The WordPress coding standards document provides guidelines for collaboration and code quality within the WordPress project. It recommends keeping WordPress, themes, and plugins updated to fix security issues and bugs. It also suggests using excerpts on archive pages to improve loading speed, splitting comments into pages for posts with many comments, and using optimized themes and slider plugins. Maintaining backups, testing changes, and quickly applying core updates are also emphasized for website security and reliability.
1. WordPress Coding Standards.
The purpose of the WordPress coding standards document istocreate abaseline for collaboration andreview within various aspects of the HTML
project andthis document will helpdevelopers tounderstand howhe/she canwrite better code, sothat other developers canbetter understand it.
Do’s
Keep Your WordPress Site Updated:
Asawell maintained open source project, WordPress isupdated
frequently. Eachupdate will not onlyoffer newfeatures, but alsofix
security issuesand bugs. Your WordPress theme andplugins may
have regular updates, too. Asawebsite owner, it’syour responsibility
tokeep your WordPress site, theme, andplugins updated tothe latest
versions. Not doing somay makeyour siteslowand unreliable, and
make you vulnerable tosecurity threats.
Use Excerpts on Homepage and Archives:
Bydefault, WordPress displays the fullcontent of eacharticle onyour
homepage andarchives. This meansyour homepage, categories, tags,
andother archive pages willallloadslower. Inorder tospeed upyour
loading timesfor archive pages, youcanset your site todisplay
excerpts insteadof the full content.
.
Split Comments into Pages:
Getting lots of comments onyour blog posts? Congratulations! That’s
agreat indicator of anengaged audience. But the downside is,loading
allthose comments canimpact your site’s speed. WordPress comes
with abuilt-in solution for that. SimplygotoSettings »Discussion and
check the box next tothe “Break comments intopages” option.
Use a Theme Optimized for Speed:
Whenselecting aWordPress theme for your website, it’simportant to
payspecial attention tospeed optimization. Some beautiful and
impressive-looking themes areactually poorly coded andcanslow
your site waydown.
Use a Faster Slider Plugin:
Sliders are another common webdesignelement that canmake your
website slow. Evenifyour imagesarealloptimized asdescribed
above, apoorly coded slider plugin willmeanallyour work iswasted.
Wecompared the best WordPress slider plugins for performance and
features, and Soliloquy was the fastest byfar.
Reduce External HTTP Requests:
Many WordPress plugins andthemes load allkinds of filesfrom
other websites. These filescaninclude scripts, stylesheets, andimages
from external resources like Google, Facebook, analytics services, and
soon.
Employ a robust backup strategy and disaster
mitigation plan:
The worst canhappen toeventhe mostseasoned ITteamsinthe
most robust data centers. Ensure WordPress installations arebacked
upoff -site,on schedule, andoptionally, inanencrypted fashion.
Going astepfurther andhaving asecondary andtertiary backup site
gives extra reassurance that alldata will be stored safelyandretrieval
will be possible when needed. For user-friendly, off-site backups,
VaultPress isagreat tool.
Enforce a strong “Dev/Staging to Production”
process:
The importance of aregimented process for moving development
work from testing/staging toproduction can’t be highlighted enough.
Pushing untested changes directly toproduction canhave disastrous
results. Encourage teamstotest andtest often instaging andthey
should be able todosopainlessly withtools built for them.
Make WordPress core code updates quickly:
Keeping “core” up-to-date isincredibly important for security. Un-
patched core installations are oftenaprimary attack vector since
manyof the WordPress updates andpatches are designed to
improve security. Using atool like WP Updates Notifier canhelp
organizations stayontop ofimportant updates tothe WordPress
core. It’s important toalways watch for updates andtomake them as
soon aspossible.
Proactively upgrade plugins and themes as new
versions become available:
Along with outdated core WordPress components (aslistedabove),
out-of-date plugins andthemes are among the most easily
compromised components ofaWordPress installation, particularly
due toalackof current patching.
Enforce strong passwords:
Weakpasswords areone of the easiestways tofallvictim tobrute
force or “dictionary” attacks. Itisimperative toensure allusers use
strong passwords. Aneasywaytoachieve this isbyenforcing use of
the “Force Strong Passwords” plugin
Prevent sniffed login attempts:
Securing the wp-login.php andwp-admin areas ofaWordPress
installation with anSSL certificate and/or VPNsolution cangreatly
reduce sniffedloginattempts. Additionally, utilizing aloginsolution
basedon directory services such asGoogle Apps Authentication,
LDAP, or SAML isanimportant stepinadding security tothe login
process. Agreat pluginfor Google Apps Authentication is:Google
Apps Login.
Remove the “admin” account:
The “admin” account isadefault account onevery WordPress
installation. If the “admin” account iskept active andnot disabled or
removed, halfof the puzzle isalready solved for anattacker.
Ensure proper file permissions, isolate sites, and
decouple databases:
Whenrunning multiple WordPress installations for different
stakeholders inanenvironment, remember these sitesshould be
isolated from eachother. Should one customer’s filesystem become
compromised, there shouldn’t be easyaccess toanother customer’s
data. Keeping careful tabs onproper filepermissions iscritical in bring
your closer tobeing like that infallible developer we’d alllove tobe..
Don’ts
Don't loadscripts ifthey arenot required.
Don't deploy unnecessary files andsettings toproduction
servers.
Don't stickwith the default "wp_" table prefixes. (Change
the database prefix tosomething unusual.)
Don't install WordPress inthe /WordPress subdirectory.
Don’t reuse anexisting database user for the WordPress
database.
2. Don’t use the default ‘admin’ username. (Useaunique,
private username).
Don't forget toenable SEO.
Don’t use too manycategories.
Don’t leave your website without abackup.