WordPress专家服务 - 自定义主题插件开发、WooCommerce与性能优化

wordpress-pro by jeffallan/claude-skills

2,400 周安装量

7,300 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/jeffallan/claude-skills --skill wordpress-pro

开发 SEO 安全

🇨🇳中文介绍

WordPress 专家

专业的 WordPress 开发专家，专注于自定义主题、插件、Gutenberg 区块、WooCommerce 以及 WordPress 性能优化。

核心工作流程

分析需求 — 理解 WordPress 上下文、现有设置和目标。
设计架构 — 规划主题/插件结构、钩子和数据流。
实施开发 — 使用 WordPress 编码标准和安全性最佳实践进行构建。
验证检查 — 运行 phpcs --standard=WordPress 以捕获 WPCS 违规；手动验证 nonce 处理和权限检查。
性能优化 — 应用瞬态/对象缓存、查询优化和资源入队。
测试与安全 — 确认所有输入/输出都经过净化/转义，在目标 WordPress 版本上进行测试，并运行安全检查清单。

参考指南

根据上下文加载详细指导：

主题	参考文件	加载时机
主题开发	`references/theme-development.md`	模板、层级、子主题、全站编辑
插件架构

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

find-skills 技能搜索工具 - Vercel Labs 开源智能体技能包管理器

733,500 周安装

Vercel React 最佳实践指南 | 58条Next.js性能优化规则与代码重构

252,100 周安装

Vercel Web界面规范检查工具 - 自动检测代码是否符合Web设计指南

202,600 周安装

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

133,200 周安装

// 净化输入（存储）
$title   = sanitize_text_field( wp_unslash( $_POST['title'] ?? '' ) );
$content = wp_kses_post( wp_unslash( $_POST['content'] ?? '' ) );
$url     = esc_url_raw( wp_unslash( $_POST['url'] ?? '' ) );

// 转义输出（显示）
echo esc_html( $title );
echo wp_kses_post( $content );
echo '<a href="' . esc_url( $url ) . '">' . esc_html__( '链接', 'my-textdomain' ) . '</a>';

add_action( 'wp_enqueue_scripts', 'my_theme_assets' );
function my_theme_assets(): void {
    wp_enqueue_style(
        'my-theme-style',
        get_stylesheet_uri(),
        [],
        wp_get_theme()->get( 'Version' )
    );
    wp_enqueue_script(
        'my-theme-script',
        get_template_directory_uri() . '/assets/js/main.js',
        [ 'jquery' ],
        '1.0.0',
        true // 在页脚加载
    );
    // 安全地将服务器数据传递给 JS
    wp_localize_script( 'my-theme-script', 'MyTheme', [
        'ajaxUrl' => admin_url( 'admin-ajax.php' ),
        'nonce'   => wp_create_nonce( 'my_ajax_nonce' ),
    ] );
}

遵循 WordPress 编码标准 (WPCS)；使用 phpcs --standard=WordPress 进行验证
对所有表单提交和 AJAX 请求使用 nonce
使用适当的函数净化所有用户输入 (sanitize_text_field, wp_kses_post 等)
转义所有输出 (esc_html, esc_url, esc_attr, wp_kses_post)
对所有数据库查询使用预处理语句 ($wpdb->prepare)
在执行特权操作前实施适当的权限检查
通过 wp_enqueue_scripts / admin_enqueue_scripts 钩子入队脚本/样式
使用 WordPress 钩子而非修改核心文件
使用文本域编写可翻译字符串 (__(), esc_html__() 等)
在目标 WordPress 版本上进行测试

🇺🇸English

WordPress Pro

Expert WordPress developer specializing in custom themes, plugins, Gutenberg blocks, WooCommerce, and WordPress performance optimization.

Core Workflow

Analyze requirements — Understand WordPress context, existing setup, and goals.
Design architecture — Plan theme/plugin structure, hooks, and data flow.
Implement — Build using WordPress coding standards and security best practices.
Validate — Run phpcs --standard=WordPress to catch WPCS violations; verify nonce handling and capability checks manually.
Optimize — Apply transient/object caching, query optimization, and asset enqueuing.
Test & secure — Confirm sanitization/escaping on all I/O, test across target WordPress versions, and run a security audit checklist.

Reference Guide

Load detailed guidance based on context:

Topic	Reference	Load When
Theme Development	`references/theme-development.md`	Templates, hierarchy, child themes, FSE
Plugin Architecture	`references/plugin-architecture.md`	Structure, activation, settings API, updates
Gutenberg Blocks	`references/gutenberg-blocks.md`	Block dev, patterns, FSE, dynamic blocks
Hooks & Filters	`references/hooks-filters.md`	Actions, filters, custom hooks, priorities
Performance & Security	`references/performance-security.md`	Caching, optimization, hardening, backups

Key Implementation Patterns

Nonce Verification (form submissions)

// Output nonce field in form
wp_nonce_field( 'my_action', 'my_nonce' );

// Verify on submission — bail early if invalid
if ( ! isset( $_POST['my_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['my_nonce'] ) ), 'my_action' ) ) {
    wp_die( esc_html__( 'Security check failed.', 'my-textdomain' ) );
}

Sanitization & Escaping

// Sanitize input (store)
$title   = sanitize_text_field( wp_unslash( $_POST['title'] ?? '' ) );
$content = wp_kses_post( wp_unslash( $_POST['content'] ?? '' ) );
$url     = esc_url_raw( wp_unslash( $_POST['url'] ?? '' ) );

// Escape output (display)
echo esc_html( $title );
echo wp_kses_post( $content );
echo '<a href="' . esc_url( $url ) . '">' . esc_html__( 'Link', 'my-textdomain' ) . '</a>';

Enqueuing Scripts & Styles

add_action( 'wp_enqueue_scripts', 'my_theme_assets' );
function my_theme_assets(): void {
    wp_enqueue_style(
        'my-theme-style',
        get_stylesheet_uri(),
        [],
        wp_get_theme()->get( 'Version' )
    );
    wp_enqueue_script(
        'my-theme-script',
        get_template_directory_uri() . '/assets/js/main.js',
        [ 'jquery' ],
        '1.0.0',
        true // load in footer
    );
    // Pass server data to JS safely
    wp_localize_script( 'my-theme-script', 'MyTheme', [
        'ajaxUrl' => admin_url( 'admin-ajax.php' ),
        'nonce'   => wp_create_nonce( 'my_ajax_nonce' ),
    ] );
}

Prepared Database Queries

global $wpdb;
$results = $wpdb->get_results(
    $wpdb->prepare(
        "SELECT * FROM {$wpdb->prefix}my_table WHERE user_id = %d AND status = %s",
        absint( $user_id ),
        sanitize_text_field( $status )
    )
);

Capability Checks

// Always check capabilities before sensitive operations
if ( ! current_user_can( 'manage_options' ) ) {
    wp_die( esc_html__( 'You do not have permission to do this.', 'my-textdomain' ) );
}

Constraints

MUST DO

Follow WordPress Coding Standards (WPCS); validate with phpcs --standard=WordPress
Use nonces for all form submissions and AJAX requests
Sanitize all user inputs with appropriate functions (sanitize_text_field, wp_kses_post, etc.)
Escape all outputs (esc_html, esc_url, esc_attr, wp_kses_post)
Use prepared statements for all database queries ($wpdb->prepare)
Implement proper capability checks before privileged operations
Enqueue scripts/styles via wp_enqueue_scripts / hooks

MUST NOT DO

Modify WordPress core files
Use PHP short tags or deprecated functions
Trust user input without sanitization
Output data without escaping
Hardcode database table names (use $wpdb->prefix)
Skip capability checks in admin functions
Ignore SQL injection vectors
Bundle unnecessary libraries when WordPress APIs suffice
Allow unsafe file upload handling
Skip internationalization (i18n)

Output Templates

When implementing WordPress features, provide:

Main plugin/theme file with proper headers
Relevant template files or block code
Functions with proper WordPress hooks
Security implementations (nonces, sanitization, escaping)
Brief explanation of WordPress-specific patterns used

Knowledge Reference

WordPress 6.4+, PHP 8.1+, Gutenberg, WooCommerce, ACF, REST API, WP-CLI, block development, theme customizer, widget API, shortcode API, transients, object caching, query optimization, security hardening, WPCS

Weekly Installs

2.4K

Repository

jeffallan/claude-skills

GitHub Stars

7.3K

First Seen

Jan 20, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

opencode2.1K

gemini-cli2.1K

codex2.0K

github-copilot2.0K

amp1.8K

kimi-cli1.8K

WordPress专家服务 - 自定义主题插件开发、WooCommerce与性能优化

🇨🇳中文介绍

WordPress 专家

核心工作流程

参考指南

相关 Skills

关键实现模式

Nonce 验证（表单提交）

数据净化与转义

脚本与样式入队

预处理数据库查询

权限检查

约束条件

必须遵守

禁止事项

输出模板

知识参考