PHPackages wp-coding-standards/wpcs - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Testing & Quality](/categories/testing) 4. / 5. wp-coding-standards/wpcs ActivePhpcodesniffer-standard[Testing & Quality](/categories/testing) wp-coding-standards/wpcs ======================== PHP\_CodeSniffer rules (sniffs) to enforce WordPress coding conventions 3.3.0(6mo ago)2.8k45.9M—7%518[223 issues](https://github.com/WordPress/WordPress-Coding-Standards/issues)[34 PRs](https://github.com/WordPress/WordPress-Coding-Standards/pulls)20MITPHPPHP >=7.2CI passing Since Dec 11Pushed 3d ago80 watchersCompare [ Source](https://github.com/WordPress/WordPress-Coding-Standards)[ Packagist](https://packagist.org/packages/wp-coding-standards/wpcs)[ Fund](https://opencollective.com/php_codesniffer)[ RSS](/packages/wp-coding-standards-wpcs/feed)WikiDiscussions develop Synced 1w ago READMEChangelog (10)Dependencies (8)Versions (67)Used By (20) [![Latest Stable Version](https://camo.githubusercontent.com/413bf96ff326ae39d92b8615f89297d5a5a0554c547533628f4ef9143942839f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f77702d636f64696e672d7374616e64617264732f777063733f6c6162656c3d737461626c65)](https://packagist.org/packages/wp-coding-standards/wpcs)[![Release Date of the Latest Version](https://camo.githubusercontent.com/d4b503db846e8ddeefca903e671f6bdd66ec5a776e1ca732898e450d0012084a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652d646174652f576f726450726573732f576f726450726573732d436f64696e672d5374616e64617264732e7376673f6d61784167653d31383030)](https://github.com/WordPress/WordPress-Coding-Standards/releases)🚧 [![Latest Unstable Version](https://camo.githubusercontent.com/36aaf6b5002a9c809356c5cef488554c466dd55b6d898f792039151ad2f2ee3c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f756e737461626c652d6465762d2d646576656c6f702d6536383731382e7376673f6d61784167653d32343139323030)](https://packagist.org/packages/wp-coding-standards/wpcs#dev-develop) [![Basic QA checks](https://github.com/WordPress/WordPress-Coding-Standards/actions/workflows/basic-qa.yml/badge.svg)](https://github.com/WordPress/WordPress-Coding-Standards/actions/workflows/basic-qa.yml)[![Unit Tests](https://github.com/WordPress/WordPress-Coding-Standards/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/WordPress/WordPress-Coding-Standards/actions/workflows/unit-tests.yml)[![codecov.io](https://camo.githubusercontent.com/ba251f0fa1243b436a4068c474619d0da7a04dfbcd49fa43cb324d352ab6a41c/68747470733a2f2f636f6465636f762e696f2f67682f576f726450726573732f576f726450726573732d436f64696e672d5374616e64617264732f67726170682f62616467652e7376673f746f6b656e3d557a46596e30527a5647266272616e63683d646576656c6f70)](https://codecov.io/gh/WordPress/WordPress-Coding-Standards?branch=develop) [![Minimum PHP Version](https://camo.githubusercontent.com/ef530100a794355ab7dafd0ea42cb502c7ce7de2619923f4e315a21c45bb72e3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f77702d636f64696e672d7374616e64617264732f777063732e7376673f6d61784167653d33363030)](https://packagist.org/packages/wp-coding-standards/wpcs)[![Tested on PHP 7.2 to 8.5](https://camo.githubusercontent.com/a8c822174a7f18dd86e51e5da44d410ae6607c4b77e95a65e27f6c4d121be444/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7465737465642532306f6e2d504850253230372e32253230253743253230372e33253230253743253230372e34253230253743253230382e30253230253743253230382e31253230253743253230382e32253230253743253230382e33253230253743253230382e34253230253743253230382e352d677265656e2e7376673f6d61784167653d32343139323030)](https://github.com/WordPress/WordPress-Coding-Standards/actions/workflows/unit-tests.yml) [![License: MIT](https://camo.githubusercontent.com/7d931d23fc0aaaa8d647951f453161f522650ba38a64c3922d3adf5fcdd3dbb0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f576f726450726573732f576f726450726573732d436f64696e672d5374616e6461726473)](https://github.com/WordPress/WordPress-Coding-Standards/blob/develop/LICENSE)[![Total Downloads](https://camo.githubusercontent.com/a2bc9ce33df9869c3f125b497b398a7fd251f56f3675f961ed5cd21cc225269f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f77702d636f64696e672d7374616e64617264732f77706373)](https://packagist.org/packages/wp-coding-standards/wpcs/stats) WordPress Coding Standards for PHP\_CodeSniffer =============================================== [](#wordpress-coding-standards-for-php_codesniffer) - [Introduction](#introduction) - [Minimum Requirements](#minimum-requirements) - [Installation](#installation) - [Composer Project-based Installation](#composer-project-based-installation) - [Composer Global Installation](#composer-global-installation) - [Updating your WordPressCS install to a newer version](#updating-your-wordpresscs-install-to-a-newer-version) - [Using your WordPressCS install](#using-your-wordpresscs-install) - [Rulesets](#rulesets) - [Standards subsets](#standards-subsets) - [Using a custom ruleset](#using-a-custom-ruleset) - [Customizing sniff behavior](#customizing-sniff-behavior) - [Recommended additional rulesets](#recommended-additional-rulesets) - [How to use](#how-to-use) - [Command line](#command-line) - [Using PHPCS and WordPressCS from within your IDE](#using-phpcs-and-wordpresscs-from-within-your-ide) - [Running your code through WordPressCS automatically using Continuous Integration tools](#running-your-code-through-wordpresscs-automatically-using-continuous-integration-tools) - [Fixing errors or ignoring them](#fixing-errors-or-ignoring-them) - [Tools shipped with WordPressCS](#tools-shipped-with-wordpresscs) - [Contributing](#contributing) - [Funding](#funding) - [License](#license) --- Introduction ------------ [](#introduction) This project is a collection of [PHP\_CodeSniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer) rules (sniffs) to validate code developed for WordPress. It ensures code quality and adherence to coding conventions, especially the official [WordPress Coding Standards](https://make.wordpress.org/core/handbook/best-practices/coding-standards/). **This project needs funding. [Find out how you can help](#funding).** Minimum Requirements -------------------- [](#minimum-requirements) The WordPress Coding Standards package requires: - PHP 7.2 or higher with the following extensions enabled: - [Filter](https://www.php.net/book.filter) - [libxml](https://www.php.net/book.libxml) - [Tokenizer](https://www.php.net/book.tokenizer) - [XMLReader](https://www.php.net/book.xmlreader) - [Composer](https://getcomposer.org/) For the best results, it is recommended to also ensure the following additional PHP extensions are enabled: - [iconv](https://www.php.net/book.iconv) - [Multibyte String](https://www.php.net/book.mbstring) Installation ------------ [](#installation) As of [WordPressCS 3.0.0](https://make.wordpress.org/core/2023/08/21/wordpresscs-3-0-0-is-now-available/), installation via Composer using the below instructions is the only supported type of installation. [Composer](https://getcomposer.org/) will automatically install the project dependencies and register the rulesets from WordPressCS and other external standards with PHP\_CodeSniffer using the [Composer PHPCS plugin](https://github.com/PHPCSStandards/composer-installer). > If you are upgrading from an older WordPressCS version to version 3.0.0, please read the [Upgrade guide for ruleset maintainers and end-users](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Upgrade-Guide-to-WordPressCS-3.0.0-for-ruleset-maintainers) first! ### Composer Project-based Installation [](#composer-project-based-installation) Run the following from the root of your project: ``` composer config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true composer require --dev wp-coding-standards/wpcs:"^3.0" ``` ### Composer Global Installation [](#composer-global-installation) Alternatively, you may want to install this standard globally: ``` composer global config allow-plugins.dealerdirect/phpcodesniffer-composer-installer true composer global require --dev wp-coding-standards/wpcs:"^3.0" ``` ### Updating your WordPressCS install to a newer version [](#updating-your-wordpresscs-install-to-a-newer-version) If you installed WordPressCS using either of the above commands, you can upgrade to a newer version as follows: ``` # Project local install composer update wp-coding-standards/wpcs --with-dependencies # Global install composer global update wp-coding-standards/wpcs --with-dependencies ``` ### Using your WordPressCS install [](#using-your-wordpresscs-install) Once you have installed WordPressCS using either of the above commands, use it as follows: ``` # Project local install vendor/bin/phpcs -ps . --standard=WordPress # Global install %USER_DIRECTORY%/Composer/vendor/bin/phpcs -ps . --standard=WordPress ``` > **Pro-tip**: For the convenience of using `phpcs` as a global command, use the *Global install* method and add the path to the `%USER_DIRECTORY%/Composer/vendor/bin` directory to the `PATH` environment variable for your operating system. Rulesets -------- [](#rulesets) ### Standards subsets [](#standards-subsets) The project encompasses a super-set of the sniffs that the WordPress community may need. If you use the `WordPress` standard you will get all the checks. You can use the following as standard names when invoking `phpcs` to select sniffs, fitting your needs: - `WordPress` - complete set with all of the sniffs in the project - `WordPress-Core` - main ruleset for [WordPress core coding standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/) - `WordPress-Docs` - additional ruleset for [WordPress inline documentation standards](https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/) - `WordPress-Extra` - extended ruleset with recommended best practices, not sufficiently covered in the WordPress core coding standards - includes `WordPress-Core` ### Using a custom ruleset [](#using-a-custom-ruleset) If you need to further customize the selection of sniffs for your project - you can create a custom ruleset file. When you name this file either `.phpcs.xml`, `phpcs.xml`, `.phpcs.xml.dist` or `phpcs.xml.dist`, PHP\_CodeSniffer will automatically locate it as long as it is placed in the directory from which you run the CodeSniffer or in a directory above it. If you follow these naming conventions you don't have to supply a `--standard` CLI argument. For more info, read about [using a default configuration file](https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki/Advanced-Usage#using-a-default-configuration-file). See also the provided WordPressCS [`phpcs.xml.dist.sample`](phpcs.xml.dist.sample) file and the [fully annotated example ruleset](https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki/Annotated-ruleset.xml) in the PHP\_CodeSniffer documentation. ### Customizing sniff behavior [](#customizing-sniff-behavior) The WordPress Coding Standard contains a number of sniffs which are configurable. This means that you can turn parts of the sniff on or off, or change the behavior by setting a property for the sniff in your custom `[.]phpcs.xml[.dist]` file. You can find a complete list of all the properties you can change for the WordPressCS sniffs in the [wiki](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Customizable-sniff-properties). WordPressCS also uses sniffs from PHPCSExtra and from PHP\_CodeSniffer itself. The [README for PHPCSExtra](https://github.com/PHPCSStandards/PHPCSExtra) contains information on the properties which can be set for the sniff from PHPCSExtra. Information on custom properties which can be set for sniffs from PHP\_CodeSniffer can be found in the [PHP\_CodeSniffer wiki](https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki/Customisable-Sniff-Properties). ### Recommended additional rulesets [](#recommended-additional-rulesets) #### PHPCompatibility [](#phpcompatibility) The [PHPCompatibility](https://github.com/PHPCompatibility/PHPCompatibility) ruleset and its subset [PHPCompatibilityWP](https://github.com/PHPCompatibility/PHPCompatibilityWP) come highly recommended. The [PHPCompatibility](https://github.com/PHPCompatibility/PHPCompatibility) sniffs are designed to analyze your code for cross-version PHP compatibility. The [PHPCompatibilityWP](https://github.com/PHPCompatibility/PHPCompatibilityWP) ruleset is based on PHPCompatibility, but specifically crafted to prevent false positives for projects which expect to run within the context of WordPress, i.e. core, plugins and themes. Install either as a separate ruleset and run it separately against your code or add it to your custom ruleset, like so: ``` *\.php$ ``` Whichever way you run it, do make sure you set the `testVersion` to run the sniffs against. The `testVersion` determines for which PHP versions you will receive compatibility information. The recommended setting for this at this moment is `7.2-` to support the same PHP versions as WordPress Core supports. For more information about setting the `testVersion`, see: - [PHPCompatibility: Sniffing your code for compatibility with specific PHP version(s)](https://github.com/PHPCompatibility/PHPCompatibility#sniffing-your-code-for-compatibility-with-specific-php-versions) - [PHPCompatibility: Using a custom ruleset](https://github.com/PHPCompatibility/PHPCompatibility#using-a-custom-ruleset) #### VariableAnalysis [](#variableanalysis) For some additional checks around (undefined/unused) variables, the [`VariableAnalysis`](https://github.com/sirbrillig/phpcs-variable-analysis/) standard is a handy addition. #### VIP Coding Standards [](#vip-coding-standards) For those projects which deploy to the WordPress VIP platform, it is recommended to also use the [official WordPress VIP coding standards](https://github.com/Automattic/VIP-Coding-Standards) ruleset. How to use ---------- [](#how-to-use) ### Command line [](#command-line) Run the `phpcs` command line tool on a given file or directory, for example: ``` vendor/bin/phpcs --standard=WordPress wp-load.php ``` Will result in following output: ``` -------------------------------------------------------------------------------- FOUND 6 ERRORS AND 4 WARNINGS AFFECTING 5 LINES -------------------------------------------------------------------------------- 36 | WARNING | error_reporting() can lead to full path disclosure. 36 | WARNING | error_reporting() found. Changing configuration values at | | runtime is strongly discouraged. 52 | WARNING | Silencing errors is strongly discouraged. Use proper error | | checking instead. Found: @file_exists( dirname(... 52 | WARNING | Silencing errors is strongly discouraged. Use proper error | | checking instead. Found: @file_exists( dirname(... 75 | ERROR | Overriding WordPress globals is prohibited. Found assignment | | to $path 78 | ERROR | Detected usage of a possibly undefined superglobal array | | index: $_SERVER['REQUEST_URI']. Use isset() or empty() to | | check the index exists before using it 78 | ERROR | $_SERVER['REQUEST_URI'] not unslashed before sanitization. Use | | wp_unslash() or similar 78 | ERROR | Detected usage of a non-sanitized input variable: | | $_SERVER['REQUEST_URI'] 104 | ERROR | All output should be run through an escaping function (see the | | Security sections in the WordPress Developer Handbooks), found | | '$die'. 104 | ERROR | All output should be run through an escaping function (see the | | Security sections in the WordPress Developer Handbooks), found | | '__'. -------------------------------------------------------------------------------- ``` ### Using PHPCS and WordPressCS from within your IDE [](#using-phpcs-and-wordpresscs-from-within-your-ide) The [wiki](https://github.com/WordPress/WordPress-Coding-Standards/wiki) contains links to various in- and external tutorials about setting up WordPressCS to work in your IDE. Running your code through WordPressCS automatically using Continuous Integration tools -------------------------------------------------------------------------------------- [](#running-your-code-through-wordpresscs-automatically-using-continuous-integration-tools) - [Running in GitHub Actions](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Running-in-GitHub-Actions) - [Running in Travis](https://github.com/WordPress/WordPress-Coding-Standards/wiki/Running-in-Travis) Fixing errors or ignoring them ------------------------------ [](#fixing-errors-or-ignoring-them) You can find information on how to deal with some of the more frequent issues in the [wiki](https://github.com/WordPress/WordPress-Coding-Standards/wiki). ### Tools shipped with WordPressCS [](#tools-shipped-with-wordpresscs) Since version 1.2.0, WordPressCS has a special sniff category `Utils`. This sniff category contains some tools which, generally speaking, will only be needed to be run once over a codebase and for which the fixers can be considered *risky*, i.e. very careful review by a developer is needed before accepting the fixes made by these sniffs. The sniffs in this category are disabled by default and can only be activated by adding some properties for each sniff via a custom ruleset. At this moment, WordPressCS offer the following tools: - `WordPress.Utils.I18nTextDomainFixer` - This sniff can replace the text domain used in a code-base. The sniff will fix the text domains in both I18n function calls as well as in a plugin/theme header. Passing the following properties will activate the sniff: - `old_text_domain`: an array with one or more (old) text domain names which need to be replaced; - `new_text_domain`: the correct (new) text domain as a string. Contributing ------------ [](#contributing) See [CONTRIBUTING](.github/CONTRIBUTING.md), including information about [unit testing](.github/CONTRIBUTING.md#unit-testing) the standard. Anyone contributing to the WordPress Coding Standards is expected to conduct themselves in accordance with the WordPress project's [Code of Conduct](https://github.com/WordPress/.github/blob/trunk/CODE_OF_CONDUCT.md). Funding ------- [](#funding) If you want to sponsor the work on WordPressCS, you can do so by donating to the [PHP\_CodeSniffer Open Collective](https://opencollective.com/php_codesniffer). License ------- [](#license) See [LICENSE](LICENSE) (MIT). ### Health Score 77 — ExcellentBetter than 100% of packages Maintenance83 Actively maintained with recent releases Popularity80 Widely adopted with strong download metrics Community66 Healthy contributor diversity Maturity73 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~133 days Recently: every ~206 days Total 31 Last Release 196d ago Major Versions 0.14.1 → 1.0.02018-07-25 1.2.1 → 2.0.0-RC12018-12-30 2.3.0 → 3.0.02023-08-21 PHP version history (3 changes)0.13.0PHP >=5.3 2.0.0-RC1PHP >=5.4 3.3.0PHP >=7.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/c276f443673da81d365a16828d46818ea4e3136f7ce05491abcc70f43c82fa4c?d=identicon)[jrfnl](/maintainers/jrfnl) ![](https://www.gravatar.com/avatar/ba7751eebec0f74a4963e9a062f49e58222b97872bf193d95f0505f3df321d09?d=identicon)[GaryJones](/maintainers/GaryJones) ![](https://avatars.githubusercontent.com/u/8638515?v=4)[Denis Žoljom](/maintainers/dingo-d)[@dingo-d](https://github.com/dingo-d) --- Top Contributors [![jrfnl](https://avatars.githubusercontent.com/u/663378?v=4)](https://github.com/jrfnl "jrfnl (1913 commits)")[![GaryJones](https://avatars.githubusercontent.com/u/88371?v=4)](https://github.com/GaryJones "GaryJones (557 commits)")[![JDGrimes](https://avatars.githubusercontent.com/u/4005415?v=4)](https://github.com/JDGrimes "JDGrimes (454 commits)")[![westonruter](https://avatars.githubusercontent.com/u/134745?v=4)](https://github.com/westonruter "westonruter (428 commits)")[![dingo-d](https://avatars.githubusercontent.com/u/8638515?v=4)](https://github.com/dingo-d "dingo-d (232 commits)")[![rodrigoprimo](https://avatars.githubusercontent.com/u/77215?v=4)](https://github.com/rodrigoprimo "rodrigoprimo (141 commits)")[![shadyvb](https://avatars.githubusercontent.com/u/451892?v=4)](https://github.com/shadyvb "shadyvb (98 commits)")[![NielsdeBlaauw](https://avatars.githubusercontent.com/u/661876?v=4)](https://github.com/NielsdeBlaauw "NielsdeBlaauw (27 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (26 commits)")[![Rarst](https://avatars.githubusercontent.com/u/737584?v=4)](https://github.com/Rarst "Rarst (25 commits)")[![tomjn](https://avatars.githubusercontent.com/u/58855?v=4)](https://github.com/tomjn "tomjn (19 commits)")[![mattyrob](https://avatars.githubusercontent.com/u/1280733?v=4)](https://github.com/mattyrob "mattyrob (18 commits)")[![mrchrisadams](https://avatars.githubusercontent.com/u/17906?v=4)](https://github.com/mrchrisadams "mrchrisadams (16 commits)")[![grappler](https://avatars.githubusercontent.com/u/1785641?v=4)](https://github.com/grappler "grappler (15 commits)")[![sandeshjangam](https://avatars.githubusercontent.com/u/15683894?v=4)](https://github.com/sandeshjangam "sandeshjangam (13 commits)")[![gedex](https://avatars.githubusercontent.com/u/78313?v=4)](https://github.com/gedex "gedex (13 commits)")[![ockham](https://avatars.githubusercontent.com/u/96308?v=4)](https://github.com/ockham "ockham (11 commits)")[![johnbillion](https://avatars.githubusercontent.com/u/208434?v=4)](https://github.com/johnbillion "johnbillion (10 commits)")[![ntwb](https://avatars.githubusercontent.com/u/1016458?v=4)](https://github.com/ntwb "ntwb (9 commits)")[![nyordanov](https://avatars.githubusercontent.com/u/192220?v=4)](https://github.com/nyordanov "nyordanov (6 commits)") --- Tags coding-conventionsphp-codesnifferphpcsrulesetwordpress-developmentwordpress-standardsstandardsphpcswordpressstatic analysis ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/wp-coding-standards-wpcs/health.svg) ``` [![Health](https://phpackages.com/badges/wp-coding-standards-wpcs/health.svg)](https://phpackages.com/packages/wp-coding-standards-wpcs) ``` ### Alternatives [phpcompatibility/phpcompatibility-wp A ruleset for PHP\_CodeSniffer to check for PHP cross-version compatibility issues in projects, while accounting for polyfills provided by WordPress. 22732.9M700](/packages/phpcompatibility-phpcompatibility-wp)[dealerdirect/phpcodesniffer-composer-installer PHP\_CodeSniffer Standards Composer Installer Plugin 598170.6M2.2k](/packages/dealerdirect-phpcodesniffer-composer-installer)[automattic/vipwpcs PHP\_CodeSniffer rules (sniffs) to enforce WordPress VIP minimum coding conventions 26110.9M179](/packages/automattic-vipwpcs)[phpcsstandards/phpcsextra A collection of sniffs and standards for use with PHP\_CodeSniffer. 10327.7M59](/packages/phpcsstandards-phpcsextra)[yoast/yoastcs PHP\_CodeSniffer rules for Yoast projects 221.2M33](/packages/yoast-yoastcs)[acquia/coding-standards PHP\_CodeSniffer rules (sniffs) for Acquia coding standards 234.9M33](/packages/acquia-coding-standards) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)