PHPackages                             apermo/phpstan-wordpress-rules - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Testing &amp; Quality](/categories/testing)
4. /
5. apermo/phpstan-wordpress-rules

ActivePhpstan-extension[Testing &amp; Quality](/categories/testing)

apermo/phpstan-wordpress-rules
==============================

Custom PHPStan rules for WordPress projects by Apermo.

v0.3.0(3mo ago)0962[17 issues](https://github.com/apermo/apermo-phpstan-wordpress-rules/issues)[3 PRs](https://github.com/apermo/apermo-phpstan-wordpress-rules/pulls)7MITPHPPHP &gt;=8.1CI passing

Since Feb 23Pushed 3w agoCompare

[ Source](https://github.com/apermo/apermo-phpstan-wordpress-rules)[ Packagist](https://packagist.org/packages/apermo/phpstan-wordpress-rules)[ Docs](https://github.com/apermo/apermo-phpstan-wordpress-rules)[ RSS](/packages/apermo-phpstan-wordpress-rules/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (3)Dependencies (13)Versions (9)Used By (7)

Apermo PHPStan WordPress Rules
==============================

[](#apermo-phpstan-wordpress-rules)

[![CI](https://github.com/apermo/apermo-phpstan-wordpress-rules/actions/workflows/ci.yml/badge.svg)](https://github.com/apermo/apermo-phpstan-wordpress-rules/actions/workflows/ci.yml)[![codecov](https://camo.githubusercontent.com/d5740b517056b25cd056a162124bb84a8c230f27bea79670f700f3124ff31e51/68747470733a2f2f636f6465636f762e696f2f67682f617065726d6f2f617065726d6f2d7068707374616e2d776f726470726573732d72756c65732f6272616e63682f6d61696e2f67726170682f62616467652e737667)](https://codecov.io/gh/apermo/apermo-phpstan-wordpress-rules)[![License: MIT](https://camo.githubusercontent.com/08cef40a9105b6526ca22088bc514fbfdbc9aac1ddbf8d4e6c750e3a88a44dca/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d626c75652e737667)](LICENSE)

Custom PHPStan rules for WordPress projects. Provides a unified static analysis configuration and custom rules across all Apermo projects.

Requirements
------------

[](#requirements)

- PHP 8.1+
- PHPStan 2.0+

Installation
------------

[](#installation)

```
composer require --dev apermo/phpstan-wordpress-rules
```

If you use [phpstan/extension-installer](https://github.com/phpstan/extension-installer), the rules are registered automatically.

### Manual Registration

[](#manual-registration)

Add to your `phpstan.neon`:

```
includes:
    - vendor/apermo/phpstan-wordpress-rules/rules.neon
```

What's Included
---------------

[](#whats-included)

### Bundled Extensions

[](#bundled-extensions)

This package automatically includes:

- [phpstan-strict-rules](https://github.com/phpstan/phpstan-strict-rules)
- [phpstan-deprecation-rules](https://github.com/phpstan/phpstan-deprecation-rules)
- [phpstan-wordpress](https://github.com/szepeviktor/phpstan-wordpress)
- [phpstan-no-private](https://github.com/swissspidy/phpstan-no-private)

### Custom Rules

[](#custom-rules)

RuleCategoryWhat it detectsDisallowQueryPostsRulewp-api`query_posts()` usagePostTypeNameLengthRulewp-api`register_post_type()` name &gt; 20 charsTaxonomyNameLengthRulewp-api`register_taxonomy()` name &gt; 32 charsTransientExpirationRulewp-api`set_transient()` without expirationRemoteRequestTimeoutRulewp-api`wp_remote_*` without explicit timeoutPreSerializedDataRuledata-integrityPre-serialized data in WP storage functionsPreEncodedJsonDataRuledata-integrityPre-encoded JSON in WP storage functionsNoDynamicCodeExecutionRulesecurity`create_function()`, `assert()` with string, `preg_replace()` with `/e`NoEvalRulesecurity`eval()` usageUnsafeUnserializeRulesecurity`unserialize()` without `allowed_classes`NoHtmlDomParsingRulecode-quality`DOMDocument::loadHTML`, tidy functions, `Masterminds\HTML5`NoConcatenationInTranslationRulei18nString concatenation inside `__()`, `_e()`, etc.NoBlanketSuppressionRulecode-quality`phpcs:disable`/`phpcs:ignore`/`@phpstan-ignore` without specific rulesDevelopment
-----------

[](#development)

### Setup

[](#setup)

```
composer install
```

### Running Tests

[](#running-tests)

```
composer test
```

### Static Analysis

[](#static-analysis)

```
composer analyse
```

### Coding Standards

[](#coding-standards)

```
composer cs
```

License
-------

[](#license)

MIT — see [LICENSE](LICENSE) for details.

###  Health Score

41

—

FairBetter than 87% of packages

Maintenance87

Actively maintained with recent releases

Popularity19

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity38

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~2 days

Total

7

Last Release

118d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/910b8010a35a86821d0b90d645374f5ae484513f2c195818e4c54bc0175d12e1?d=identicon)[apermo](/maintainers/apermo)

---

Top Contributors

[![apermo](https://avatars.githubusercontent.com/u/4695889?v=4)](https://github.com/apermo "apermo (28 commits)")

---

Tags

PHPStanwordpressstatic analysiscustom-rules

###  Code Quality

TestsPHPUnit

Type Coverage Yes

### Embed Badge

![Health badge](/badges/apermo-phpstan-wordpress-rules/health.svg)

```
[![Health](https://phpackages.com/badges/apermo-phpstan-wordpress-rules/health.svg)](https://phpackages.com/packages/apermo-phpstan-wordpress-rules)
```

###  Alternatives

[wp-cli/wp-cli-tests

WP-CLI testing framework

423.1M142](/packages/wp-cli-wp-cli-tests)[larastan/larastan

Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel

6.5k55.4M8.4k](/packages/larastan-larastan)[phpstan/phpstan-symfony

Symfony Framework extensions and rules for PHPStan

79475.7M2.2k](/packages/phpstan-phpstan-symfony)[shipmonk/dead-code-detector

Dead code detector to find unused PHP code via PHPStan extension. Can automatically remove dead PHP code. Supports libraries like Symfony, Doctrine, PHPUnit etc. Detects dead cycles. Can detect dead code that is tested.

4853.5M91](/packages/shipmonk-dead-code-detector)[phpstan/phpstan-doctrine

Doctrine extensions for PHPStan

67272.8M1.4k](/packages/phpstan-phpstan-doctrine)[szepeviktor/phpstan-wordpress

WordPress extensions for PHPStan

33110.3M1.4k](/packages/szepeviktor-phpstan-wordpress)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
