Download the PHP package wp-coding-standards/wpcs without Composer

On this page you can find all versions of the php package wp-coding-standards/wpcs. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Please rate this library. Is it a good library?

All versions of wpcs with dependencies

Informations about the package wpcs

WordPress Coding Standards for PHP_CodeSniffer


This project is a collection of PHP_CodeSniffer rules (sniffs) to validate code developed for WordPress. It ensures code quality and adherence to coding conventions, especially the official WordPress Coding Standards.

Project history



The WordPress Coding Standards require PHP 5.4 or higher and PHP_CodeSniffer version 3.3.1 or higher.


Standards can be installed with the Composer dependency manager:

composer create-project wp-coding-standards/wpcs --no-dev

Running this command will:

  1. Install WordPress standards into wpcs directory.
  2. Install PHP_CodeSniffer.
  3. Register WordPress standards in PHP_CodeSniffer configuration.
  4. Make phpcs command available from wpcs/vendor/bin.

For the convenience of using phpcs as a global command, you may want to add the path to the wpcs/vendor/bin directory to a PATH environment variable for your operating system.

Installing WPCS as a dependency

When installing the WordPress Coding Standards as a dependency in a larger project, the above mentioned step 3 will not be executed automatically.

There are two actively maintained Composer plugins which can handle the registration of standards with PHP_CodeSniffer for you:

It is strongly suggested to require one of these plugins in your project to handle the registration of external standards with PHPCS for you.


  1. Install PHP_CodeSniffer by following its installation instructions (via Composer, Phar file, PEAR, or Git checkout).

    Do ensure that PHP_CodeSniffer's version matches our VVV.

  2. Clone the WordPress standards repository:

    git clone -b master wpcs
  3. Add its path to the PHP_CodeSniffer configuration:

    phpcs --config-set installed_paths /path/to/wpcs

    Pro-tip: Alternatively, you can tell PHP_CodeSniffer the path to the WordPress standards by adding the following snippet to your custom ruleset:

To summarize:

And then add the ~/projects/phpcs/bin directory to your PATH environment variable via your .bashrc.

You should then see WordPress-Core et al listed when you run phpcs -i.


Standards subsets

The project encompasses a super-set of the sniffs that the WordPress community may need. If you use the WordPress standard you will get all the checks.

You can use the following as standard names when invoking phpcs to select sniffs, fitting your needs:

Note: The WPCS package used to include a WordPress-VIP ruleset and associated sniffs, prior to WPCS 2.0.0. The WordPress-VIP ruleset was originally intended to aid with the VIP coding requirements, but has been superseded. It is recommended to use the official VIP coding standards ruleset instead for checking code against the VIP platform requirements.

Using a custom ruleset

If you need to further customize the selection of sniffs for your project - you can create a custom ruleset file. When you name this file either .phpcs.xml, phpcs.xml, .phpcs.xml.dist or phpcs.xml.dist, PHP_CodeSniffer will automatically locate it as long as it is placed in the directory from which you run the CodeSniffer or in a directory above it. If you follow these naming conventions you don't have to supply a --standard arg. For more info, read about using a default configuration file. See also provided fully annotated example in the PHP_CodeSniffer documentation.

Customizing sniff behaviour

The WordPress Coding Standard contains a number of sniffs which are configurable. This means that you can turn parts of the sniff on or off, or change the behaviour by setting a property for the sniff in your custom .phpcs.xml.dist file.

You can find a complete list of all the properties you can change in the wiki.

Recommended additional rulesets

The PHPCompatibility ruleset and its subset PHPCompatibilityWP come highly recommended. The PHPCompatibility sniffs are designed to analyse your code for cross-PHP version compatibility.

The PHPCompatibilityWP ruleset is based on PHPCompatibility, but specifically crafted to prevent false positives for projects which expect to run within the context of WordPress, i.e. core, plugins and themes.

Install either as a separate ruleset and run it separately against your code or add it to your custom ruleset, like so:

Whichever way you run it, do make sure you set the testVersion to run the sniffs against. The testVersion determines for which PHP versions you will receive compatibility information. The recommended setting for this at this moment is 5.2- to support the same PHP versions as WordPress Core supports.

For more information about setting the testVersion, see:

How to use

Command line

Run the phpcs command line tool on a given file or directory, for example:

phpcs --standard=WordPress wp-load.php

Will result in following output:

 24 | WARNING | [ ] error_reporting() can lead to full path disclosure.
 24 | WARNING | [ ] error_reporting() found. Changing configuration at runtime is rarely
    |         |     necessary.
 37 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 39 | WARNING | [ ] Silencing errors is discouraged
 39 | WARNING | [ ] Silencing errors is discouraged
 42 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 46 | ERROR   | [ ] Inline comments must end in full-stops, exclamation marks, or
    |         |     question marks
 46 | ERROR   | [x] There must be no blank line following an inline comment
 49 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 54 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 63 | WARNING | [ ] Detected access of super global var $_SERVER, probably needs manual
    |         |     inspection.
 63 | ERROR   | [ ] Detected usage of a non-validated input variable: $_SERVER
 63 | ERROR   | [ ] Missing wp_unslash() before sanitization.
 63 | ERROR   | [ ] Detected usage of a non-sanitized input variable: $_SERVER
 69 | WARNING | [x] "require_once" is a statement not a function; no parentheses are
    |         |     required
 74 | ERROR   | [ ] Inline comments must end in full-stops, exclamation marks, or
    |         |     question marks
 92 | ERROR   | [ ] All output should be run through an escaping function (see the
    |         |     Security sections in the WordPress Developer Handbooks), found
    |         |     '$die'.
 92 | ERROR   | [ ] All output should be run through an escaping function (see the
    |         |     Security sections in the WordPress Developer Handbooks), found '__'.

Using PHPCS and WPCS from within your IDE

Running your code through WPCS automatically using CI tools

Travis CI

To integrate PHPCS with WPCS with Travis CI, you'll need to install both before_install and add the run command to the script. If your project uses Composer, the typical instructions might be different.

If you use a matrix setup in Travis to test your code against different PHP and/or WordPress versions, you don't need to run PHPCS on each variant of the matrix as the results will be same. You can set an environment variable in the Travis matrix to only run the sniffs against one setup in the matrix.

Travis CI example

More examples and advice about integrating PHPCS in your Travis build tests can be found here:

Fixing errors or ignoring them

You can find information on how to deal with some of the more frequent issues in the wiki.

Tools shipped with WPCS

Since version 1.2.0, WPCS has a special sniff category Utils.

This sniff category contains some tools which, generally speaking, will only be needed to be run once over a codebase and for which the fixers can be considered risky, i.e. very careful review by a developer is needed before accepting the fixes made by these sniffs.

The sniffs in this category are disabled by default and can only be activated by adding some properties for each sniff via a custom ruleset.

At this moment, WPCS offer the following tools:


See unit testing the standard.



Requires php Version >=5.4
squizlabs/php_codesniffer Version ^3.3.1

The package wp-coding-standards/wpcs contains the following files

Loading the files please wait ....