Over the past couple of months, the number of approved tickets that have been reopened due to issues found during final-approval audit has declined, but many still get reopened. As a team, we want to ensure that tickets get approved (so that new Themes get added to the directory, and into the hands of end users), and we want reviewers to be able to take advantage of the incentive program.
So I want to step through the things I check when performing a final review audit. We’re looking for some high-level and/or high-impact things that would cause problems for end users:
Overall File Structure
- Does the Theme look like it is derived from a common Theme (Underscores, Twenty Ten-Fourteen, etc.)? Are there included functional files that I’ll need to check. Are there asset folders (fonts, scripts, etc.) that I’ll need to check?
- Check ThemeURI and AuthorURI. Are they appropriate?
- If ThemeURI or AuthorURI reference commercial Themes, are those Themes sold as GPL-compatible?
- If the Theme appears to be derived, does it include a proper derivative-work copyright/license attribution?
- If the Theme has bundled resources/assets, are they listed in the readme with copyright/license attribution, or will I need to check file headers?
- Is license for all bundled resources GPL or GPL-compatible?
- Are Theme options properly escaped on output?
- Is favicon, if used, disabled by default?
- Does the TITLE tag include anything other than the call to wp_title()?
- Does wp_nav_menu() reference theme_location, and not menu?
- Are any stylesheet or script links output instead of being properly enqueued
- Does the Theme only use one credit link? Is that credit link exactly ThemeURI or AuthorURI, with no SEO-seeding of link text, title attribute, etc.?
- Are any footer scripts output instead of being enqueued properly?
- Does template markup look generally appropriate?
Front/Home Page Templates
- Does the Theme have front-page.php? If so, is it used properly? Does it account for both a static page and the blog posts index as site front page?
- Does the Theme have home.php? If so, is it used properly as the default blog posts index template?
- Does the Theme have any custom page templates intended to be used as either front-page.php or home.php?
- Does the Theme properly output wp_list_comments() for the comments list?
- Does the Theme properly output comment_form() for the comment reply form, rather than hard-coding the form?
- Does the page template properly call comments_template()?
- Are all functions and other things in the public namespace properly prefixed?
- Is all functional output properly wrapped in callbacks and hooked into appropriate actions?
- Is any of the functionality Plugin territory?
- Does any of the functionality replicate core functionality?
- Does the Theme use Theme options? Are they handled properly (single DB entry, proper settings page, sanitized on input, etc.)?
- Do any of the Theme options replicate core options?
This list comprises 99% of what I look for in an audit, and accounts for the vast majority of issues encountered that require reopening tickets. So, if you verify these things before resolving the ticket as “approved”, the chances that your ticket will get reopened will go down considerably.
(Note: @emiluzelacÂ may have other things to add to the list, for things he checks during an audit.)