Before beginning to theme development, do the following things:
1. define('WP_DEBUG', true); in wp-config.php file
2. Import theme unit test data (https://wpcom-
3. Install and activate Developer Plugin
4. Check your theme with Theme Check and Theme
What are the Theme
your theme should
Your theme must have the following things
1. GPL compatible.
3. Free of PHP or JS notices, warnings and
4. Should not be in conflict with plugins e.g.
5. Translation ready.
6. Use WordPress functions, hooks, filters and
7. Away from anything illegal, dishonest, or
Check the below given things on your
theme style.css file.
Theme Name: Japan Tokyo
Theme URI: Recommended
Author URI: Recommended
Version: 1.0.0 ( Required )
License: GNU General Public License v2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Text Domain: japan-tokyo ( Required )
GPL (General Public License)
1. Declare License of any external
2. Only resources bundled with the theme
need to be declared.
3. Ensure your theme is GPL licensed or
4. Mentioned on style.css
5. Include copyright notice for the theme
Mention License of external resources (if used any)
1. Google Font License
2. Font awesome license
3. External JS and CSS license
4. External Library license
5. Screenshot image/images
Requirements for Style and Scripts
1. Hardcoded style and script is not allowed.
2. Properly enqueue style, script and font.
3. No minification of scripts or files unless you provide
4. By default, WordPress installation includes many
popular scripts. Example:- jquery.js No need to
Validation, Sanitization and Escaping
1. Validate and/or sanitize untrusted
data before entering into the database.
All untrusted data should be escaped
2. Example: sanitize_email, esc_attr,
esc_url, esc_html, absint etc.
Use to sanitize email
before inserting data
Use to sanitize text
field before entering
Use to sanitize the
Use to sanitize URL
value before intering
Use to sanitize the
color code before
entering on database.
will be converted to
Securing output for
Escaping for textarea
values before output.
Escaping for HTML
Use to escape URL
This is use for both
input and output for
Use this function for
Secure Output Example
For escaping HTML,
<?php echo esc_html( get_theme_mod('footer-copyright')); ?>
For escaping url,
<?php echo esc_url( get_theme_mod(‘setting_id')); ?>
For escaping absolute integer,
<?php echo absint( get_theme_mod(‘setting_id')); ?>
Content must remain as it is even theme switch
1. Content Creation like text area is not allowed.
2.Maximum repeater text field on customizer is
3.Meta field is allowed only for design purpose.
Setting API vs Customizer API
1. Settings API is not allowed on theme for Theme
Options. Use Customizer API to implement theme
2. Only one subpage is allowed under Appearance
menu. It should contain relevant information about
theme like documentation, user guide, etc.
3. Removing the core settings outside the customizer
is not allowed.
4. You can reposition the options of the customizer.
1. You are not allowed to bundle plugins in the
2. Theme can recommend plugins and those
plugins must be in dot org repository.
3.Theme should work good without any plugin.
4. You can recommend plugin with the help of
library. ( Example: TGM Plugin Activation )
Check your every lines of code
1. Add a call to ‘wp_head()’ before the closing
2.‘body_class()’must be inside the opening body tag.
3.Use the ‘wp_footer()’ call, to appear just before
closing body tag.
4. Use WordPress function to call templates. Example:
get_header(), get_footer(), get_sidebar(),
Child Theme is also treated as a new theme
and needs to follow the same queue.
1. Child theme name must not
include parent theme name
unless you are the author of the
2. Theme must be child theme
1. W and P of WordPress always in uppercase.
2. Remove unnecessary commented code.
3. No customization in WordPress admin.
4. Redirection is not allowed after theme activated.
5. It’s not allowed to remove the default functionality of core.
6. Don’t include development files.
7. Premium Theme Shop should be GPL.
8. Don’t include backup files on theme folder.
9. No analytics or tracking.
10. No Sharing API is allowed. ( Facebook, twitter etc )
11. Save options on single array.
12. Not overriding admin bars.
13. No URL shorteners used in the theme.
14. All code and design should be your own or legally yours.
15. Use WordPress functionality and features first, if available.
16. You are not allowed to duplicate existing features.
17. Custom favicon is not allowed. It’s core functionality.
18. Check name collision.
19. Submit one theme at a time.
Helpful tips for both author and reviewers.
Check Other Live Ticket Follow Theme guidelines
Contact with Mods
Check these things before theme submission.
PHP, JS and Browser
Check with Theme
Check your theme
code yourself once
and theme version
Submit your theme from here: https://wordpress.org/themes/upload/