wordpress-dev
WordPress development best practices - coding standards, custom post types, security, performance, hooks/filters, and template hierarchy. Use for any WordPress theme or plugin development guidance.
Best use case
wordpress-dev is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
WordPress development best practices - coding standards, custom post types, security, performance, hooks/filters, and template hierarchy. Use for any WordPress theme or plugin development guidance.
Teams using wordpress-dev should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/wordpress-dev/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How wordpress-dev Compares
| Feature / Agent | wordpress-dev | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
WordPress development best practices - coding standards, custom post types, security, performance, hooks/filters, and template hierarchy. Use for any WordPress theme or plugin development guidance.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# WordPress Development Best Practices
Comprehensive development guidance for WordPress themes and plugins following 2025 standards.
## What This Skill Provides
1. **Coding Standards** - PHP, JS, CSS conventions following WordPress standards
2. **Custom Post Types** - Complete CPT registration and management guide
3. **Security** - Sanitization, escaping, nonces, capability checks
4. **Performance** - Caching, query optimization, asset loading
5. **Hooks & Filters** - Actions and filters reference with examples
6. **Template Hierarchy** - Theme template structure and overrides
## Quick Reference
### Do's
- Use WordPress APIs (don't reinvent the wheel)
- Sanitize all input (`sanitize_*` functions)
- Escape all output (`esc_*` functions)
- Use prepared statements for SQL (`$wpdb->prepare`)
- Enqueue scripts/styles properly (`wp_enqueue_*`)
- Use transients for expensive operations
- Follow the template hierarchy
- Use hooks instead of modifying core
- Prefix all functions, classes, and global variables
- Use WP-CLI for automation tasks
### Don'ts
- Modify WordPress core files (NEVER)
- Use `query_posts()` - use `WP_Query` instead
- Echo untrusted data without escaping
- Store sensitive data in plain text options
- Use `extract()` on untrusted data
- Suppress errors with `@` operator
- Use deprecated functions
- Hard-code URLs or file paths
- Skip nonce verification on forms
- Use `mysql_*` functions - use `$wpdb`
## Documentation
Detailed documentation available in `/docs/`:
| File | Contents |
|------|----------|
| [coding-standards.md](docs/coding-standards.md) | PHP, JS, CSS naming and formatting |
| [custom-post-types.md](docs/custom-post-types.md) | CPT registration, labels, capabilities |
| [security.md](docs/security.md) | Input/output handling, nonces, SQL safety |
| [performance.md](docs/performance.md) | Caching, optimization, lazy loading |
| [hooks-filters.md](docs/hooks-filters.md) | Common actions/filters with examples |
| [template-hierarchy.md](docs/template-hierarchy.md) | Template files and overrides |
## Code Templates
Ready-to-use templates in `/templates/`:
| Template | Purpose |
|----------|---------|
| `custom-post-type.php` | CPT registration boilerplate |
| `taxonomy.php` | Custom taxonomy registration |
| `meta-box.php` | Admin meta box with save handling |
| `rest-api-endpoint.php` | Custom REST API endpoint |
| `plugin-skeleton/` | Complete plugin starter files |
## Usage Examples
### Create a Custom Post Type
Ask Claude:
- "Create a 'Property' custom post type for real estate"
- "Add a custom post type for team members with a photo field"
- "Register a 'Portfolio' CPT with custom taxonomies"
### Security Review
Ask Claude:
- "Review this form handler for security issues"
- "Check if this plugin follows WordPress security best practices"
- "Add proper sanitization and escaping to this code"
### Performance Optimization
Ask Claude:
- "Optimize this WP_Query for better performance"
- "Add caching to this expensive database operation"
- "Review asset loading for this theme"
## Code Generation
Use the scaffold script to generate boilerplate:
```bash
# Generate a custom post type
python3 /root/.claude/skills/wordpress-dev/scripts/scaffold.py \
--type cpt \
--name "Property" \
--slug "property" \
--output /path/to/theme/inc/
# Generate a custom taxonomy
python3 /root/.claude/skills/wordpress-dev/scripts/scaffold.py \
--type taxonomy \
--name "Property Type" \
--slug "property-type" \
--post-type "property" \
--output /path/to/theme/inc/
```
## WordPress 6.x / Block Theme Notes
### Full Site Editing (FSE)
For block themes (WordPress 6.0+):
```
theme/
├── theme.json # Global styles and settings
├── templates/ # Block templates (HTML)
│ ├── index.html
│ ├── single.html
│ └── page.html
├── parts/ # Block template parts
│ ├── header.html
│ └── footer.html
└── patterns/ # Block patterns
└── hero.php
```
### theme.json Best Practices
```json
{
"$schema": "https://schemas.wp.org/trunk/theme.json",
"version": 2,
"settings": {
"color": {
"palette": [
{"slug": "primary", "color": "#1a1a1a", "name": "Primary"}
]
},
"typography": {
"fontFamilies": [
{"fontFamily": "Inter, sans-serif", "slug": "body", "name": "Body"}
]
},
"spacing": {
"units": ["px", "rem", "%"]
}
}
}
```
## Common Patterns
### Safe Database Query
```php
global $wpdb;
$results = $wpdb->get_results(
$wpdb->prepare(
"SELECT * FROM {$wpdb->posts} WHERE post_type = %s AND post_status = %s",
'property',
'publish'
)
);
```
### AJAX Handler
```php
// Register AJAX action
add_action('wp_ajax_my_action', 'my_ajax_handler');
add_action('wp_ajax_nopriv_my_action', 'my_ajax_handler');
function my_ajax_handler() {
// Verify nonce
check_ajax_referer('my_nonce', 'security');
// Check capability
if (!current_user_can('edit_posts')) {
wp_send_json_error('Unauthorized', 403);
}
// Sanitize input
$data = sanitize_text_field($_POST['data']);
// Process and respond
wp_send_json_success(['message' => 'Done']);
}
```
### Enqueue Scripts Properly
```php
function theme_enqueue_assets() {
// CSS
wp_enqueue_style(
'theme-style',
get_stylesheet_uri(),
[],
filemtime(get_stylesheet_directory() . '/style.css')
);
// JS with dependencies
wp_enqueue_script(
'theme-main',
get_theme_file_uri('/assets/js/main.js'),
['jquery'],
filemtime(get_theme_file_path('/assets/js/main.js')),
true // In footer
);
// Localize for AJAX
wp_localize_script('theme-main', 'themeData', [
'ajaxUrl' => admin_url('admin-ajax.php'),
'nonce' => wp_create_nonce('theme_nonce'),
]);
}
add_action('wp_enqueue_scripts', 'theme_enqueue_assets');
```
## Related Skills
- **wordpress-admin**: Page/post management, WP-CLI, REST API
- **seo-optimizer**: Yoast/Rank Math audit and optimization
- **visual-qa**: Screenshot testing with animation handling
- **brand-guide**: Brand documentation generation
## Resources
- [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/)
- [Theme Developer Handbook](https://developer.wordpress.org/themes/)
- [Plugin Developer Handbook](https://developer.wordpress.org/plugins/)
- [Block Editor Handbook](https://developer.wordpress.org/block-editor/)
- [REST API Handbook](https://developer.wordpress.org/rest-api/)Related Skills
wordpress-woocommerce-development
WooCommerce store development workflow covering store setup, payment integration, shipping configuration, and customization.
wordpress-theme-development
WordPress theme development workflow covering theme architecture, template hierarchy, custom post types, block editor support, and responsive design.
wordpress-plugin-development
WordPress plugin development workflow covering plugin architecture, hooks, admin interfaces, REST API, and security best practices.
wordpress-penetration-testing
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
wordpress-admin
Full WordPress site management - create pages/posts, configure SEO (Yoast), upload media, manage settings. Use when creating content, setting up SEO, or managing any WordPress site.
WordPress Design System (WPDS)
## Prerequisites
WordPress Playground
## When to use
WordPress Router
## When to use
WordPress — The World's Most Popular CMS
You are an expert in WordPress, the open-source CMS powering 43% of the web. You help developers build websites, blogs, e-commerce stores, and web applications using WordPress block editor (Gutenberg), custom themes, plugins, REST API, WP-CLI, and headless WordPress — from simple blogs to complex multi-site enterprise platforms.
Daily Logs
Record the user's daily activities, progress, decisions, and learnings in a structured, chronological format.
Socratic Method: The Dialectic Engine
This skill transforms Claude into a Socratic agent — a cognitive partner who guides
Sokratische Methode: Die Dialektik-Maschine
Dieser Skill verwandelt Claude in einen sokratischen Agenten — einen kognitiven Partner, der Nutzende durch systematisches Fragen zur Wissensentdeckung führt, anstatt direkt zu instruieren.