13.1 Code Audits and Guidelines

Copy chapter anchor to clipboard

We have automatic and manual code reviews in place for all plugins and themes that are added to any site we host. All plugins and themes must adhere to the WordPress Coding Standards.

In addition, the plugin or theme must:

  • not rely on 3rd party services or phone home without our approval;
  • not automatically upgrade or modify theme files;
  • not change timeout of wp_remote_* calls;
  • not ever change wp_feed_cache_transient_lifetime (hook to the filter);
  • not use SHOW TABLES, instead use SHOW TABLES LIKE ‘wp_xyz’;
  • not use DESC to describe table, instead use DESCRIBE;
  • not change WP_DEBUG, error_reporting or display_errors;
  • not remove default roles (remove_role);
  • not flush rewrite rules ($wp_rewrite->flush_rules is not allowed);
  • not flush cache (wp_cache_flush is not allowed);
  • not contain SQL queries. Themes should use WordPress built in functions for fetching post, pages, attachments, users and respective meta tags;
  • not create new tables or modify table schema;
  • not use filesystem functions listed here;
  • not store files in the server file system. Themes must always make use of WordPress attachments if it accepts file uploads

13.2 Bitbucket and Version Control

Copy chapter anchor to clipboard

We use Bitbucket for version control. Customers that have custom themes should initiate a pull request to alert our team of developers to initiate a code review.

Depending on the queue and complexity of the theme or edit, a review can take up to 24 hours, or more for complex themes.

13.3 Development Environments

Copy chapter anchor to clipboard

We can set you up with a testing environment in which to upload themes or make major changes before moving to production. For individual sites, we have a clone tool, which can be used for testing out a new theme or adding new content, and then writing over the existing site with just a few clicks.

13.4 Change Management Procedures

Copy chapter anchor to clipboard

In order to ensure the reliability of our service, we’ve implemented a change management policy that we follow for all updates, upgrades, and code changes.

We perform all WordPress core, plugin, and theme updates, general improvements, and server maintenance during a regularly scheduled weekly window.

All changes are thoroughly tested by our developers and quality assurance team as follows:

  1. Tested fully in a local testing environment by the technical team.
  1. Automated and unit testing in multiple development environments.
  1. Manual testing by QA team in multiple development environments using all major browsers and operating systems, including mobile devices.
  1. Full deployment to a small subset of live networks and all development/test networks that willingly participate in a beta testing program.
  1. Final manual code and performance review by technical team leadership.
  1. Full deployment to all customers during the next regular ‘Primary Updates’ window (Tuesdays) and an update published to our changelog alerting customers.
  1. Continuous monitoring by technical and support teams.
  1. For any significant changes that end users may notice, we’ll provide documentation and warning to Super Administrators well in advance.