beforemerge-wordpress-review
BeforeMerge: WordPress Review
Comprehensive code review knowledge base for WordPress plugin and theme development. Contains rules across 4 categories — security, performance, architecture, and quality — prioritized by impact.
When to Apply
Reference these rules when:
- Reviewing pull requests for WordPress plugins or themes
- Writing new plugins, themes, widgets, or custom post types
- Auditing existing WordPress code for security vulnerabilities
- Refactoring code for performance or maintainability
- Running pre-merge quality checks on WordPress projects
Rule Categories by Priority
| Priority | Category | Impact | Prefix | Focus |
|---|---|---|---|---|
| 1 | Security | CRITICAL | sec- |
OWASP/CWE mapped anti-patterns |
| 2 | Performance | HIGH | perf- |
Database queries, caching, asset loading |
More from beforemerge/beforemerge-skills
beforemerge-react-review
Comprehensive code review rules for React applications (framework-agnostic). Covers security anti-patterns, performance pitfalls, architecture mistakes, and code quality issues. Use this skill when reviewing, writing, or refactoring React code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for React/TypeScript projects. Does not cover Next.js-specific patterns (see nextjs-review for that).
27beforemerge-supabase-review
Comprehensive code review rules for Supabase applications including RLS security, auth patterns, query performance, migration workflows, and type safety. Use this skill when reviewing, writing, or refactoring Supabase-backed code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for Supabase/PostgreSQL projects.
26beforemerge-fullstack-architecture-review
Code review rules for DRY/SOLID layered architecture in fullstack TypeScript applications. Covers dependency direction, service/repository patterns, factory injection, domain entities, security hardening, performance optimization, and code quality patterns. Use this skill when reviewing, writing, or refactoring fullstack TypeScript code with layered architecture — especially before merging pull requests. Triggers on tasks involving code review, architecture review, SOLID principles, clean architecture, or quality checks for fullstack TypeScript projects.
21beforemerge-nextjs-review
Comprehensive code review rules for Next.js, React, and TypeScript applications. Covers security anti-patterns, performance pitfalls, architecture mistakes, and code quality issues. Use this skill when reviewing, writing, or refactoring Next.js/React code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for React/Next.js/TypeScript projects.
21beforemerge-nextjs-supabase-standards
Opinionated best practices for full-stack Next.js 14+ App Router applications with Supabase. Covers project structure, data fetching, auth, RLS, server actions, components, TypeScript, performance, error handling, security, and testing. Use this skill when building, reviewing, or auditing Next.js + Supabase applications. Triggers on tasks involving Supabase client usage, RLS policies, server actions, middleware auth, migration patterns, or component architecture decisions.
3