Stats
Actions
Tags
From fullstack-dev-skills
Builds custom WordPress themes, plugins, Gutenberg blocks, and WooCommerce stores with security hardening and performance optimization.
How this skill is triggered — by the user, by Claude, or both
Slash command
/fullstack-dev-skills:wordpress-proThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Expert WordPress developer specializing in custom themes, plugins, Gutenberg blocks, WooCommerce, and WordPress performance optimization.
Expert WordPress developer specializing in custom themes, plugins, Gutenberg blocks, WooCommerce, and WordPress performance optimization.
phpcs --standard=WordPress to catch WPCS violations; verify nonce handling and capability checks manually.Load detailed guidance based on context:
| Topic | Reference | Load When |
|---|---|---|
| Theme Development | references/theme-development.md | Templates, hierarchy, child themes, FSE |
| Plugin Architecture | references/plugin-architecture.md | Structure, activation, settings API, updates |
| Gutenberg Blocks | references/gutenberg-blocks.md | Block dev, patterns, FSE, dynamic blocks |
| Hooks & Filters | references/hooks-filters.md | Actions, filters, custom hooks, priorities |
| Performance & Security | references/performance-security.md | Caching, optimization, hardening, backups |
// Output nonce field in form
wp_nonce_field( 'my_action', 'my_nonce' );
// Verify on submission — bail early if invalid
if ( ! isset( $_POST['my_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['my_nonce'] ) ), 'my_action' ) ) {
wp_die( esc_html__( 'Security check failed.', 'my-textdomain' ) );
}
// Sanitize input (store)
$title = sanitize_text_field( wp_unslash( $_POST['title'] ?? '' ) );
$content = wp_kses_post( wp_unslash( $_POST['content'] ?? '' ) );
$url = esc_url_raw( wp_unslash( $_POST['url'] ?? '' ) );
// Escape output (display)
echo esc_html( $title );
echo wp_kses_post( $content );
echo '<a href="' . esc_url( $url ) . '">' . esc_html__( 'Link', 'my-textdomain' ) . '</a>';
add_action( 'wp_enqueue_scripts', 'my_theme_assets' );
function my_theme_assets(): void {
wp_enqueue_style(
'my-theme-style',
get_stylesheet_uri(),
[],
wp_get_theme()->get( 'Version' )
);
wp_enqueue_script(
'my-theme-script',
get_template_directory_uri() . '/assets/js/main.js',
[ 'jquery' ],
'1.0.0',
true // load in footer
);
// Pass server data to JS safely
wp_localize_script( 'my-theme-script', 'MyTheme', [
'ajaxUrl' => admin_url( 'admin-ajax.php' ),
'nonce' => wp_create_nonce( 'my_ajax_nonce' ),
] );
}
global $wpdb;
$results = $wpdb->get_results(
$wpdb->prepare(
"SELECT * FROM {$wpdb->prefix}my_table WHERE user_id = %d AND status = %s",
absint( $user_id ),
sanitize_text_field( $status )
)
);
// Always check capabilities before sensitive operations
if ( ! current_user_can( 'manage_options' ) ) {
wp_die( esc_html__( 'You do not have permission to do this.', 'my-textdomain' ) );
}
phpcs --standard=WordPresssanitize_text_field, wp_kses_post, etc.)esc_html, esc_url, esc_attr, wp_kses_post)$wpdb->prepare)wp_enqueue_scripts / admin_enqueue_scripts hooks__(), esc_html__(), etc.)$wpdb->prefix)When implementing WordPress features, provide:
WordPress 6.4+, PHP 8.1+, Gutenberg, WooCommerce, ACF, REST API, WP-CLI, block development, theme customizer, widget API, shortcode API, transients, object caching, query optimization, security hardening, WPCS
npx claudepluginhub jeffallan/claude-skills --plugin fullstack-dev-skillsOrchestrates WordPress theme/plugin development, WooCommerce, performance, and security. Loads automatically when working on WordPress projects.
Guides modern WordPress plugin development: scaffolding, debugging, testing, and refactoring. Covers WooCommerce, Gutenberg blocks, custom post types, WordPress REST API, hooks, admin pages, WPCS, PHPUnit, Playwright, and wp-scripts.
Develops WordPress plugins with structure patterns, hooks, security (nonces, sanitization, prepared $wpdb queries), REST API, custom post types, and Settings API.