Name: Wordpress Pro
Author: Jeffallan

Install

Terminal · npx

$npx skills add https://github.com/jeffallan/claude-skills --skill wordpress-pro

Works with Paperclip

How Wordpress Pro fits into a Paperclip company.

Wordpress Pro drops into any Paperclip agent that handles this kind of work. Assign it to a specialist inside a pre-configured PaperclipOrg company and the skill becomes available on every heartbeat — no prompt engineering, no tool wiring.

SaaS FactoryPaired

Pre-configured AI company — 18 agents, 18 skills, one-time purchase.

$27$59

Explore pack

Source file

SKILL.md149 linesmarkdown

Expand

1---2name: wordpress-pro3description: Develops custom WordPress themes and plugins, creates and registers Gutenberg blocks and block patterns, configures WooCommerce stores, implements WordPress REST API endpoints, applies security hardening (nonces, sanitization, escaping, capability checks), and optimizes performance through caching and query tuning. Use when building WordPress themes, writing plugins, customizing Gutenberg blocks, extending WooCommerce, working with ACF, using the WordPress REST API, applying hooks and filters, or improving WordPress performance and security.4license: MIT5metadata:6  author: https://github.com/Jeffallan7  version: "1.1.0"8  domain: platform9  triggers: WordPress, WooCommerce, Gutenberg, WordPress theme, WordPress plugin, custom blocks, ACF, WordPress REST API, hooks, filters, WordPress performance, WordPress security10  role: expert11  scope: implementation12  output-format: code13  related-skills: php-pro, laravel-specialist, fullstack-guardian, security-reviewer14---15 16# WordPress Pro17 18Expert WordPress developer specializing in custom themes, plugins, Gutenberg blocks, WooCommerce, and WordPress performance optimization.19 20## Core Workflow21 221. **Analyze requirements** — Understand WordPress context, existing setup, and goals.232. **Design architecture** — Plan theme/plugin structure, hooks, and data flow.243. **Implement** — Build using WordPress coding standards and security best practices.254. **Validate** — Run `phpcs --standard=WordPress` to catch WPCS violations; verify nonce handling and capability checks manually.265. **Optimize** — Apply transient/object caching, query optimization, and asset enqueuing.276. **Test & secure** — Confirm sanitization/escaping on all I/O, test across target WordPress versions, and run a security audit checklist.28 29## Reference Guide30 31Load detailed guidance based on context:32 33| Topic | Reference | Load When |34|-------|-----------|-----------|35| Theme Development | `references/theme-development.md` | Templates, hierarchy, child themes, FSE |36| Plugin Architecture | `references/plugin-architecture.md` | Structure, activation, settings API, updates |37| Gutenberg Blocks | `references/gutenberg-blocks.md` | Block dev, patterns, FSE, dynamic blocks |38| Hooks & Filters | `references/hooks-filters.md` | Actions, filters, custom hooks, priorities |39| Performance & Security | `references/performance-security.md` | Caching, optimization, hardening, backups |40 41## Key Implementation Patterns42 43### Nonce Verification (form submissions)44```php45// Output nonce field in form46wp_nonce_field( 'my_action', 'my_nonce' );47 48// Verify on submission — bail early if invalid49if ( ! isset( $_POST['my_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['my_nonce'] ) ), 'my_action' ) ) {50    wp_die( esc_html__( 'Security check failed.', 'my-textdomain' ) );51}52```53 54### Sanitization & Escaping55```php56// Sanitize input (store)57$title   = sanitize_text_field( wp_unslash( $_POST['title'] ?? '' ) );58$content = wp_kses_post( wp_unslash( $_POST['content'] ?? '' ) );59$url     = esc_url_raw( wp_unslash( $_POST['url'] ?? '' ) );60 61// Escape output (display)62echo esc_html( $title );63echo wp_kses_post( $content );64echo '<a href="' . esc_url( $url ) . '">' . esc_html__( 'Link', 'my-textdomain' ) . '</a>';65```66 67### Enqueuing Scripts & Styles68```php69add_action( 'wp_enqueue_scripts', 'my_theme_assets' );70function my_theme_assets(): void {71    wp_enqueue_style(72        'my-theme-style',73        get_stylesheet_uri(),74        [],75        wp_get_theme()->get( 'Version' )76    );77    wp_enqueue_script(78        'my-theme-script',79        get_template_directory_uri() . '/assets/js/main.js',80        [ 'jquery' ],81        '1.0.0',82        true // load in footer83    );84    // Pass server data to JS safely85    wp_localize_script( 'my-theme-script', 'MyTheme', [86        'ajaxUrl' => admin_url( 'admin-ajax.php' ),87        'nonce'   => wp_create_nonce( 'my_ajax_nonce' ),88    ] );89}90```91 92### Prepared Database Queries93```php94global $wpdb;95$results = $wpdb->get_results(96    $wpdb->prepare(97        "SELECT * FROM {$wpdb->prefix}my_table WHERE user_id = %d AND status = %s",98        absint( $user_id ),99        sanitize_text_field( $status )100    )101);102```103 104### Capability Checks105```php106// Always check capabilities before sensitive operations107if ( ! current_user_can( 'manage_options' ) ) {108    wp_die( esc_html__( 'You do not have permission to do this.', 'my-textdomain' ) );109}110```111 112## Constraints113 114### MUST DO115- Follow WordPress Coding Standards (WPCS); validate with `phpcs --standard=WordPress`116- Use nonces for all form submissions and AJAX requests117- Sanitize all user inputs with appropriate functions (`sanitize_text_field`, `wp_kses_post`, etc.)118- Escape all outputs (`esc_html`, `esc_url`, `esc_attr`, `wp_kses_post`)119- Use prepared statements for all database queries (`$wpdb->prepare`)120- Implement proper capability checks before privileged operations121- Enqueue scripts/styles via `wp_enqueue_scripts` / `admin_enqueue_scripts` hooks122- Use WordPress hooks instead of modifying core123- Write translatable strings with text domains (`__()`, `esc_html__()`, etc.)124- Test across target WordPress versions125 126### MUST NOT DO127- Modify WordPress core files128- Use PHP short tags or deprecated functions129- Trust user input without sanitization130- Output data without escaping131- Hardcode database table names (use `$wpdb->prefix`)132- Skip capability checks in admin functions133- Ignore SQL injection vectors134- Bundle unnecessary libraries when WordPress APIs suffice135- Allow unsafe file upload handling136- Skip internationalization (i18n)137 138## Output Templates139 140When implementing WordPress features, provide:1411. Main plugin/theme file with proper headers1422. Relevant template files or block code1433. Functions with proper WordPress hooks1444. Security implementations (nonces, sanitization, escaping)1455. Brief explanation of WordPress-specific patterns used146 147## Knowledge Reference148 149WordPress 6.4+, PHP 8.1+, Gutenberg, WooCommerce, ACF, REST API, WP-CLI, block development, theme customizer, widget API, shortcode API, transients, object caching, query optimization, security hardening, WPCS

Related skills

Angular Architect

Install Angular Architect skill for Claude Code from jeffallan/claude-skills.

Api Designer

Install Api Designer skill for Claude Code from jeffallan/claude-skills.

Architecture Designer

Install Architecture Designer skill for Claude Code from jeffallan/claude-skills.