Does it support modern PHP architecture?

Yes, it provides guidance and templates for PSR-4 compliant structures, which is the recommended standard for modern, large-scale plugin development in 2025.

What WordPress version is this skill optimized for?

This skill is optimized for WordPress 6.8+ and PHP 8.0+, but maintains backwards compatibility for environments running WordPress 5.9+ and PHP 7.4+.

How does it handle plugin cleanup?

The skill includes patterns for uninstall.php to ensure all transients, options, and database tables are properly removed upon uninstallation, preventing site bloat.

How does this skill prevent SQL injection?

It strictly enforces the use of $wpdb->prepare() for all database queries involving user input, utilizing type-safe placeholders like %d, %s, and %f.

WordPress Plugin Core

Name: WordPress Plugin Core
Author: jezweb

byjezweb

•

Content Management

Builds secure, standards-compliant WordPress plugins using modern architecture patterns and the 'Security Trinity' framework.

About

The WordPress Plugin Core skill empowers developers to scaffold and build robust plugins following the latest WordPress 6.8+ and PHP 8.0+ standards. It enforces critical security measures like nonces, input sanitization, output escaping, and prepared statements to prevent common vulnerabilities like SQL injection and XSS. Whether you are implementing Custom Post Types, REST API endpoints, or complex AJAX operations, this skill provides the architectural templates—ranging from simple functional setups to modern PSR-4 structures—ensuring your plugin is performant, secure, and conflict-free within the WordPress ecosystem.

Key Features

91 GitHub stars
Architecture patterns including Simple, OOP, and modern PSR-4 standards
Automated prevention of 20 documented WordPress security and performance issues
Security Trinity enforcement: Sanitization, Validation, and Escaping
Comprehensive implementation of Hooks, Settings API, and REST API
Secure database interactions using $wpdb prepared statements

Use Cases

Auditing and refactoring existing plugin code to fix SQLi, XSS, or CSRF vulnerabilities
Scaffolding a new professional WordPress plugin with best-practice security from day one
Developing custom administrative interfaces, settings pages, and custom post types

About

Key Features

91 GitHub stars
Architecture patterns including Simple, OOP, and modern PSR-4 standards
Automated prevention of 20 documented WordPress security and performance issues
Security Trinity enforcement: Sanitization, Validation, and Escaping
Comprehensive implementation of Hooks, Settings API, and REST API
Secure database interactions using $wpdb prepared statements

Use Cases

Auditing and refactoring existing plugin code to fix SQLi, XSS, or CSRF vulnerabilities
Scaffolding a new professional WordPress plugin with best-practice security from day one
Developing custom administrative interfaces, settings pages, and custom post types