README

WordPress-specific coding standards building upon WPTechnix base standards for modern, secure, and performant code.

About

This is a coding standard for PHP_CodeSniffer designed specifically for WordPress development. It extends the base WPTechnix Coding Standards, which already enforces strict types, immutability, and PSR-12 compliance, and incorporates rules from the official WordPress Coding Standards.

This ruleset is designed to help you write modern, secure, and high-quality WordPress code, with a focus on:

WordPress Best Practices:

• Enforces the use of WordPress functions and APIs over native PHP.
• Checks for proper use of text domains for internationalization (i18n).
• Discourages the use of deprecated WordPress functions, classes, and parameters.
• Verifies correct prefixing and naming conventions for classes and functions.
• Ensures proper enqueueing of scripts and styles.

Security:

• Requires nonce verification for form and URL processing.
• Enforces proper data validation and sanitization of all inputs.
• Mandates output escaping to prevent XSS vulnerabilities.
• Flags the use of insecure and discouraged PHP and WordPress functions.

Database:

• Discourages direct database queries, promoting the use of WordPress database APIs.
• Enforces the use of prepared statements to prevent SQL injection attacks.
• Identifies potentially slow and inefficient database queries.

Code Quality & Analysis:

• Flags the use of development functions (var_dump, error_log, etc.).
• Prevents modification of global variables.
• Enforces strict type checking (e.g., in in_array).

Installation

Install this package as a development dependency using Composer.

composer require --dev wptechnix/wordpress-coding-standards

Optional: Automatic Installation with Dealerdirect

For automatic registration with PHP_CodeSniffer, you can optionally install dealerdirect/phpcodesniffer-composer-installer:

composer require --dev dealerdirect/phpcodesniffer-composer-installer

This plugin will:

• Automatically register the standard with PHP_CodeSniffer upon Composer install.
• Eliminate the need for manual path configuration.
• Make the standard immediately available for use in your phpcs.xml configuration.

Note: This is optional. If you prefer manual configuration or have a custom PHP_CodeSniffer setup, you can skip this step and configure the path manually in your phpcs.xml file.

Usage

To use this coding standard, add <rule ref="WPTechnixWordPress"/> to your phpcs.xml configuration.

Here is an example phpcs.xml.dist file that you can place in the root of your repository:

<?xml version="1.0"?>
<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="vendor/squizlabs/php_codesniffer/phpcs.xsd">

    <arg name="extensions" value="php"/>
    <arg name="colors"/>
    <arg value="sp"/>

    <file>./src</file>
    <file>./tests</file>

    <rule ref="WPTechnixWordPress"/>

</ruleset>

Then, run PHP_CodeSniffer:

./vendor/bin/phpcs

To automatically fix violations:

./vendor/bin/phpcbf

Contributing

Contributions are welcome! To contribute, please familiarize yourself with the project's CONTRIBUTING.md.

Copyright and License

The wptechnix/wordpress-coding-standards library is copyright © WPTechnix and licensed for use under the terms of the MIT License (MIT). Please see LICENSE for more information.