If you’re running a WordPress.org self-hosted site, this document contains some best practices that the VIP team recommends for your development work.
Note that these recommendations do NOT apply to WordPress.com sites (VIP or otherwise); if you are developing for WordPress.com, please view the separate Getting Started and Best Practices documentation.
Have a Dedicated Development Environment #
We recommend creating at least one dedicated development environment that is completely separate from your production environment, with its own files, database, URL, etc. Having a dedicated environment for development ensures you don’t accidentally affect real content and real users with untested changes. We strongly recommend against making any development changes directly on your production site.
Depending on your needs, you could have an environment dedicated to initial development, and then a second environment dedicated to final testing and QA of changes that have come out of development, before they are launched to production (sometimes known as “staging” or “preproduction”). If you have multiple developers working on different pieces of functionality, you may even need more individual development environments.
Use Version Control #
A version control system allows you to carefully track what changes are made to your environment, who made them, and what larger project or feature work they were a part of. If you deploy a change that turns out to be problematic in some way, a good version control system will help you “revert” the change quickly, restoring your site to its previously working state.
Have a Deployment Strategy #
We recommend working with everyone on your team (especially those who will be doing development and testing of your site) to create a commonly understood deployment process for launching changes. The process will specify when a changeset is considered ready for deployment, who on the team is involved in deployment, what kinds of testing the team will do before and after deployment, and how the team will handle the need to revert changes, if it arises.
Keep Customizations Separate from WordPress Code #
WordPress supports keeping the WordPress core software in one directory while putting your custom content (plugins, themes, etc.) in another. This will allow you to keep your wp-content directory under version control while also allowing you to easily change what version of WordPress you’re running. Learn more at http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
Follow WordPress Coding Standards #
When you commit your changes, make sure you write good commit messages.
Review the list of VIP best practices and recommendations to see what we look for in our code reviews. While some of these are specific to development done on WordPress.com, most of them will also help you write better, faster, more secure code in your self-hosted project.
Use VIP Scanner #
The VIP Scanner plugin was developed to assist with development of WordPress.com VIP sites, but it’s available to help you check for problems on your self-hosted site too. The scanner can be run against themes, plugins, directories or individual files, and will identify errors that we recommend addressing before making your customizations live.
Use Automated Testing #
Automated testing allows you to automatically and repeatedly run software tests that you design to ensure your WordPress site is functioning as you expect it to. As you make changes and customizations to your site, automated tests complement manual testing by confirming that actual outcomes still match your expected outcomes.
Follow WordPress Development News #
Your team should stay up to date on the latest news and announcements related to WordPress development. This will help ensure you are aware of new features, security fixes, possible incompatibilities with your customizations, and other aspects of the WordPress software that might affect your work.
Some helpful sites to get you started include:
Choose and Maintain Plugins Carefully #
Every time you pick a plugin for use on your site, you are creating a new relationship between your code and the code that the plugin’s author created. You’re investing in making sure that the new plugin is well secured, well maintained, and that future updates will be compatible with your site and its functionality. When new versions of WordPress are released, you’re committing time to review whether or not your plugins are compatible before you upgrade. You’re also creating opportunities to customize the plugin and contribute your changes back to the project for everyone to benefit from. For each plugin you decide to use, there will be pros, cons and risks to consider. If you have questions or concerns about an individual plugin, the VIP team can take a look for you and offer advice.