Developer guide

The service is built on the wpengine hosting platform (, and details of the service offering can be found on the Comms website. The Basic service offering is for a site within a WordPress Network (or Multisite installation), and the Custom service offering is in its own standalone WordPress installation.

WordPress Version

The version of WordPress which this service uses is the latest stable version available from – we endeavour to keep the version of the software current at all times. The hosting company regularly patch any older versions of the core software or plugins as detailed here:

If a theme or plugin depends on parts of the WordPress API which have been deprecated or removed in the latest stable version, they may cease to operate correctly when these patches are applied.

Coding Standards

All Themes and Plugins used in sites to be deployed in this service must be tested prior to deployment to ensure that basic coding errors are not present in them. Basic coding errors would include the generation of any PHP Notices or Warnings as well as any Javascript errors (whether benign or not). Any code developed by external suppliers must be fully documented to a sufficient level to allow it to be understood and supported by others.

The WordPress Coding Standards should be followed in all custom development work:

Version Control

Any development for the platform must be carried out using the git distributed version control system (, and access to any repositories provided to the University of Leeds. Details of how this is managed for the University theme are available here.

Data storage

Storing data, either in theme options or in plugins, should be carried out using the various WordPress APIs wherever possible:

If additional database tables are required by a plugin or theme, there is guidance in the WordPress Codex:

This must be followed to allow for the correct application of any updates, and the correct function of any activation and deactivation routines. Deactivation or deletion of a plugin or theme which adds tables to the WordPress database should always result in the additional tables being dropped. Additional tables must also be prefixed correctly so they are specific to a site within a multisite network (and not global for the whole network).

Domain Name

All sites hosted in this service require a fully qualified domain name. Sites where the University is the main partner must normally use a subdomain and must use the University WordPress theme. Other sites must use an external domain name which must be acquired through IT and must not use Leeds branding. All websites must comply fully with all relevant sections of the website regulations and in particular must have a valid privacy notice written specifically for the site.

Custom Theme and Plugin Development

All themes and plugins should ensure that the code they generate is valid HTML, and that the accessibility of the theme or plugin output conforms to the Web Content Accessibility Guidelines (Version 2.1, Level AA).

Themes should employ a responsive design methodology to ensure the site works well on all target devices, and use progressive enhancement in any scripting to emphasise accessibility. Themes should support the latest version of all major browsers.

Most of the sites in the service run on a platform which provides PHP version 7.3. Care should be taken by theme and plugin developers not to use language features which are deprecated in PHP7.


Themes and Plugins which are downloaded and used from the repositories at are always updated as soon as the new versions become available. Care should be taken to minimise the risk of any unexpected behaviour as a result of an update, especially if the theme is being developed as a child theme of a freely available theme, or if the theme relies on the behaviour of a freely available plugin.

If a “premium” theme is used for a site, or a custom theme commissioned from an external supplier, any details of the contract with the theme supplier must be supplied so updates can be applied to the theme as they become available.

It is not acceptable to use a mechanism to prevent themes or plugins from being automatically updated, as this could leave the site vulnerable to attack from any subsequently discovered security flaws.

Plugin usage

If a theme is dependent on a set of Plugins to enable its operation, the full list of dependencies must be cited prior to any development work taking place. As the update policy for Plugins from the WordPress plugin repository is the same as that for Themes (i.e. all updates will be applied as soon as they are released), care should be taken to minimise the possibility that any future updates will negatively impact on the functionality of the site. Any support contract for custom theme development should also ensure that the theme will still operate as planned when these updates to plugins are applied.

Sites in the service can utilise any freely available plugins in the WordPress Plugin directory on condition that:

  1. They are not disallowed by the platform (see
  2. They are maintained (i.e. have been updated recently and are compatible with the latest version of WordPress)

If a plugin you wish to use is not present in a WordPress Network environment, please contact us so we can test the plugin and make sure it works within this environment. Some plugins may be incompatible with others which are already in use on other sites in the installation.