I’ve always found myself to be slightly OCD when it comes to writing code. Ok, maybe not just when writing code, I insist that my cars digital volume display sits on an even number at all times…

Anyway, extra spaces, lack of new lines and proper white spacing in a codebase really bugs me to no end. And even though I always try my best to make sure my code is squeaky clean, the truth is that I’ve often shipped code with the very annoyances that irritate me the most.

That’s also not to mention shipping code with other issues such as incorrect sanitisation, no docblock comments, forms without nonce values etc. We’re all human and prone to making mistakes in our code every now and then.

Mistakes can be costly though and especially as we work on WordPress and open source software, it’s even more vital that we take care and automate the checking of our code style and security – or as I’ll refer to them from now on, our WordPress coding standards.

Why you need to apply WordPress coding standards to your codebase

There are many different reasons for being really strict when it comes writing WordPress code and implementing coding standards. Let’s look at some of them.

  • Avoid your codebase becoming a big mess. If there are no standards applied to your code, then it can quickly become a big mess. Especially when there is more than 1 developer working on the same code. Each developer has his/her own quirks and way of doing things. If they’re not kept in check, things escalate fast and code becomes messy.
  • Follows industry best practices. By adopting an industry best practice, your code is written in the same way and the right way. Just like all the other top plugins, themes and applications. This is clearly beneficial to the community as a whole as everyone is adopting the same practices when writing code.
  • Makes sure your code is secure. Code standards should include checks to make sure that the code is securely written. It’s easy to forget a nonce on a form or to output a variable that is not escaped. WordPress coding standards define how to write secure code and should be strictly enforced.
  • Documented code is much easier to read and understand. Your code standards should enforce documentation of classes, methods, variables etc. Having documented code is again a win for everyone as the code becomes much clearer when trying to add to it or refactor it.

Why you should automatically check your WordPress coding standards

As we know, WordPress has a number of defined coding standards that have been laid out and enforced on core development. Unfortunately when it comes to themes and plugins, it is not as easy to enforce these standards since the control lies with the theme plugin or author.

Many of the better plugins and themes however have adopted these coding standards.

Like mentioned earlier on in this piece, it can be easy to simply forget to follow a standard. This might be as small as forgetting a space before a closing bracket or as dangerous as outputting non-escaped text.

Worst yet, it’s a pain having to implement standards and always having to remember to follow them. Never mind having to tell a colleague that what they’ve coded is incorrect.

The simple solution is to automate.

You need to automate the checking of your coding standards. Doing so will eliminate the need to always be thinking about it (although after a while it really becomes second nature), will save you the pain of having to tell your colleagues they coded something wrong (the build process will do that for you) and best of all, catch any missed security issues that may have been introduced.

Importantly though, automated checking of code standards will not catch everything and it’s still important to make sure you’re coding diligently.

How to implement automated checking of WordPress code standards

The really good news is that there are a number of open source projects written to automate the checking of WordPress coding standards. There are two specific projects that you should initially look at.

The first is the WPCS project. The WordPress Coding Standards project is a whole set of PHPCS rules to make sure your code written for WordPress follows the outlined conventions.

To get you started with WPCS, here is a video I’ve recorded to help you get setup on your own project.

Then the next project that is worth looking at is WP-Dev-Lib. This is a whole package of tools to facilitate the development of WordPress themes, plugins and sites.

WP-Dev-Lib includes the WPCS project mentioned above but goes a step further by including tools and scripts for unit testing, deployment and additional standards checking.

Here is a video which goes through how to setup WP-Dev-Lib.

These videos will give you a good head start into making sure your code is developed the right way. It’ll reduce the amount of work needed to make sure of that and let you focus on writing your best code.

Join the Conversation


  1. Hi Matt, great article!

    I agree with most of it but still find it hard (and a little dumb) to commit myself to the WordPress naming conventions.

    When you are programming in a bunch of other languages (and some not WP-related PHP-projects) separating words via underscores vs the “standard” camelCase destroys my focus while coding.

    So I am compliant with everything WP says, but am still using camelCase to separate words – what’s your thought on that?

    1. Hey Georg!

      I know exactly what you’re talking about and in an ideal world, all PHP projects would implement a standardised style.

      Personally though, whatever project I am working on, I make sure that I implement that projects standards and styles. The sole reason being if I ever hand over the project or open source it, it will be far easier for whoever else contributes to the project to work on and maintain the expected standards.

      The project is less likely to end up as a big mess as everyone will be writing their code in the same way.

      The context switching between multiple projects and styles can be a pain, but thats why you should implement a precommit hook like the one in WP-Dev-Lib. You can write your code without worrying about implementing the wrong standards by accident. It will remind you to update the incorrect standards that crept in before your commit goes through.

      Hope this makes sense.

    1. Thanks Steve!

      I’ve been using the precommit hook that comes with WP-Dev-Lib but will definitely check out yours too. Thanks for letting me know about it.

    1. Thanks Tom!

      Totally agree, it’s important that we all get on the same page regarding coding standards. It makes everyone’s life easier in the long run.

  2. What’s your recommendation about becoming wordpress developer? It may be courses, bookse or any source.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.