Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leveraging the WordPress Coding Standards to review plugins and themes

Leveraging the WordPress Coding Standards to review plugins and themes

Presented on November 25, 2017 at Wordcamp Utrecht, Utrecht, The Netherlands.
In contrast to most coding standards, the WordPress Coding Standards are about so much more than just (code) style. It is about best practices, modern code, preventing conflicts with other themes and plugins and can even help safeguard you against some common security vulnerabilities.

No matter whether you are a developer or you can’t tell divs from eval’s, the WordPress Coding Standards can help you. Let me tell you how…

Links mentioned in the slides:

Slide 4:
* https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards

Slide 12:
* https://github.com/jrfnl/QA-WP-Projects

Slide 13:
* http://php.net/download
* https://getcomposer.org/download/
* https://github.com/jrfnl/QA-WP-Projects

Slide 35:
* https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/issues/1157


Juliette Reinders Folmer

November 25, 2017


  1. Leveraging the WordPress Coding Standards to Review Plugins and Themes

  2. Hello! Juliette Reinders Folmer @jrf_nl @jrfnl

  3. None
  4. https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards

  5. PHP CodeSniffer by

  6. How It Works rulesets sniffs checks

  7. Code Style Documentation Code Smells Code Metrics Best Practices Code

  8. Before you start: Basic checks Nikolay Bachiyski

  9. Basic Checks  Uses GitHub ?   Uses PHPCS

    and/or other QA tools ?   Has (Unit) Tests ? 
  10. Reviewing with PHP CodeSniffer Nikolay Bachiyski

  11. QA WP Projects PHP Compatibility Standard WordPress Coding Standards PHP

    Codesniffer PHP LOC Bonus:
  12. https://github.com/jrfnl/QA-WP-Projects

  13. PHP • http://php.net/download Composer • https://getcomposer.org/download/ QA-WP- Projects • https://github.com/jrfnl/QA-WP-Projects

    • Either download the latest release as a zip or clone using git • Run: composer install
  14. Before Running the QA Test  Download a copy of

    the plugin/theme
  15. Sizing up the codebase vendor/bin> phploc ./path/to/plugin-root/ --exclude=tests

  16. None
  17. None
  18. Before Running the QA Test  Download a copy of

    the plugin/theme  Check the PHP version of the deployment environment  Check Readme.txt for minimum supported WP version  Check main plugin/theme file for the text-domain Header: Text Domain: my-plugin  "Guess" the plugin/theme prefixes
  19. Running the checks vendor/bin> phpcs ./path/to/plugin-root/ --standard=WP-QA-Basic --report-full --report-source --report-summary

    --basepath=./path/to/plugin-root/ --runtime-set testVersion 5.6- --runtime-set minimum_supported_wp_version 4.5 --ignore=./path/to/plugin-root/tests/ --runtime-set text_domain plugin-slug --runtime-set prefixes plugin_prefix,plugin_acronym WP-QA-Strict
  20. Interpreting the Results Nikolay Bachiyski

  21. Dawn Armfield Dangerous Code

  22. pelican Untestable Code

  23. Outdated Code Benjamin Earwicker

  24. Ashim D'Silva Messy Code

  25. Incompatible Code – PHP

  26. Jenn Vargas Incompatible Code - WP

  27. Play4smee Conflicting Code (Strict)

  28. Lyn Belisle Potentially Insecure Code (Strict)

  29. Vera Kratochvil Internationalization Issues (Strict)

  30. Baydog64 Potentially Buggy Code (Strict)

  31. jschumacher Sloppy Code (Strict)

  32. StuartMiles

  33. --ignore-annotations

  34. None
  35. https://github.com/ WordPress-Coding-Standards/ WordPress-Coding-Standards/ issues/1157 WPCS native support

  36. Thanks! Any questions ? Slides: https://speakerdeck.com/jrf Code: https://github.com/jrfnl/ qa-wp-projects @jrf_nl

    @jrfnl @jrf