WordPress
Specific best practices and architectural patterns when working with WordPress.
Details
Language / Topic
PHPCategory
framework
Rules
balanced
WordPress
- Use hooks (`add_action`, `add_filter`) for extending functionality — never modify core files. Prefix all function names, classes, and option keys with your plugin/theme slug to avoid collisions. Use `wp_enqueue_script/style` for asset loading.
WordPress
- Use hooks (`add_action`, `add_filter`) for extending functionality — never modify core files. Prefix all function names, classes, and option keys with your plugin/theme slug to avoid collisions. Use `wp_enqueue_script/style` for asset loading.
- Use the Settings API (`register_setting`, `add_settings_section`) for admin options pages. Sanitize all input with `sanitize_text_field()`, `absint()`, `wp_kses()`. Escape all output with `esc_html()`, `esc_attr()`, `esc_url()`, `wp_kses_post()`. Use `$wpdb->prepare()` for all database queries — never concatenate SQL. Use nonces (`wp_nonce_field`, `wp_verify_nonce`) for form security.