WordPress-specific coding standards building upon WPTechnix base standards for modern, secure, and performant code.
This is a coding standard for PHP_CodeSniffer designed specifically for WordPress development. It extends the base WPTechnix Coding Standards, which already enforces strict types, immutability, and PSR-12 compliance, and incorporates rules from the official WordPress Coding Standards.
This ruleset is designed to help you write modern, secure, and high-quality WordPress code, with a focus on:
WordPress Best Practices:
- Enforces the use of WordPress functions and APIs over native PHP.
- Checks for proper use of text domains for internationalization (i18n).
- Discourages the use of deprecated WordPress functions, classes, and parameters.
- Verifies correct prefixing and naming conventions for classes and functions.
- Ensures proper enqueueing of scripts and styles.
Security:
- Requires nonce verification for form and URL processing.
- Enforces proper data validation and sanitization of all inputs.
- Mandates output escaping to prevent XSS vulnerabilities.
- Flags the use of insecure and discouraged PHP and WordPress functions.
Database:
- Discourages direct database queries, promoting the use of WordPress database APIs.
- Enforces the use of prepared statements to prevent SQL injection attacks.
- Identifies potentially slow and inefficient database queries.
Code Quality & Analysis:
- Flags the use of development functions (
var_dump,error_log, etc.). - Prevents modification of global variables.
- Enforces strict type checking (e.g., in
in_array).
Install this package as a development dependency using Composer.
composer require --dev wptechnix/wordpress-coding-standardsFor automatic registration with PHP_CodeSniffer, you can optionally install dealerdirect/phpcodesniffer-composer-installer:
composer require --dev dealerdirect/phpcodesniffer-composer-installerThis plugin will:
- Automatically register the standard with PHP_CodeSniffer upon Composer install.
- Eliminate the need for manual path configuration.
- Make the standard immediately available for use in your
phpcs.xmlconfiguration.
Note: This is optional. If you prefer manual configuration or have a custom PHP_CodeSniffer setup, you can skip this step and configure the path manually in your phpcs.xml file.
To use this coding standard, add <rule ref="WPTechnixWordPress"/> to your phpcs.xml configuration.
Here is an example phpcs.xml.dist file that you can place in the root of your repository:
<?xml version="1.0"?>
<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="vendor/squizlabs/php_codesniffer/phpcs.xsd">
<arg name="extensions" value="php"/>
<arg name="colors"/>
<arg value="sp"/>
<file>./src</file>
<file>./tests</file>
<rule ref="WPTechnixWordPress"/>
</ruleset>Then, run PHP_CodeSniffer:
./vendor/bin/phpcsTo automatically fix violations:
./vendor/bin/phpcbfContributions are welcome! To contribute, please familiarize yourself with the project's CONTRIBUTING.md.
The wptechnix/wordpress-coding-standards library is copyright © WPTechnix and licensed for use under the terms of the MIT License (MIT). Please see LICENSE for more information.
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}