WordPress Theme Submission Requirements

These submission requirements are designed to maintain a minimum standard of quality in the code of WordPress themes uploaded to ThemeForest. They should cover the majority of scenarios, however, some exceptions may be allowed at the reviewer's discretion.

Standard Submission Requirements (Phase One)

These standards effective for new submissions to ThemeForest on:
September 9th, 2013

WordPress Core API

  1. No deprecated template tags allowed.
  2. Themes are required to eliminate WARNING, REQUIRED, RECOMMENDED, and INFO notices from the 'Theme-Check' plugin as much as possible. Some allowable exceptions include the following:
    • Warning: Found base64_encode()
    • Warning: Found base64_decode()
    • Warning: Found fwrite()
    • Warning: Found fopen()
    • Warning: Found fclose()
    • Recommended: Found add_theme_support('custom-header', $args)
    • Recommended: Found add_theme_support('custom-background', $args)
    • Info: Found include_once()
    • Info: Found include()
    • Info: Found require_once()
    • Info: Found require()
    • Including the above, rare exceptions can be made at a reviewer's discretion.
  3. The following functions are mandatory:
  4. If incorporated into the theme, custom template files are required to be called using get_template_part() or locate_template()
  5. File naming and structure must follow WordPress best practices. For example, do not use category-header.php, custom-header.php etc.
  6. WordPress core features need to be incorporated:
  7. $content_width is used to assign a maximum width for media and is mandatory.
  8. Modification of filters in wptexturize() is not allowed.
  9. Modification of filters in wpautop is not allowed.
  10. Default WordPress CSS classes must be covered in the stylesheet, since this is expected native behavior.
  11. Use a unique prefix for all function names, classes, hooks, public/global variables, and database entries to avoid conflict issues with plugins and other themes.
  12. Translatable strings may not contain variables.

WordPress Features

  1. The theme needs to be widget ready in all advertised locations.
  2. Use of Timthumb is not allowed.
  3. Themes are required to provide child theme support.
  4. wp_nav_menu() must be included in at least one theme location for easy menu management.
  5. All of WordPress' default widgets should be styled/display properly in all widgetized areas.
  6. index.php should be reserved for standard blog "latest posts" view.
  7. Themes are not permitted to add options that define the number of posts to show on archive or category pages via a global setting.

WordPress Unit Test

  1. Posts display correctly, with no apparent visual problems or errors.
  2. Posts display in correct order.
  3. Page navigation displays and works correctly.
  4. The search results page displays properly, with search query results displayed.
  5. As "sticky posts" are a core feature, the theme should style and display them appropriately.
  6. "Read More" link works properly (links to single post at "<!--more-->" tag location).
  7. If theme supports post format type, post displays as intended in the index view.
  8. Lack of body text should not adversely impact the layout.
  9. Theme must incorporate both the "Tag" and the "Category" taxonomies in some manner.
  10. Floats are cleared properly for floated element (thumbnail image) at the end of the post content.
  11. Look for potential overflow issues if the theme has a small title area matched with a long non-breaking string.

WordPress Assets

  1. wp_enqueue_style() must be used to enqueue all stylesheets.
  2. wp_enqueue_script() must be used to add any JavaScript code to a page.
  3. Themes will be required to use whichever version of jQuery ships with the current version of WordPress.
  4. Authors are not allowed to deregister the default version of jQuery and load another one.
  5. If a CDN version of a library is included, a local copy must be provided as a fallback.
  6. Assets should be loaded in an SSL-friendly way where possible. This can be done either by checking is_ssl() and setting the protocol prefix, or by using protocol-less URIs, via //example.com/file.js instead of http://example.com/file.js

Security

The WordPress theme should make use of the following inbuilt functions to validate or sanitise content on input or escape any questionable content for output:

For input:

For output:

Plugins

  1. Bundled plugins must be included via the TGM Plugin Activation class or a similar solution to manage plugin dependency. Plugins can be installed from WordPress.org, private repos or a bundled ZIP file.

PHP

  1. Themes must not have any PHP notices, warnings, or errors - please develop with errors enabled, and WP_DEBUG set to true.
  2. No PHP short tags are allowed.
  3. The database shouldn't be accessed or modified directly. If there is a defined function that can get the data you need, that must be used instead. Use $wpdb and its methods to interface with the database instead of rolling your own.
  4. Tabs must be used for indentation -- Tabs should be used at the beginning of the line and spaces should be used mid-line (see WordPress' PHP Coding Standards).
  5. When referencing other files within the same theme, avoid hard-coded URIs and file paths. Instead reference the URIs and file paths via their respective template tags. For example:
    • To refer to an image in your theme:
      <img src="<?php echo get_template_directory_uri(); ?>/images/filename.png" />
  6. Authors should be strongly encouraged to always use curly braces even in situations where they are technically optional. Having them increases readability and decreases the likelihood of logic errors being introduced when new lines are added. For example:
    • Don't do:
      
      if ( empty( $somevar ) )
        return false;
      
    • Instead do:
      
      if ( empty( $somevar ) ) {
        return false;
      }
      
    • Or, in the context of a template file or other predominantly HTML file, even:
      
      if ( empty( $somevar ) ) :
        return false;
      endif;
      
  7. Use of the eval() function is not permitted.

HTML/CSS

  1. All author-generated HTML needs to be validated via the W3C validator. However, browser prefixes and any other cutting edge code will be exempt.
  2. For a theme to be marked HTML5 compliant, the relevant semantic structural elements need to be present and used appropriately. For further information refer to this helpful flowchart: 
  3. No hardcoded inline styles are allowed anywhere. Dynamic inline styles are permitted where necessary, and wp_add_inline_style() should be used where possible.
  4. IDs and classes need to be appropriately named and follow a naming convention.
  5. Use human readable selectors that describe what element(s) they style.
  6. Refrain from using over-qualified selectors, div.container can simply be stated as .container.
  7. For a theme to be marked HTML5 compliant, the relevant semantic structural elements need to be present and used appropriately. For further information refer to this helpful flowchart: 

Flowchart

Source: html5doctor.com (license: Creative Commons Attribution-Non-Commercial 2.0)

JavaScript

  1. JavaScript code should be placed in external files whenever possible.
  2. JavaScript files need to be placed in the footer where possible, barring notable exceptions, for example: Modernizr, jQuery UI, etc.
  3. The code shouldn't raise any errors or notices.
  4. All JavaScript should be written with “use strict” mode on. For example, you can do this with jQuery as follows:
      
      (function($) {
        "use strict";
        // Author code here
      })(jQuery);

We are actively working on Phase 2 requirements, at this stage we plan on gathering more feedback from the community early in the New Year and publishing the requirements sometime after March of 2014.

WordPress Phase 1 Submission Requirements Q&A 

1208 votes
This article was helpful
This article was not helpful
Help Desk Software by Kayako Resolve