Marketplace wordpress-dev
WordPress development best practices - coding standards, custom post types, security, performance, hooks/filters, and template hierarchy. Use for any WordPress theme or plugin development guidance.
install
source · Clone the upstream repo
git clone https://github.com/aiskillstore/marketplace
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/aiskillstore/marketplace "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/crazyswami/wordpress-dev" ~/.claude/skills/aiskillstore-marketplace-wordpress-dev && rm -rf "$T"
manifest:
skills/crazyswami/wordpress-dev/SKILL.mdsource content
WordPress Development Best Practices
Comprehensive development guidance for WordPress themes and plugins following 2025 standards.
What This Skill Provides
- Coding Standards - PHP, JS, CSS conventions following WordPress standards
- Custom Post Types - Complete CPT registration and management guide
- Security - Sanitization, escaping, nonces, capability checks
- Performance - Caching, query optimization, asset loading
- Hooks & Filters - Actions and filters reference with examples
- Template Hierarchy - Theme template structure and overrides
Quick Reference
Do's
- Use WordPress APIs (don't reinvent the wheel)
- Sanitize all input (
functions)sanitize_* - Escape all output (
functions)esc_* - Use prepared statements for SQL (
)$wpdb->prepare - Enqueue scripts/styles properly (
)wp_enqueue_* - Use transients for expensive operations
- Follow the template hierarchy
- Use hooks instead of modifying core
- Prefix all functions, classes, and global variables
- Use WP-CLI for automation tasks
Don'ts
- Modify WordPress core files (NEVER)
- Use
- usequery_posts()
insteadWP_Query - Echo untrusted data without escaping
- Store sensitive data in plain text options
- Use
on untrusted dataextract() - Suppress errors with
operator@ - Use deprecated functions
- Hard-code URLs or file paths
- Skip nonce verification on forms
- Use
functions - usemysql_*$wpdb
Documentation
Detailed documentation available in
/docs/| File | Contents |
|---|---|
| coding-standards.md | PHP, JS, CSS naming and formatting |
| custom-post-types.md | CPT registration, labels, capabilities |
| security.md | Input/output handling, nonces, SQL safety |
| performance.md | Caching, optimization, lazy loading |
| hooks-filters.md | Common actions/filters with examples |
| template-hierarchy.md | Template files and overrides |
Code Templates
Ready-to-use templates in
/templates/| Template | Purpose |
|---|---|
| CPT registration boilerplate |
| Custom taxonomy registration |
| Admin meta box with save handling |
| Custom REST API endpoint |
| Complete plugin starter files |
Usage Examples
Create a Custom Post Type
Ask Claude:
- "Create a 'Property' custom post type for real estate"
- "Add a custom post type for team members with a photo field"
- "Register a 'Portfolio' CPT with custom taxonomies"
Security Review
Ask Claude:
- "Review this form handler for security issues"
- "Check if this plugin follows WordPress security best practices"
- "Add proper sanitization and escaping to this code"
Performance Optimization
Ask Claude:
- "Optimize this WP_Query for better performance"
- "Add caching to this expensive database operation"
- "Review asset loading for this theme"
Code Generation
Use the scaffold script to generate boilerplate:
# Generate a custom post type python3 /root/.claude/skills/wordpress-dev/scripts/scaffold.py \ --type cpt \ --name "Property" \ --slug "property" \ --output /path/to/theme/inc/ # Generate a custom taxonomy python3 /root/.claude/skills/wordpress-dev/scripts/scaffold.py \ --type taxonomy \ --name "Property Type" \ --slug "property-type" \ --post-type "property" \ --output /path/to/theme/inc/
WordPress 6.x / Block Theme Notes
Full Site Editing (FSE)
For block themes (WordPress 6.0+):
theme/ ├── theme.json # Global styles and settings ├── templates/ # Block templates (HTML) │ ├── index.html │ ├── single.html │ └── page.html ├── parts/ # Block template parts │ ├── header.html │ └── footer.html └── patterns/ # Block patterns └── hero.php
theme.json Best Practices
{ "$schema": "https://schemas.wp.org/trunk/theme.json", "version": 2, "settings": { "color": { "palette": [ {"slug": "primary", "color": "#1a1a1a", "name": "Primary"} ] }, "typography": { "fontFamilies": [ {"fontFamily": "Inter, sans-serif", "slug": "body", "name": "Body"} ] }, "spacing": { "units": ["px", "rem", "%"] } } }
Common Patterns
Safe Database Query
global $wpdb; $results = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->posts} WHERE post_type = %s AND post_status = %s", 'property', 'publish' ) );
AJAX Handler
// Register AJAX action add_action('wp_ajax_my_action', 'my_ajax_handler'); add_action('wp_ajax_nopriv_my_action', 'my_ajax_handler'); function my_ajax_handler() { // Verify nonce check_ajax_referer('my_nonce', 'security'); // Check capability if (!current_user_can('edit_posts')) { wp_send_json_error('Unauthorized', 403); } // Sanitize input $data = sanitize_text_field($_POST['data']); // Process and respond wp_send_json_success(['message' => 'Done']); }
Enqueue Scripts Properly
function theme_enqueue_assets() { // CSS wp_enqueue_style( 'theme-style', get_stylesheet_uri(), [], filemtime(get_stylesheet_directory() . '/style.css') ); // JS with dependencies wp_enqueue_script( 'theme-main', get_theme_file_uri('/assets/js/main.js'), ['jquery'], filemtime(get_theme_file_path('/assets/js/main.js')), true // In footer ); // Localize for AJAX wp_localize_script('theme-main', 'themeData', [ 'ajaxUrl' => admin_url('admin-ajax.php'), 'nonce' => wp_create_nonce('theme_nonce'), ]); } add_action('wp_enqueue_scripts', 'theme_enqueue_assets');
Related Skills
- wordpress-admin: Page/post management, WP-CLI, REST API
- seo-optimizer: Yoast/Rank Math audit and optimization
- visual-qa: Screenshot testing with animation handling
- brand-guide: Brand documentation generation