Here are some of the things I’ve been looking for specifically when performing the final audit of approved Themes waiting to be made live. These are the most-frequent issues when reopening a ticket for an approved Theme. Please consider these as “points of emphasis”, to help improve the consistency of our reviews.
Prerequisites – these should be verified before even looking at Theme code
- ThemeURI/AuthorURI: the first thing I do is check ThemeURI/AuthorURI for appropriateness.
- If ThemeURI is a commercial Theme shop, or if the Theme is Up-Sell, I verify the commercial-Theme license, to ensure that it is 100% GPL GPL is an acronym for GNU Public License. It is the standard license WordPress uses for Open Source licensing https://wordpress.org/about/license/. The GPL is a ‘copyleft’ license https://www.gnu.org/licenses/copyleft.en.html. This means that derivative work can only be distributed under the same license terms. This is in distinction to permissive free software licenses, of which the BSD license and the MIT License are widely used examples./compatible
- Credit Link: I then verify that the Theme has only one credit link, in the footer, that the URL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org is either ThemeURI or AuthorURI, and that link text and attributes are not SEO-seeded
- Licensing: next, I check everything bundled with the Theme, verify that copyright/license attribution has been included, and that all licenses are GPL-compatible – fonts, images, jquery scripts, iconsets, everything. If it’s bundled with the Theme, it either needs to be copyrighted as part of the Theme, or include copyright attribution and be distributed under a GPL-compatible license
- header.php: verify that HTML HTML is an acronym for Hyper Text Markup Language. It is a markup language that is used in the development of web pages and websites.
<title> tag includes only the call to wp_title(). Any additional content, if required, must be added via wp_title filter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output..
- header.php: verify that no scripts or stylesheets are hard-coded in the document head (except for the main stylesheet, and IE-conditional stylesheets)
- header.php (usually): verify that calls to wp_nav_menu() include the ‘theme_location’ parameter, and do NOT include the ‘menu’ parameter
- functions.php: verify that all function calls are placed inside of callbacks, hooked into explicit actions. No functions should execute directly from functions.php.
- functions.php: verify that the Theme doesn’t call Plugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party-territory remove_action() calls, such as removing the WordPress version generator from wp_head
- functions.php: verify that Theme does not add function_exists() conditional wrappers for core Core is the set of software required to run WordPress. The Core Development Team builds WordPress. functions introduced more than two prior major WordPress versions (currently: for any core function introduced prior to WordPress 3.5)
- Template files and custom page templates: verify that Theme uses new WP_Query for secondary loops, and pre_get_posts to modify the main query, rather than query_posts()
- Theme Options: verify that Theme options are being stored as a single array, are being sanitized on input, and escaped on output
- Theme Options: verify that Theme options do not include “Plugin territory” options such as analytics/tracking code
Addressing these issues would cover about 99% of tickets currently being reopened after approval.