PHPackages apermo/phpstan-wordpress-rules - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. apermo/phpstan-wordpress-rules ActivePhpstan-extension[Testing & Quality](/categories/testing) apermo/phpstan-wordpress-rules ============================== Custom PHPStan rules for WordPress projects by Apermo. v0.3.0(2mo ago)0214[15 issues](https://github.com/apermo/apermo-phpstan-wordpress-rules/issues)[2 PRs](https://github.com/apermo/apermo-phpstan-wordpress-rules/pulls)4MITPHPPHP >=8.1CI passing Since Feb 23Pushed 2mo agoCompare [ Source](https://github.com/apermo/apermo-phpstan-wordpress-rules)[ Packagist](https://packagist.org/packages/apermo/phpstan-wordpress-rules)[ Docs](https://github.com/apermo/apermo-phpstan-wordpress-rules)[ RSS](/packages/apermo-phpstan-wordpress-rules/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (13)Versions (8)Used By (4) Apermo PHPStan WordPress Rules ============================== [](#apermo-phpstan-wordpress-rules) [![CI](https://github.com/apermo/apermo-phpstan-wordpress-rules/actions/workflows/ci.yml/badge.svg)](https://github.com/apermo/apermo-phpstan-wordpress-rules/actions/workflows/ci.yml)[![codecov](https://camo.githubusercontent.com/d5740b517056b25cd056a162124bb84a8c230f27bea79670f700f3124ff31e51/68747470733a2f2f636f6465636f762e696f2f67682f617065726d6f2f617065726d6f2d7068707374616e2d776f726470726573732d72756c65732f6272616e63682f6d61696e2f67726170682f62616467652e737667)](https://codecov.io/gh/apermo/apermo-phpstan-wordpress-rules)[![License: MIT](https://camo.githubusercontent.com/08cef40a9105b6526ca22088bc514fbfdbc9aac1ddbf8d4e6c750e3a88a44dca/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d626c75652e737667)](LICENSE) Custom PHPStan rules for WordPress projects. Provides a unified static analysis configuration and custom rules across all Apermo projects. Requirements ------------ [](#requirements) - PHP 8.1+ - PHPStan 2.0+ Installation ------------ [](#installation) ``` composer require --dev apermo/phpstan-wordpress-rules ``` If you use [phpstan/extension-installer](https://github.com/phpstan/extension-installer), the rules are registered automatically. ### Manual Registration [](#manual-registration) Add to your `phpstan.neon`: ``` includes: - vendor/apermo/phpstan-wordpress-rules/rules.neon ``` What's Included --------------- [](#whats-included) ### Bundled Extensions [](#bundled-extensions) This package automatically includes: - [phpstan-strict-rules](https://github.com/phpstan/phpstan-strict-rules) - [phpstan-deprecation-rules](https://github.com/phpstan/phpstan-deprecation-rules) - [phpstan-wordpress](https://github.com/szepeviktor/phpstan-wordpress) - [phpstan-no-private](https://github.com/swissspidy/phpstan-no-private) ### Custom Rules [](#custom-rules) RuleCategoryWhat it detectsDisallowQueryPostsRulewp-api`query_posts()` usagePostTypeNameLengthRulewp-api`register_post_type()` name > 20 charsTaxonomyNameLengthRulewp-api`register_taxonomy()` name > 32 charsTransientExpirationRulewp-api`set_transient()` without expirationRemoteRequestTimeoutRulewp-api`wp_remote_*` without explicit timeoutPreSerializedDataRuledata-integrityPre-serialized data in WP storage functionsPreEncodedJsonDataRuledata-integrityPre-encoded JSON in WP storage functionsNoDynamicCodeExecutionRulesecurity`create_function()`, `assert()` with string, `preg_replace()` with `/e`NoEvalRulesecurity`eval()` usageUnsafeUnserializeRulesecurity`unserialize()` without `allowed_classes`NoHtmlDomParsingRulecode-quality`DOMDocument::loadHTML`, tidy functions, `Masterminds\HTML5`NoConcatenationInTranslationRulei18nString concatenation inside `__()`, `_e()`, etc.NoBlanketSuppressionRulecode-quality`phpcs:disable`/`phpcs:ignore`/`@phpstan-ignore` without specific rulesDevelopment ----------- [](#development) ### Setup [](#setup) ``` composer install ``` ### Running Tests [](#running-tests) ``` composer test ``` ### Static Analysis [](#static-analysis) ``` composer analyse ``` ### Coding Standards [](#coding-standards) ``` composer cs ``` License ------- [](#license) MIT — see [LICENSE](LICENSE) for details. ### Health Score 39 — LowBetter than 86% of packages Maintenance86 Actively maintained with recent releases Popularity16 Limited adoption so far Community11 Small or concentrated contributor base Maturity37 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 7 Last Release 72d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/910b8010a35a86821d0b90d645374f5ae484513f2c195818e4c54bc0175d12e1?d=identicon)[apermo](/maintainers/apermo) --- Top Contributors [![apermo](https://avatars.githubusercontent.com/u/4695889?v=4)](https://github.com/apermo "apermo (28 commits)") --- Tags PHPStanwordpressstatic analysiscustom-rules ### Code Quality TestsPHPUnit Type Coverage Yes ### Embed Badge ![Health badge](/badges/apermo-phpstan-wordpress-rules/health.svg) ``` [![Health](https://phpackages.com/badges/apermo-phpstan-wordpress-rules/health.svg)](https://phpackages.com/packages/apermo-phpstan-wordpress-rules) ``` ### Alternatives [larastan/larastan Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel 6.4k43.5M5.2k](/packages/larastan-larastan)[wp-cli/wp-cli-tests WP-CLI testing framework 422.7M87](/packages/wp-cli-wp-cli-tests)[szepeviktor/phpstan-wordpress WordPress extensions for PHPStan 3287.8M898](/packages/szepeviktor-phpstan-wordpress)[ekino/phpstan-banned-code Detected banned code using PHPStan 2925.6M92](/packages/ekino-phpstan-banned-code)[shipmonk/dead-code-detector Dead code detector to find unused PHP code via PHPStan extension. Can automatically remove dead PHP code. Supports libraries like Symfony, Doctrine, PHPUnit etc. Detects dead cycles. Can detect dead code that is tested. 3462.2M52](/packages/shipmonk-dead-code-detector)[staabm/phpstan-dba 2912.3M2](/packages/staabm-phpstan-dba) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)