PHPCS
PHP_CodeSniffer (PHPCS) is a tool that detects violations of coding standards in PHP code, with WordPress-specific rulesets that enforce security and style conventions.
How it works
PHPCS analyses PHP source code against a set of rules (called 'sniffs') and reports violations. The WordPress Coding Standards (WPCS) ruleset includes security-focused sniffs that check for proper escaping, sanitization, and nonce usage — the same checks the WordPress.org plugin review team applies manually.
In WordPress
Running PHPCS with the WordPress standard is effectively a pre-submission review. WP HealthKit runs PHPCS automatically as one of its 17 verification layers and reports a coding standards score from 0-100.
Related terms
WP HealthKit checks for PHPCS-related vulnerabilities automatically
Run a Free Audit