WordPress/WordPress-Coding-Standards WordPress/WordPress-Coding-Standards

  • Stars
    star
    2,383
  • Rank 18,485 (Top 0.4 %)
  • Language
    PHP
  • License
    MIT License
  • Created almost 13 years ago
  • Updated 7 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
WordPress/WordPress-Coding-Standards
github

WordPress

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions

Latest Stable Version Release Date of the Latest Version 🚧 Latest Unstable Version Last Commit to Unstable

Minimum PHP Version Tested on PHP 5.4 to 7.4 snapshot Basic QA checks Unit Tests

License: MIT Total Downloads Number of Contributors

WordPress Coding Standards for PHP_CodeSniffer

Introduction

This project is a collection of PHP_CodeSniffer rules (sniffs) to validate code developed for WordPress. It ensures code quality and adherence to coding conventions, especially the official WordPress Coding Standards.

Project history

  • On 22nd April 2009, the original project from Urban Giraffe was packaged and published.
  • In May 2011 the project was forked and added to GitHub by Chris Adams.
  • In April 2012 XWP started to dedicate resources to develop and lead the creation of the sniffs and rulesets for WordPress-Core, WordPress-VIP (WordPress.com VIP), and WordPress-Extra.
  • In May 2015, an initial documentation ruleset was added as WordPress-Docs.
  • In 2015, J.D. Grimes began significant contributions, along with maintenance from Gary Jones.
  • In 2016, Juliette Reinders Folmer began contributing heavily, adding more commits in a year than anyone else in the five years since the project was added to GitHub.
  • In July 2018, version 1.0.0 of the project was released.

Installation

Requirements

The WordPress Coding Standards require PHP 5.4 or higher and PHP_CodeSniffer version 3.7.2 or higher.

Composer

Standards can be installed with the Composer dependency manager:

composer create-project wp-coding-standards/wpcs --no-dev

Running this command will:

  1. Install WordPress standards into wpcs directory.
  2. Install PHP_CodeSniffer.
  3. Register WordPress standards in PHP_CodeSniffer configuration.
  4. Make phpcs command available from wpcs/vendor/bin.

For the convenience of using phpcs as a global command, you may want to add the path to the wpcs/vendor/bin directory to a PATH environment variable for your operating system.

Installing WPCS as a dependency

When installing the WordPress Coding Standards as a dependency in a larger project, the above mentioned step 3 will not be executed automatically.

There are two actively maintained Composer plugins which can handle the registration of standards with PHP_CodeSniffer for you:

It is strongly suggested to require one of these plugins in your project to handle the registration of external standards with PHPCS for you.

Standalone

  1. Install PHP_CodeSniffer by following its installation instructions (via Composer, Phar file, PEAR, or Git checkout).

    Do ensure that PHP_CodeSniffer's version matches our requirements, if, for example, you're using VVV.

  2. Clone the WordPress standards repository:

     git clone -b master https://github.com/WordPress/WordPress-Coding-Standards.git wpcs

  3. Add its path to the PHP_CodeSniffer configuration:

     phpcs --config-set installed_paths /path/to/wpcs

    Pro-tip: Alternatively, you can tell PHP_CodeSniffer the path to the WordPress standards by adding the following snippet to your custom ruleset:

    <config name="installed_paths" value="/path/to/wpcs" />

To summarize:

cd ~/projects
git clone https://github.com/squizlabs/PHP_CodeSniffer.git phpcs
git clone -b master https://github.com/WordPress/WordPress-Coding-Standards.git wpcs
cd phpcs
./bin/phpcs --config-set installed_paths ../wpcs

And then add the ~/projects/phpcs/bin directory to your PATH environment variable via your .bashrc.

You should then see WordPress-Core et al listed when you run phpcs -i.

Rulesets

Standards subsets

The project encompasses a super-set of the sniffs that the WordPress community may need. If you use the WordPress standard you will get all the checks.

You can use the following as standard names when invoking phpcs to select sniffs, fitting your needs:

  • WordPress - complete set with all of the sniffs in the project

Note: The WPCS package used to include a WordPress-VIP ruleset and associated sniffs, prior to WPCS 2.0.0. The WordPress-VIP ruleset was originally intended to aid with the WordPress.com VIP coding requirements, but has been superseded. It is recommended to use the official VIP coding standards ruleset instead for checking code against the VIP platform requirements.

Using a custom ruleset

If you need to further customize the selection of sniffs for your project - you can create a custom ruleset file. When you name this file either .phpcs.xml, phpcs.xml, .phpcs.xml.dist or phpcs.xml.dist, PHP_CodeSniffer will automatically locate it as long as it is placed in the directory from which you run the CodeSniffer or in a directory above it. If you follow these naming conventions you don't have to supply a --standard arg. For more info, read about using a default configuration file. See also provided phpcs.xml.dist.sample file and fully annotated example in the PHP_CodeSniffer documentation.

Customizing sniff behaviour

The WordPress Coding Standard contains a number of sniffs which are configurable. This means that you can turn parts of the sniff on or off, or change the behaviour by setting a property for the sniff in your custom .phpcs.xml.dist file.

You can find a complete list of all the properties you can change in the wiki.

Recommended additional rulesets

The PHPCompatibility ruleset and its subset PHPCompatibilityWP come highly recommended. The PHPCompatibility sniffs are designed to analyse your code for cross-PHP version compatibility.

The PHPCompatibilityWP ruleset is based on PHPCompatibility, but specifically crafted to prevent false positives for projects which expect to run within the context of WordPress, i.e. core, plugins and themes.

Install either as a separate ruleset and run it separately against your code or add it to your custom ruleset, like so:

<config name="testVersion" value="5.6-"/>
<rule ref="PHPCompatibilityWP">
    <include-pattern>*\.php$</include-pattern>
</rule>

Whichever way you run it, do make sure you set the testVersion to run the sniffs against. The testVersion determines for which PHP versions you will receive compatibility information. The recommended setting for this at this moment is 5.6- to support the same PHP versions as WordPress Core supports.

For more information about setting the testVersion, see:

How to use

Command line

Run the phpcs command line tool on a given file or directory, for example:

phpcs --standard=WordPress wp-load.php

Will result in following output:

------------------------------------------------------------------------------------------
FOUND 8 ERRORS AND 10 WARNINGS AFFECTING 11 LINES
------------------------------------------------------------------------------------------
 24 | WARNING | [ ] error_reporting() can lead to full path disclosure.
 24 | WARNING | [ ] error_reporting() found. Changing configuration at runtime is rarely
    |         |     necessary.
 37 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 39 | WARNING | [ ] Silencing errors is discouraged
 39 | WARNING | [ ] Silencing errors is discouraged
 42 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 46 | ERROR   | [ ] Inline comments must end in full-stops, exclamation marks, or
    |         |     question marks
 46 | ERROR   | [x] There must be no blank line following an inline comment
 49 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 54 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 63 | WARNING | [ ] Detected access of super global var $_SERVER, probably needs manual
    |         |     inspection.
 63 | ERROR   | [ ] Detected usage of a non-validated input variable: $_SERVER
 63 | ERROR   | [ ] Missing wp_unslash() before sanitization.
 63 | ERROR   | [ ] Detected usage of a non-sanitized input variable: $_SERVER
 69 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 74 | ERROR   | [ ] Inline comments must end in full-stops, exclamation marks, or
    |         |     question marks
 92 | ERROR   | [ ] All output should be run through an escaping function (see the
    |         |     Security sections in the WordPress Developer Handbooks), found
    |         |     '$die'.
 92 | ERROR   | [ ] All output should be run through an escaping function (see the
    |         |     Security sections in the WordPress Developer Handbooks), found '__'.
------------------------------------------------------------------------------------------
PHPCBF CAN FIX THE 6 MARKED SNIFF VIOLATIONS AUTOMATICALLY
------------------------------------------------------------------------------------------

Using PHPCS and WPCS from within your IDE

Running your code through WPCS automatically using CI tools

Fixing errors or ignoring them

You can find information on how to deal with some of the more frequent issues in the wiki.

Tools shipped with WPCS

Since version 1.2.0, WPCS has a special sniff category Utils.

This sniff category contains some tools which, generally speaking, will only be needed to be run once over a codebase and for which the fixers can be considered risky, i.e. very careful review by a developer is needed before accepting the fixes made by these sniffs.

The sniffs in this category are disabled by default and can only be activated by adding some properties for each sniff via a custom ruleset.

At this moment, WPCS offer the following tools:

  • WordPress.Utils.I18nTextDomainFixer - This sniff can replace the text domain used in a code-base. The sniff will fix the text domains in both I18n function calls as well as in a plugin/theme header. Passing the following properties will activate the sniff:
    • old_text_domain: an array with one or more (old) text domain names which need to be replaced;
    • new_text_domain: the correct (new) text domain as a string.

Contributing

See CONTRIBUTING, including information about unit testing the standard.

License

See LICENSE (MIT).

More Repositories

1

WordPress

WordPress, Git-ified. This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit pull requests to https://github.com/WordPress/wordpress-develop and patches to https://core.trac.wordpress.org/ instead.
PHP
18,713
star
2

gutenberg

The Block Editor project for WordPress and beyond. Plugin is available from the official repository.
JavaScript
9,662
star
3

Requests

Requests for PHP is a humble HTTP request library. It simplifies how you interact with other sites and takes away all your worries.
PHP
3,557
star
4

wordpress-develop

WordPress Develop, Git-ified. Synced from git://develop.git.wordpress.org/, including branches and tags! This repository is just a mirror of the WordPress subversion repository. Please include a link to a pre-existing ticket on https://core.trac.wordpress.org/ with every pull request.
PHP
2,206
star
5

wordpress-playground

Run WordPress in the browser via WebAssembly PHP
JavaScript
1,522
star
6

gutenberg-examples

Examples for extending WordPress/Gutenberg with blocks.
JavaScript
1,182
star
7

two-factor

Two-Factor Authentication for WordPress.
PHP
684
star
8

gutenberg-starter-theme

A simple theme for testing Gutenberg.
PHP
675
star
9

dashicons

Dashicons, the WordPress admin icon font. For the official resource, please see the WordPress Developer Hub.
JavaScript
558
star
10

theme-experiments

Experimenting with themes made out of blocks.
CSS
542
star
11

book

Our book about WordPress. Version 1
512
star
12

twentytwentytwo

Twenty Twenty-Two, the default WordPress theme that will launch with WordPress 5.9.
PHP
409
star
13

twentysixteen

Twenty Sixteen is a theme now included in all WordPress installs. To report any issues please go here: https://core.trac.wordpress.org/newticket
CSS
326
star
14

twentynineteen

Twenty Nineteen is a theme now included in all WordPress installs. To report any issues please go here: https://core.trac.wordpress.org/newticket
CSS
324
star
15

theme-check

Theme Check plugin
PHP
321
star
16

performance

Performance plugin from the WordPress Performance Group, which is a collection of standalone performance modules.
PHP
310
star
17

twentytwenty

Twenty Twenty is included in Core as of WordPress 5.3 🎉 To report any issues, please go here: https://core.trac.wordpress.org/newticket
CSS
300
star
18

create-block-theme

A WordPress plugin to create block themes
JavaScript
285
star
19

phpdoc-parser

Documentation parser powering developer.wordpress.org
PHP
232
star
20

Learn

WordPress.org Learn - The canonical source for the code and content behind https://learn.WordPress.org
PHP
218
star
21

meta-environment

A collection of scripts that provision the official WordPress.org websites into a Varying Vagrant Vagrants installation.
PHP
188
star
22

plugin-check

A repository for the new Plugin Check plugin from the WordPress Performance team
PHP
183
star
23

twentyseventeen

Twenty Seventeen is a theme now included in all WordPress installs. To report any issues please go here: https://core.trac.wordpress.org/newticket
CSS
182
star
24

application-passwords

PHP
182
star
25

wp-feature-notifications

WP Feature Notifications - a proposal to modernise the way in which WordPress handles emails, admin notices and user notifications
PHP
182
star
26

twentytwentyfour

PHP
181
star
27

openverse

Openverse is a search engine for openly-licensed media. This monorepo includes all application code.
Python
179
star
28

twentytwentyone

Ongoing development of Twenty Twenty-One, the new default WordPress theme slated for 5.6.
PHP
178
star
29

health-check

Health Check is a WordPress plugin that will perform a number of checks on your WordPress install to detect common configuration errors and known issues.
PHP
168
star
30

sqlite-database-integration

Feature Plugin to add SQLite support to WordPress. Under Development.
PHP
163
star
31

classic-editor

A plugin to restore the Classic Editor in WordPress.
PHP
147
star
32

wp-movies-demo

Demo of the Interactivity API
PHP
144
star
33

secure-swfupload

A fork of the long-abandoned SWFUpload project, maintained by WordPress and others to ensure that a secure version of SWFUpload exists. Report security vulnerabilities to [email protected].
ActionScript
133
star
34

twentytwentythree

Twenty Twenty-Three, the default WordPress theme sporting many styles that will launch with WordPress 6.1.
HTML
125
star
35

wporg-plugin-guidelines

WordPress.org Plugin Directory Guidelines
121
star
36

pattern-directory

The WordPress Block Pattern Directory
PHP
115
star
37

block-interactivity-experiments

⚠️ WARNING: This repository is no longer active. The development and discussions have been moved to the Gutenberg repository.
PHP
110
star
38

wordcamp.org

WordCamps are casual, locally-organized conferences covering everything related to WordPress.
PHP
109
star
39

HelpHub

The WordPress user documentation portal
PHP
108
star
40

browsehappy

PHP
101
star
41

Security-White-Paper

The WordPress Security White Paper, available directly on the WordPress.org site at https://wordpress.org/about/security/
HTML
94
star
42

packages

Collection of JS modules and tools for WordPress development
JavaScript
87
star
43

playground-tools

TypeScript
86
star
44

wordpress.org

WordPress.org Meta, Git-ified. Synced from git://meta.git.wordpress.org/ This repository is just a mirror of the WordPress Meta subversion repository. Please include a link to a pre-existing ticket on https://meta.trac.wordpress.org/ with every pull request.
PHP
85
star
45

slides

Slides: Presentations with WordPress
JavaScript
82
star
46

servehappy-resources

Third-party articles and specific tutorials on PHP upgrades.
78
star
47

block-development-examples

Practical examples for building WordPress blocks and extending the Editor.
JavaScript
78
star
48

wordpress-importer

The WordPress Importer
PHP
76
star
49

Advanced-administration-handbook

WordPress Advanced Administration Handbook. This handbook will have the most technical, general, documentation about WordPress.
76
star
50

openverse-api

The Openverse API allows programmatic access to search for CC-licensed and public domain digital media.
Python
74
star
51

Documentation-Issue-Tracker

Issue Tracker for the WordPress Documentation team.
72
star
52

wpcs-docs

WordPress Coding Standards Docs
71
star
53

openverse-frontend

The gateway to the Openverse. Openverse is a search tool for CC-licensed and public domain content across the internet.
Vue
71
star
54

WP-Reasons

A public domain marketing flyer/brochure about the reasons to use WordPress, brought to you by some members of the WordPress community.
HTML
70
star
55

wp-lazy-loading

Feature plugin for testing and experimenting with the "loading" HTML attribute.
PHP
69
star
56

hosting-handbook

WordPress Hosting Team Handbook
PHP
67
star
57

revisions-extended

PHP
66
star
58

phpunit-test-runner

PHP
63
star
59

wp-plugin-dependencies

WordPress Feature Project: Plugin Dependencies
PHP
62
star
60

wporg-code-analysis

An experiment.
PHP
59
star
61

wpdev-docker-images

Docker images for use with the Core local development environment.
Dockerfile
57
star
62

wporg-main-2022

A block-based child theme for WordPress.org, plus local environment
PHP
57
star
63

openverse-catalog

Identifies and collects data on cc-licensed content across web crawl data and public apis.
Python
56
star
64

wp-autoupdates

Feature plugin building a UI for opting-in to plugin, theme, and core auto-updates.
PHP
56
star
65

servehappy

Information page about PHP versions and updates, to be used through the WordPress.org project.
53
star
66

community-themes

A collection of Block Themes built by the WordPress community.
HTML
53
star
67

wporg-developer

WordPress.org Developer theme
PHP
50
star
68

data-liberation

49
star
69

grunt-patch-wordpress

Patch Trac based projects
JavaScript
47
star
70

wporg-mu-plugins

Development of the Global Header and other mu-plugins used on WordPress.org.
PHP
47
star
71

WordPress-Documentation-Style-Guide

Style Guide for WordPress documentation.
46
star
72

press-this

Press This is a little tool that lets you grab bits of the web and create new posts with ease. It will even allow you to choose from images or videos included on the page and use them in your post. Use Press This as a quick and lightweight way to highlight another page on the web.
CSS
44
star
73

design-experiments

A simple plugin for WP-Admin design experiments. Brought to you by the WordPress Design Team.
CSS
44
star
74

wp20-book

Our book about WordPress. Version 2
42
star
75

plugin-check-legacy

Work in progress of a "Plugin Check" plugin, this is in development and is not final.
PHP
39
star
76

better-code-editing

[✅ Merged into 4.9-alpha] Better Code Editing WordPress plugin
CSS
37
star
77

five-for-the-future

Plugins and themes for the Five for the Future subsite
PHP
35
star
78

css-audit

JavaScript
34
star
79

developer-blog-content

In this GitHub space, WordPress team coordinate content to be published on the Developer Blog. Discussion and montly meetings (first Thu) in WP Slack #core-dev-blog
33
star
80

rollback-update-failure

Feature plugin to test zip rollback of plugin/theme update failures.
PHP
31
star
81

meeting-calendar

The plugin powering https://make.wordpress.org/meetings/
PHP
30
star
82

theme-review-action

JavaScript
28
star
83

wporg-news-2021

The WordPress.org News Theme
SCSS
28
star
84

phpunit-test-reporter

PHP
27
star
85

block-theme-examples

A repository of feature examples for block themes.
PHP
27
star
86

block-directory

Block library: Timeline and plan: https://make.wordpress.org/design/2019/04/26/block-library-installing-blocks-from-within-gutenberg/
27
star
87

gutenberg.run

Gutenberg live branch preview provisioning service
JavaScript
25
star
88

wporg-two-factor

2FA for WordPress.org accounts
JavaScript
24
star
89

Marketing-Team

The central repository for the WordPress Marketing Team
22
star
90

contributor-day-handbook

21
star
91

openverse-browser-extension

A cross-browser extension that lets you search, filter, and use openly-licensed images.
JavaScript
21
star
92

blueprints-library

PHP
20
star
93

wporg-showcase-2022

The official theme of the WordPress.org showcase.
PHP
18
star
94

spain-handbook

Manuales de la Comunidad de WordPress España (Handbook)
15
star
95

google-fonts-to-wordpress-collection

Gets the Google fonts collection and transform it to a WordPress font library collection, including SVG previews
JavaScript
15
star
96

wporg-documentation-2022

PHP
14
star
97

wporg-parent-2021

SCSS
14
star
98

block-course-theme

HTML
14
star
99

Community

WordPress Community Team Projects and Plans | https://make.wordpress.org/community/
14
star
100

classic-widgets

A plugin to restore the Classic Widgets in WordPress.
PHP
14
star