Skip to main content

Code Review Process

We check every theme and plugin to make sure the Web Publishing service is secure and accessible.

Overview

Every theme or plugin that goes into the Web Publishing service is reviewed to ensure it meets minimum standards. That includes any themes or plugins requested by clients at the Custom/Bulk service level.

A theme or a plugin is considered “reviewed” when every question of the Theme Assessment Questionnaire or the Plugin Assessment Questionaire has been completed. Based on that review, the OIT Design & Web Services team will make a decision about whether to install the theme or plugin.

Each questionnaire is divided into five parts:

  1. Basic Information
  2. Inventory of features/functionality
  3. Security and code quality
  4. Accessibility
  5. Support resources

The questionnaire does not generate a pass/fail grade. Instead, it identifies likely issues so we can evaluate potential risks associated with installing the theme or plugin. Once our review is complete, we will follow up with you with our decision and any notes.

Recommendations

Please consider using a theme or plugin that has already been approved rather than requesting something new that does something similar.

When writing a custom theme or plugin, we recommend adhering to the WordPress coding standards. These standards make code reviews easier and help avoid common errors. However, these standards are not a requirement—just a recommendation.

When selecting a theme or plugin written by someone else, we recommend choosing from WordPress.org before considering something from websites such as ThemeForest and CodeCanyon. For themes and plugins from WordPress.org, we generally recommend that you only consider themes or plugins that:

  • Have been updated within the last year.
  • Have been tested as compatible with the most recent version of WordPress.
  • Have four stars or higher with greater than 100 reviews.
  • Are actively supported (eg. open issues in the WordPress.org support forum are addressed promptly).

These guidelines do not guarantee that a theme or plugin is well-written, nor are they hard rules. But they’re a good rule of thumb when considering your options.

If you need specific functionality that’s only available from a paid theme or plugin, please do your research before submitting your request. OIT will not make a purchase for you, and we will not test anything that you have not already purchased. It may be worth reaching out to the vendor with a copy of the theme or plugin questionnaire prior to purchase.

Getting Started

To begin, you must complete Part 1 of the theme assessment questionnaire or the plugin assessment questionnaire. DWS staff will not complete Part 1 for you.

You may complete Parts 2–5 as well, but you are not required to—DWS staff will complete any parts that you leave blank. Instructions on how to complete Parts 2–5 are included with the questionnaire, including setting up a local WordPress instance for testing and installing testing tools.

Note: The more parts of the questionnaire that you’re able to complete on your own, the faster we’re going to be able to finish our review.

Next Steps

If your theme or plugin is approved, then we will schedule it for inclusion in our next release cycle. If you have a tight deadline that requires your theme or plugin sooner than our regularly-scheduled updates, let us know and we’ll see what we can do.

Once approved, your theme or plugin must be re-reviewed for major updates. How that works will depend on what kind of theme or plugin you’ve requested (eg. something custom you’ve built versus something from WordPress.org).

If your theme or plugin is not approved, this is not the end of the conversation! We will work with you to identify our areas of concern and help you make a plan for what comes next. We may recommend specific code fixes, provide notes for your vendor, or help you identify a similar theme or plugin to try instead.