Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introducing the WordPress Coding Standards /for non-developers/

Introducing the WordPress Coding Standards /for non-developers/

Presented on September 14, 2017 at the Wordpress Fryslân meetup, Drachten, The Netherlands.
Ever heard of the WordPress Coding standards ? Ever wondered why they could be useful to you ?

In contrast to most coding standards, the WordPress Coding Standards are about so much more than just (code) style. It is about best practices, modern code, preventing conflicts with other themes and plugins and can even help safeguard you against some common security vulnerabilities.

No matter whether you are a developer or you can't tell divs from eval's, the WordPress Coding Standards can help you. Let me tell you how...

* PHP Codesniffer: https://github.com/squizlabs/PHP_CodeSniffer/
* WordPress Coding Standards: https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
* PHPCompatibility Standard: https://github.com/wimg/PHPCompatibility/
* Example ruleset: https://github.com/jrfnl/QA-WP-Projects (to be added)

Juliette Reinders Folmer

September 14, 2017

More Decks by Juliette Reinders Folmer

Other Decks in Programming


  1. Dangerous Code  Use of eval() Squiz.PHP.Eval  Use of

    PCRE /e modifier PHPCompatibility.PHP. PregReplaceEModifier  Use of backtick operator Generic.PHP.BacktickOperator
  2. Outdated Code  Globals Functions instead of OO Squiz.Functions.GlobalFunction 

    Use of PHP 4 Style code Squiz.Scope.MethodScope Squiz.Scope.MemberVarScope PSR2.Methods.MethodDeclaration Generic.Functions. CallTimePassByReference Generic.PHP.DisallowShortOpenTag
  3. Messy Code  Use of extract() WordPress.Functions.DontExtract  Assignments in

    Conditions Generic.CodeAnalysis. AssignmentInCondition  Duplicate Classes Generic.Classes.DuplicateClassName  Jumbled Incrementers Generic.CodeAnalysis. JumbledIncrementer  Duplicate Function Arguments Squiz.Functions. FunctionDuplicateArgument
  4. Incompatible Code - PHP PHPCompatibility => Needs a testVersion config

     Use of Deprecated Syntaxes  Use of Deprecated or Removed Functions / Classes / Extensions etc  Use of (too) new Syntaxes
  5. Incompatible Code - WP Use of Deprecated:  WP Functions

    WordPress.WP.DeprecatedFunctions  WP Function Parameters WordPress.WP. DeprecatedFunctionParameters  WP Classes WordPress.WP.DeprecatedClasses
  6. Conflicting Code  Overwriting WP Global Variables WordPress.Variables.GlobalVariables  Non-enqueued

    Scripts & Styles WordPress.WP.EnqueuedResources  Non-prefixed code WordPress.NamingConventions. PrefixAllGlobals => needs prefixes property
  7. Insecure Code  Input not Validated  Input not Sanitized

    WordPress.VIP.ValidatedSanitizedInput  Output not Escaped WordPress.XSS.EscapeOutput  Using User Input without Nonce Verification WordPress.CSRF.NonceVerification  Open to SQL Injection WordPress.WP.PreparedSQL