wordpress-best-practices_skill

This skill helps you apply WordPress best practices across plugins, themes, and blocks to improve security, performance, and reliability.
  • JavaScript

0

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill jcastillotx/vibe-skeleton-app --skill wordpress-best-practices

  • metadata.json647 B
  • package.json566 B
  • README.md1.3 KB
  • SKILL.md1.5 KB

Overview

This skill documents WordPress development standards focused on security, performance, and maintainability. It organizes 25 practical rules across security, database, performance, plugin, theme, REST API, multisite, and Gutenberg areas. Use it as a concise checklist to reduce vulnerabilities, improve speed, and keep code consistent across plugins, themes, and blocks.

How this skill works

The skill inspects common WordPress touchpoints and recommends concrete coding patterns: escaping output, sanitizing inputs, using nonces, optimizing queries, and enqueueing assets correctly. It maps checks to contexts like plugins, themes, REST endpoints, multisite, and Gutenberg blocks so agents can surface targeted suggestions. Each rule emphasizes minimal change with measurable benefit, such as replacing expensive meta queries or moving autoloaded options to transients.

When to use it

  • Building or reviewing WordPress plugins or themes
  • Creating custom REST API endpoints or schema definitions
  • Developing Gutenberg blocks and block patterns
  • Diagnosing performance regressions or slow admin pages
  • Preparing code for multisite or network-wide deployment

Best practices

  • Always escape output (esc_html, esc_attr) and sanitize inputs (sanitize_text_field, wp_kses) before database or HTML use.
  • Use nonces and capability checks for state-changing actions; verify permissions in REST routes and AJAX handlers.
  • Avoid autoloading large options; prefer transients or lazy-loaded options for infrequently used data.
  • Enqueue scripts and styles with dependencies and versions; load scripts in footer and use conditional loading for admin vs front-end.
  • Prefix plugin/theme globals, option names, and custom DB columns; namespace REST routes and Gutenberg block names.

Example use cases

  • Reviewing a plugin to replace direct SQL with prepared WP_Query or $wpdb->prepare for safety and performance.
  • Refactoring a theme to use proper template hierarchy, child theme support, and Customizer settings.
  • Adding a REST API route with explicit permission_callback, request schema, and namespaced endpoints.
  • Optimizing a slow page by deferring noncritical JS, enabling lazy loading for images, and replacing expensive meta queries.
  • Building Gutenberg blocks that use InnerBlocks correctly, register block styles, and follow block naming conventions.

FAQ

Yes. The rules improve security and performance for any WordPress codebase, whether a custom site or a distributed plugin.

Which checks are highest priority?

Security hardening (escaping, sanitization, nonces) and database/performance optimizations (avoid autoload bloat, use transients) are highest priority because they prevent common exploits and slowdowns.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational