WordPress PHP Code Review Tools

    Sumit Pore
Listen to this article


Programming languages form the building blocks of any information technology. They are volatile in nature; a single error can render thousands of lines of code obsolete. However, erroneous codes are not the only problem, code quality is also of utmost importance. A desired output can be programmed in any number of ways. Which of those works the best is for the programmer to determine.

As a senior software engineer, one of my duties is ensuring that the code moving out from WisdmLabs is top notch and free from glitches. We’re a hybrid company; we develop products and also offer web services and solutions. Good for me, I get a chance to review code from both ends. The task isn’t easy, but I’m always up for challenges that push me to my limits. It’s a bug life. 😉

The process involves focusing on the following 4 pain points:

  1. Redundancy
  2. WordPress Coding Standards
  3. Impact of Code on Memory
  4. Loops and Logic used in the Code

Let’s take a look at these in detail:

1. Redundancy

Using the same code at multiple places unnecessarily bloats up the code size. Therefore, in order to reduce the code size what we can do is, wrap that code in a function and call that function wherever required.  To determine if a product or project has redundant code, we can use the tool called PHP Copy-Paste Detector (PHPCPD).

Once installed, you can run it on the project directory to find out duplicate code. You can store the output presented by PHPCPD into a file like:

phpcpd /project/directory/path > /report/file/path/report.txt


2. WordPress Coding Standards

To check whether a code follows WordPress coding standards, use PHP CodeSniffer. To install PHPCodeSniffer, fire the command given below, provided you have pear already installed.

sudo pear install PHP_CodeSniffer

If pear is missing, you can install the same by firing the commands given below:


php go-pear.phar

After installing PHPCodeSniffer, we need to install WordPress coding standards for CodeSniffer. Procedure to install the same can be found out here.

If most of the reviewing part of your job revolves around the WordPress, then set default standard for Coding Sniffer as WordPress by firing command

phpcs --config-set default_standard WordPress-Core

PHP_CodeSniffer will then tokenize PHP, JavaScript and CSS files to detect violations of the defined coding standard, and a second phpcbf script will automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.


3. Impact of Code on Memory

It is crucial to understand how your code impacts the memory. If it hogs a lot of memory, the site is bound to crash or respond very slowly amidst traffic. To check the memory consumption of your plugins, you can install a plugin called ‘Query Monitor’ on your WordPress installation.

This is a very handy tool; it displays memory being consumed for every page. It even shows the time taken by queries to execute. So if you want to find out which of your SQL queries take lot of time to execute, you can pin-point them using Query Monitor. Follow the steps given as:

  • Deactivate your own plugin first, and activate Query Monitor.
  • Check memory consumed by a few frontend and backend pages.
  • Activate your plugin and then again check memory being consumed for those pages. The difference should give
  • If the problem persists, you can use Xdebug and dive into the details and take it from there on.


4. Loops and Logic used in the Code

There is no readily available tool for this and it needs to be done manually. Take a look at the security aspects of it all. Make sure you check:

  • If all forms are using nonce or not.
  • If enqueued js and css files are loaded only wherever required.
  • If a program is throws an error/warning on any page.
  • If a plugin, when activated, does not throw any unexpected message.
  • If proper messages are displayed on triggering different events.
  • If code has been commented  on properly, as per phpDoc guidelines.
  • If plain strings are in single quotes.
  • If ajax callbacks use wp_ajax_referrer before processing ajax requests.
  • If appropriate hooks and filters are used.
  • If Settings API is used or not to save settings in database.
  • If developer tool console throws any error or warning.
  • If there are no hard-coded urls for accessing plugin directory, theme directory, wp-content directory and uploads directory.
  • If there are no hard-coded urls pointing to the development environment.
  • If MVC pattern is being followed properly.
  • If proper access specifiers are given to methods and properties.
  • If all exceptions are handled properly.
  • If readable/understandable variables names, function names, class names and file names are used.


Once these pain points are taken care of, your WordPress code is bound to work wonders in terms of functionality and efficiency. There are probably thousands of other things to be taken care of when you’re involved in a job as complex as programming, and to list them all at once is a task insurmountable.

But believe me when I tell you that all of those will come to sort themselves out once you make sure your code follows the 3 C’s of programming:

Consistent, Concise and Correct.

Over and out.

Sumit Pore

Sumit Pore

Leave a Reply

Your email address will not be published. Required fields are marked *

Get The Latest Updates

Subscribe to our Newsletter

A key to unlock the world of open-source. We promise not to spam your inbox.

Suggested Reads

Join our 55,000+ Subscribers

    The Wisdm Digest delivers all the latest news, and resources from the world of open-source businesses to your inbox.

    Suggested Reads