- Home
- Skills
- Jcastillotx
- Vibe Skeleton App
- Wordpress Best Practices
wordpress-best-practices_skill
- JavaScript
0
GitHub Stars
4
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill jcastillotx/vibe-skeleton-app --skill wordpress-best-practices- metadata.json647 B
- package.json566 B
- README.md1.3 KB
- SKILL.md1.5 KB
Overview
This skill documents WordPress development standards focused on security, performance, and maintainability. It organizes 25 practical rules across security, database, performance, plugin, theme, REST API, multisite, and Gutenberg areas. Use it as a concise checklist to reduce vulnerabilities, improve speed, and keep code consistent across plugins, themes, and blocks.
How this skill works
The skill inspects common WordPress touchpoints and recommends concrete coding patterns: escaping output, sanitizing inputs, using nonces, optimizing queries, and enqueueing assets correctly. It maps checks to contexts like plugins, themes, REST endpoints, multisite, and Gutenberg blocks so agents can surface targeted suggestions. Each rule emphasizes minimal change with measurable benefit, such as replacing expensive meta queries or moving autoloaded options to transients.
When to use it
- Building or reviewing WordPress plugins or themes
- Creating custom REST API endpoints or schema definitions
- Developing Gutenberg blocks and block patterns
- Diagnosing performance regressions or slow admin pages
- Preparing code for multisite or network-wide deployment
Best practices
- Always escape output (esc_html, esc_attr) and sanitize inputs (sanitize_text_field, wp_kses) before database or HTML use.
- Use nonces and capability checks for state-changing actions; verify permissions in REST routes and AJAX handlers.
- Avoid autoloading large options; prefer transients or lazy-loaded options for infrequently used data.
- Enqueue scripts and styles with dependencies and versions; load scripts in footer and use conditional loading for admin vs front-end.
- Prefix plugin/theme globals, option names, and custom DB columns; namespace REST routes and Gutenberg block names.
Example use cases
- Reviewing a plugin to replace direct SQL with prepared WP_Query or $wpdb->prepare for safety and performance.
- Refactoring a theme to use proper template hierarchy, child theme support, and Customizer settings.
- Adding a REST API route with explicit permission_callback, request schema, and namespaced endpoints.
- Optimizing a slow page by deferring noncritical JS, enabling lazy loading for images, and replacing expensive meta queries.
- Building Gutenberg blocks that use InnerBlocks correctly, register block styles, and follow block naming conventions.
FAQ
Yes. The rules improve security and performance for any WordPress codebase, whether a custom site or a distributed plugin.
Which checks are highest priority?
Security hardening (escaping, sanitization, nonces) and database/performance optimizations (avoid autoload bloat, use transients) are highest priority because they prevent common exploits and slowdowns.