomy registration
- Settings API usage
- Hook design and priority issues
- Internationalization and WordPress.org readiness
block.jsonschema validationeditandsavefunction patterns- Render callbacks and dynamic blocks
- Attribute handling and deprecations
- Interactivity API usage
- Build setup and source/build review
theme.jsonvalidation- Template hierarchy and required files
- Template parts and block markup
- Global styles and spacing systems
- Style variations and patterns
- Classic-to-block migration guidance
- HPOS compatibility
- WooCommerce CRUD usage
- Payment gateway safety patterns
- Cart fragments and performance concerns
- Action Scheduler usage
- Template override quality and hook preservation
- Route registration and namespace design
permission_callbackquality- Request arg validation and sanitization
- Response shape and status codes
- Controller patterns and versioning
- Settings pages and admin menus
- Capability-aware screen access
- Admin notices and save feedback
- Screen-specific asset loading
- Settings API and admin UX structure
- Versioned upgrade routines
- Schema changes and
dbDelta() - Data backfills and batching
- Upgrade safety and idempotency
- Rollout and rollback risk
- Semantic HTML and structure
- Keyboard interaction support
- Focus management
- Form labels and error messaging
- Accessible interactive patterns in themes, blocks, and admin UI
- Unit vs integration vs E2E test selection
- Risk-based coverage planning
- Existing test discovery and gap analysis
- Regression planning for WordPress features
- Coverage guidance for REST, blocks, admin UI, themes, and WooCommerce
- Claude Code or Codex
- A local or project-based skill installation
No additional dependencies are required beyond your agent setup.
Contributions are welcome. See CONTRIBUTING.md for setup, structure, and submission guidance.
Common contribution paths:
- Improve or modernize existing guidance
- Add missing edge cases and anti-patterns
- Expand examples and reference docs
- Propose or implement new WordPress skills
MIT License. See LICENSE for details.
See CHANGELOG.md for release history.
These skills reflect practical WordPress engineering patterns and tradeoffs. They are not affiliated with or endorsed by Claude, Codex, WordPress, WooCommerce, or any hosting platform.