A Guide On How To Improve WordPress Coding Standards

If you are a developer then definitely you are looking for to improve your coding standards. Each programming language and their CMS/Frameworks has set up their own standards for coding. In this article, we study how to improve WordPress coding standards.

We have written an article on improving PHP coding standards. You should first check this article before proceeding for coding standards for WordPress development.

Mistakes We Are Doing During WordPress Programming

Every development work has different solutions. Probably each developer implements different way/logic for giving the same output. It’s natural in the world of programming.

For instance, let’s say we have added nonce in our sign-up form to avoid CSRF attacks.

<form method="post">
<?php wp_nonce_field( 'signup_nonce', 'signup_form_nonce' ); ?>
</form>

While submitting a form we have to verify whether nonce is correct or not. Normally, a developer who does not know about the coding standards do it in following way.

<?php
if ( ! isset( $_POST['signup_form_nonce'] ) || ! wp_verify_nonce( $_POST['signup_form_nonce'], 'signup_nonce' ) ) {

   print 'Sorry, your nonce did not verify.';
   exit;

} else {

   // process form data
}
?>

There is nothing wrong in the above code. But, it’s not a good practice. While retrieving text-field values we should use sanitize_text_field() and wp_unslash() functions on the input field values.

sanitize_text_field method does the following process in the background.

  • Checks for invalid UTF-8
  • Converts single < characters to entity
  • Strips all tags
  • Remove line breaks, tabs and extra white space
  • Strip octets

wp_unsplash method remove slashes from a string or array of strings.

Having said that, our previous code should like below.

<?php
if ( ! isset( $_POST['signup_form_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['signup_form_nonce'] ) ), 'signup_nonce' ) ) {

   print 'Sorry, your nonce did not verify.';
   exit;

} else {

   // process form data
}
?>

This is one example. There are several other mistakes we are doing in our WordPress programming.

Install WordPress Coding Standards Library

This library will help us to improve our coding standards in WordPress development and establish us as a better WordPress developer.

To install this library open your command prompt in the root directory of a project and run the below command.

composer create-project wp-coding-standards/wpcs --no-dev

Note: You should have composer installed in your system to run the above command.

After running the command, it will create a folder called ‘wpcs’ in your root directory of a project.

We are assuming you have read our improving the PHP coding standards article and you have installed PHP_CodeSniffer library inside ‘php_codesniffer’ folder in the project root directory.

Next, we need to register WordPress standards in PHP_CodeSniffer configuration. Open the command prompt under ‘php_codesniffer/vendor/bin’ and run the command below.

phpcs --config-set installed_paths /path/to/wpcs

Replace ‘/path/to/wpcs’ with your path. In our case, on windows platform, we write the command as follows.

phpcs --config-set installed_paths D:\wamp\www\wp1\wpcs

Let’s Find Out Our Mistakes And Improve WordPress Coding Standards

We have set with our library. Now, it’s time to find our mistakes and avoid it next time.

Let’s say we have created a plugin ‘test-plugin’ and we have to validate a file called ‘core.php’.

Open command prompt under the directory ‘wpcs/vendor/bin’ and run the below command.

phpcs --standard=WordPress D:\wamp\www\wp1\wp-content\plugins\test-plugin\core.php

run phpcs command

After running the command, you will prompt with the errors and warnings. All these errors and warnings showing because we have not followed the standard coding practices for WordPress development.

A good part is that, we get the detailed report about the line numbers and how to correct that specific error. We just need to look into guidelines and correct the errors one by one.

phpcbf command can also correct some minor errors like indentation, spaces etc.

phpcbf --standard=WordPress D:\wamp\www\wp1\wp-content\plugins\test-plugin\core.php

We hope you understand how to use WordPress coding standards library to improve the WordPress coding standards. If you have any questions or suggestions please leave a comment below.

If you liked this article, then please subscribe to our YouTube Channel for video tutorials.

Leave a Reply

Your email address will not be published. Required fields are marked *