If you are a developer then definitely you are looking to improve your coding standards. Each programming language and its CMS/Framework has set up its own standards for coding. In this article, we study how to improve WordPress coding standards.
We have written an article on improving PHP coding standards. You should first check this article before proceeding with coding standards for WordPress development.
Mistakes We Are Doing During WordPress Programming
Every development work has different solutions. Probably each developer implements different way/logic for giving the same output. It’s natural in the world of programming.
For instance, let’s say we have added nonce in our sign-up form to avoid CSRF attacks.
<form method="post">
<?php wp_nonce_field( 'signup_nonce', 'signup_form_nonce' ); ?>
</form>While submitting a form we have to verify whether the nonce is correct or not. Normally, a developer who does not know about the coding standards does it in the following way.
<?php
if ( ! isset( $_POST['signup_form_nonce'] ) || ! wp_verify_nonce( $_POST['signup_form_nonce'], 'signup_nonce' ) ) {
print 'Sorry, your nonce did not verify.';
exit;
} else {
// process form data
}
?>There is nothing wrong with the above code. But, it’s not good practice. While retrieving text-field values we should use sanitize_text_field() and wp_unslash() functions on the input field values.
sanitize_text_field method does the following process in the background.
- Checks for invalid UTF-8
- Converts single < characters to entity
- Strips all tags
- Remove line breaks, tabs, and extra white space
- Strip octets
wp_unsplash method remove slashes from a string or array of strings.
Having said that, our previous code should be like below.
<?php
if ( ! isset( $_POST['signup_form_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['signup_form_nonce'] ) ), 'signup_nonce' ) ) {
print 'Sorry, your nonce did not verify.';
exit;
} else {
// process form data
}
?>This is one example. There are several other mistakes we are doing in our WordPress programming.
Install WordPress Coding Standards Library
This library will help us to improve our coding standards in WordPress development and establish us as better WordPress developers.
To install this library open your command prompt in the root directory of a project and run the below command.
composer create-project wp-coding-standards/wpcs --no-dev
Note: You should have a Composer installed in your system to run the above command.
After running the command, it will create a folder called ‘wpcs’ in your root directory of a project.
We are assuming you have read our improving the PHP coding standards article and you have installed the PHP_CodeSniffer library inside the ‘php_codesniffer’ folder in the project root directory.
Next, we need to register WordPress standards in the PHP_CodeSniffer configuration. Open the command prompt under ‘php_codesniffer/vendor/bin’ and run the command below.
phpcs --config-set installed_paths /path/to/wpcs
Replace ‘/path/to/wpcs’ with your path. In our case, on Windows platform, we write the command as follows.
phpcs --config-set installed_paths D:\wamp\www\wp1\wpcs
Let’s Find Out Our Mistakes And Improve WordPress Coding Standards
We have set with our library. Now, it’s time to find our mistakes and avoid it next time.
Let’s say we have created a plugin ‘test-plugin’ and we have to validate a file called ‘core.php’.
Open the command prompt under the directory ‘wpcs/vendor/bin’ and run the below command.
phpcs --standard=WordPress D:\wamp\www\wp1\wp-content\plugins\test-plugin\core.php
After running the command, you will prompt with the errors and warnings. All these errors and warnings show that we have not followed the standard coding practices for WordPress development.
A good part is that we get a detailed report about the line numbers and how to correct that specific error. We just need to look into the guidelines and correct the errors one by one.
phpcbf command can also correct some minor errors like indentation, spaces, etc.
phpcbf --standard=WordPress D:\wamp\www\wp1\wp-content\plugins\test-plugin\core.php
We hope you understand how to use the WordPress coding standards library to improve the WordPress coding standards. If you have any questions or suggestions please leave a comment below.
If you liked this article, then please subscribe to our YouTube Channel for video tutorials.
