It is our mission to use humane technology to empower and inspire people. The people we seek to empower and inspire is not only our customers, but our staff and contractors as well.
Therefore we must do our best to create quality software that is performant, secure and maintainable. To this end, we insist that all code be developed to standard.
General
1. Ensure that no code developed is owned by another party. If it is, authorisation must be given and appropriate licences should be complied with.
2. Avoid direct SQL unless absolutely necessary. ALWAYS call WordPress functions or classes where available.
Any code that calls SQL directly when a standard function exists will be rejected.
3. Security Guidelines
The trust of our customers is the most valuable thing we have. For this we comply with OWASP recommendations, particularly the “top 10”.
An important guiding principle is that where possible sensitive information should not be stored at all, but if it is it must be protected at every phase of it’s evolution.
Here are the relevant standards:
- https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
- https://www.owasp.org
We must comply.
4. Accessibility Guidelines
Where possible, we comply with Web Content Accessibility Guidelines (WCAG), particularly for
https://www.w3.org/WAI/intro/wcag
If this is not possible to budget constraints (say for a Proof of Concept) this must be noted in the code as a comment.
5. Where applicable, all code developed must comply with the Children’s Online Privacy Protection Act (COPPA). Full guidelines are here:
The intent of these rules is to unauthorised from seeing any information that may reveal the identy
6. Comply with industry best practices for coding conventions (see below)
WordPress Plugins and Themes
For wordpress projects, our themes and plugins comply with the WordPress Best Practices that are found here:
https://make.wordpress.org/core/handbook/best-practices/