WordPress Coding Standards ensure consistency, security, and maintainability across WordPress projects. Standards cover PHP, JavaScript, HTML, and CSS defining formatting, naming conventions, and best practices. Professional developers follow standards enabling collaboration, theme directory approval, and long-term code maintainability.
Coding standards provide consistency across WordPress ecosystem. Consistent code reads faster, maintains easier, and collaborates better.
Professional Quality: Standards demonstrate professionalism distinguishing quality from amateur code.
Collaboration: Team members understand code following familiar patterns. Onboarding accelerates when standards apply consistently.
Maintainability: Future developers (including yourself) comprehend standardised code faster than idiosyncratic implementations.
Security: Standards include security best practices preventing common vulnerabilities.
Theme Directory Approval: WordPress theme directory requires standards compliance. Non-compliant themes face rejection.
Plugin Quality: Quality plugins follow standards signaling reliability and professionalism.
Standards aren't arbitrary restrictions. They represent collective wisdom improving code quality systematically.
Understanding standards distinguishes professional WordPress development from hobbyist coding.
WordPress PHP standards define formatting, naming, and structure ensuring consistent, readable code.
Indentation and Spacing:
Use tabs for indentation, not spaces:
function example_function() {
$variable = 'value';
if ( $condition ) {
do_something();
}
}
Space after control structures and before opening parentheses:
if ( condition ) // Correct
if (condition) // Incorrect
if(condition) // Incorrect
Braces and Structure:
Opening braces on same line:
// Correct
if ( $condition ) {
code();
}
// Incorrect
if ( $condition )
{
code();
}
Naming Conventions:
// Functions: lowercase with underscores
function my_function_name() { }
// Variables: lowercase with underscores
$my_variable = 'value';
// Classes: Initial capitals
class My_Class_Name { }
// Constants: UPPERCASE with underscores
define( 'MY_CONSTANT', 'value' );
String Quotes:
Use single quotes for strings; double quotes when interpolating:
$string = 'Single quotes';
$interpolated = "Value: $variable";
Array Declaration:
$array = array(
'key1' => 'value1',
'key2' => 'value2',
);
PHP standards emphasise readability and consistency enabling efficient code comprehension.
WordPress JavaScript standards align with modern JavaScript best practices ensuring quality frontend code.
Indentation and Spacing:
Use tabs for indentation:
function exampleFunction() {
var variable = 'value';
if ( condition ) {
doSomething();
}
}
Naming Conventions:
// Functions and variables: camelCase
function myFunction() { }
var myVariable = 'value';
// Classes: PascalCase
class MyClass { }
// Constants: UPPERCASE
const MY_CONSTANT = 'value';
Semicolons:
Always use semicolons:
var a = 5;
var b = 10;
Quotes:
Use single quotes for strings:
var string = 'Single quotes';
jQuery:
Prefix jQuery objects with $:
var $element = $( '.selector' );
Equality:
Use strict equality:
if ( value === 5 ) // Correct
if ( value == 5 ) // Incorrect
Modern JavaScript:
WordPress increasingly embraces ES6+ features:
// Arrow functions
const func = () => { };
// Template literals
const string = `Value: ${variable}`;
// Destructuring
const { prop1, prop2 } = object;
JavaScript standards ensure frontend code quality matching backend standards.
WordPress HTML standards emphasise semantic markup, accessibility, and valid code.
Indentation:
Use tabs for indentation:
<div class="wrapper">
<article>
<h1>Title</h1>
<p>Content</p>
</article>
</div>
Quotes:
Use double quotes for attributes:
<div class="example" id="identifier">
Semantic HTML:
Use appropriate elements:
<!-- Correct -->
<nav>
<ul>
<li><a href="#">Link</a></li>
</ul>
</nav>
<!-- Incorrect -->
<div class="nav">
<span><a href="#">Link</a></span>
</div>
Self-Closing Tags:
Don't self-close tags in HTML5:
<img src="image.jpg" alt="Description"> <!-- Correct -->
<img src="image.jpg" alt="Description" /> <!-- Incorrect -->
Accessibility:
Include ARIA attributes where appropriate:
<button aria-label="Close menu">×</button>
<img src="image.jpg" alt="Descriptive text">
Attributes Order:
Consistent attribute ordering improves readability:
<element class="" id="" data-attribute="" aria-attribute="">
HTML standards prioritise semantic, accessible markup benefiting users and search engines.
WordPress CSS standards define formatting and organisation ensuring maintainable stylesheets.
Indentation and Spacing:
Use tabs for indentation:
.selector {
property: value;
another-property: value;
}
Selectors:
One selector per line for multiple selectors:
.selector-1,
.selector-2,
.selector-3 {
property: value;
}
Properties:
One property per line:
.selector {
display: block;
margin: 0 auto;
padding: 10px;
}
Colors:
Use lowercase hex values; shorthand where possible:
.element {
color: #fff; /* Shorthand */
background: #f5f5f5; /* Full when necessary */
}
Organisation:
Group related properties:
.element {
/* Positioning */
position: relative;
top: 0;
left: 0;
/* Display & Box Model */
display: block;
width: 100%;
padding: 10px;
margin: 0 auto;
/* Typography */
font-size: 16px;
line-height: 1.5;
/* Visual */
background: #fff;
border: 1px solid #ddd;
}
Comments:
Comment sections and complex code:
/* ==========================================================================
Header Styles
========================================================================== */
.site-header {
/* Complex positioning explanation */
position: relative;
}
CSS standards create organised, maintainable stylesheets scaling gracefully.
Security standards prevent common vulnerabilities protecting users and data. Every developer must follow security practices.
Sanitise Input:
Never trust user input:
// Text input
$value = sanitize_text_field( $_POST['field'] );
// Email
$email = sanitize_email( $_POST['email'] );
// URL
$url = esc_url_raw( $_POST['url'] );
Escape Output:
Escape all output preventing XSS attacks:
// HTML context
echo esc_html( $string );
// Attribute context
echo '<a href="' . esc_url( $url ) . '">';
// JavaScript context
echo '<script>var data = ' . wp_json_encode( $data ) . ';</script>';
Nonces:
Use nonces for forms:
// Generate
wp_nonce_field( 'action_name', 'nonce_name' );
// Verify
if ( ! isset( $_POST['nonce_name'] ) ||
! wp_verify_nonce( $_POST['nonce_name'], 'action_name' ) ) {
wp_die( 'Security check failed' );
}
Prepared Statements:
Always prepare database queries:
global $wpdb;
$results = $wpdb->get_results( $wpdb->prepare(
"SELECT * FROM {$wpdb->posts} WHERE ID = %d",
$id
) );
Capability Checks:
Verify user permissions:
if ( ! current_user_can( 'manage_options' ) ) {
wp_die( 'Insufficient permissions' );
}
Security standards protect sites and users. Never skip security measures.
Comprehensive security requires following complete WordPress security guidelines.
Automated tools validate code against standards eliminating manual checking overhead.
PHP_CodeSniffer:
Install with WordPress standards:
composer require --dev wp-coding-standards/wpcs
phpcs --config-set installed_paths vendor/wp-coding-standards/wpcs
Check files:
phpcs --standard=WordPress path/to/file.php
Fix automatically:
phpcbf --standard=WordPress path/to/file.php
ESLint:
Configure for WordPress JavaScript:
npm install --save-dev @wordpress/eslint-plugin
.eslintrc.json:
{
"extends": "plugin:@wordpress/eslint-plugin/recommended"
}
Stylelint:
CSS linting for WordPress:
npm install --save-dev stylelint-config-wordpress
Editor Integration:
Configure VS Code, PhpStorm, or Sublime Text for real-time validation. Fix standards violations during development preventing accumulation.
CI/CD Integration:
Integrate checking into continuous integration pipelines. Reject commits violating standards maintaining code quality automatically.
Automated checking removes standards enforcement burden enabling focus on functionality.
Documentation standards ensure code comprehensibility through consistent commenting and explanation.
File Headers:
Document file purposes:
<?php
/**
* File Name
*
* Brief file description.
*
* @package Package_Name
* @subpackage Subpackage
* @since 1.0.0
*/
Function Documentation:
DocBlocks describe functions:
/**
* Brief function description.
*
* Longer description explaining functionality,
* usage, and any important notes.
*
* @since 1.0.0
*
* @param string $param1 Parameter description.
* @param int $param2 Another parameter.
* @return bool True on success, false on failure.
*/
function example_function( $param1, $param2 ) {
// Implementation
return true;
}
Hook Documentation:
Document hooks for extensibility:
/**
* Fires before processing data.
*
* @since 1.0.0
*
* @param array $data The data being processed.
*/
do_action( 'before_process_data', $data );
/**
* Filters processed data.
*
* @since 1.0.0
*
* @param array $data The processed data.
* @param int $id The item ID.
*/
$data = apply_filters( 'process_data', $data, $id );
Inline Comments:
Explain complex logic:
// Calculate tax based on location
if ( 'UK' === $location ) {
$tax = $amount * 0.20; // 20% VAT
} else {
$tax = 0; // No tax for non-UK
}
Documentation enables understanding code without examining implementation details.
Organised file structures improve maintainability and navigation.
Theme Structure:
theme-name/
├── style.css
├── functions.php
├── index.php
├── header.php
├── footer.php
├── sidebar.php
├── assets/
│ ├── css/
│ ├── js/
│ └── images/
├── template-parts/
├── inc/
│ ├── customizer.php
│ └── template-functions.php
└── languages/
Plugin Structure:
plugin-name/
├── plugin-name.php
├── uninstall.php
├── readme.txt
├── includes/
│ ├── class-main.php
│ └── admin/
├── assets/
│ ├── css/
│ ├── js/
│ └── images/
└── languages/
Naming Conventions:
Organised structures enable quick navigation and file location.
Do I need to follow WordPress coding standards?
Following WordPress coding standards proves essential for professional development, theme directory submissions, and collaborative projects. Standards improve code quality, readability, and maintainability benefiting all stakeholders. While personal projects permit flexibility, professional work demands standards compliance. Benefits justify learning and applying standards consistently. Most WordPress development communities expect standards adherence demonstrating professionalism and competence.
How do I learn WordPress coding standards?
Study official WordPress Coding Standards documentation at make.wordpress.org/core/handbook. Use PHP_CodeSniffer with WordPress rulesets identifying violations automatically. Review quality themes and plugins observing standards implementation. Practice writing code following standards until patterns become automatic. Join WordPress development communities asking questions and receiving feedback. Experience and repetition internalise standards making compliance natural rather than burdensome.
Can I use different coding standards?
Personal projects permit alternative standards though WordPress standards prove optimal for WordPress development. However, team projects, theme directory submissions, and collaborative work require WordPress standards compliance. Mixing standards creates confusion harming maintainability. If preferring alternative standards, convert code to WordPress standards before releasing publicly. Consistency matters more than specific standard choice, but WordPress ecosystem expects WordPress standards.
What happens if my code doesn't meet standards?
Non-compliant code functions correctly but faces challenges: theme directory rejection, difficult maintenance, collaboration problems, and unprofessional appearance. Automated validation catches many violations enabling correction. Manual review identifies remaining issues. While working code matters most, standards compliance distinguishes professional from amateur work. Invest time ensuring standards compliance protecting long-term code quality and professional reputation.
Do coding standards slow development?
Initially, standards slow development while learning and adjusting. However, long-term standards accelerate development through: faster code comprehension, reduced debugging time, easier refactoring, and smoother collaboration. Automated tools minimise overhead checking and fixing violations automatically. Experienced developers write standards-compliant code naturally without conscious effort. Short-term investment yields substantial long-term benefits through improved code quality and maintainability.
Are WordPress coding standards same as PSR standards?
No, WordPress Coding Standards differ from PHP-FIG PSR standards. WordPress standards predate PSR and developed independently. Key differences include indentation (tabs vs spaces), brace positioning, and naming conventions. WordPress ecosystem uses WordPress standards; modern PHP projects often use PSR standards. When contributing to WordPress core, themes, or plugins, follow WordPress standards. For non-WordPress PHP projects, PSR standards prove more appropriate.
How do I configure my editor for WordPress standards?
Configure editors using appropriate plugins and settings. VS Code: install PHP_CodeSniffer, phpcs extension, and ESLint. Configure workspace settings referencing WordPress rulesets. PhpStorm: configure PHP_CodeSniffer with WordPress standards in Preferences > PHP > Quality Tools. Set Code Style to WordPress in Editor > Code Style > PHP. Sublime Text: install SublimeLinter packages with WordPress configurations. Editor integration provides real-time feedback improving compliance automatically.
Related WordPress Development Topics:
Written by the WordPress Development Team at London Web Design, writing standards-compliant code since 2010.
