Experiment: Test rule sheet

[StevenDufresne]

This is an auto-generated markdown table. Edits here will be replaced.

ID	Category	Type		Rule	Details	Exception	Notes
safe1	Privacy	All Themes	must	disable any tracking and collection of user data by default and must be opt-in.
safe2	Privacy	All Themes	must	include documentation on how any user data is collected, and used, and needs to be included in the theme readme.txt file, preferably with a clearly stated privacy policy.
safe3	Code	All Themes	can't	have PHP or JavaScript errors, warnings or notices.
safe4	Code	All Themes	must	validate and/or sanitize untrusted data before entering it into the database
safe5	Code	All Themes	must	escape all untrusted data before output (See: Data Validation)
safe6	Code	All Themes	All Themes	Provide a unique prefix for everything the theme defines in the public namespace	including options, functions, global variables, constants, post meta, wp_enqueue_script/style handle names, add_image_size names, wp_script_add_data keys, slugs/ids for new categories created with register_block_pattern_category etc.	unless its a menu location or sidebar id.
safe7	Importing or downloading	All Themes	can't	import content to a user’s site
safe8	Importing or downloading	All Themes	can't	link directly to an XML, JSON, ZIP, or other files for direct download or import
safe9	Importing or downloading	All Themes	can't	bundle demo content via an XML, JSON, ZIP, or other files
safe10	Plugins	All Themes	can't	include plugins in the theme folder or download plugins automatically
safe11	Plugins	All Themes	can't	include plugin functionality	If you are not sure if a feature is plugin territory, contact the team and ask first. themes@wordpress.org.
safe12	Plugins	All Themes	can	recommend plugins that are hosted on WordPress.org
safe13	Plugins	All Themes	must	only install plugins by installed by user action
safe14	Plugins	All Themes	can	recommend GPL compatible plugins that are not hosted on WordPress.org in the readme file or the themes information page but may not include a direct link to the download for security reasons.
safe15	Plugins	All Themes	can	include a link to the product page for the recommended plugin	but not directly to the download file.
global1	Accessibility	All Themes	must	have skip links	that include a mechanism that enables users to navigate directly to content or navigation on entering any given page	unless it is a block theme, skip links are added automatically to the element.
global2	Accessibility	All Themes	must	have skip links	that may be positioned off-screen initially but must be available to screen reader users and must be visible on focus for sighted keyboard navigators
global3	Accessibility	All Themes	must	have skip links	that are the first focusable element perceived by a user via a screen reader or keyboard navigation
global4	Accessibility	All Themes	must	have skip links	that are visible when keyboard focus moves to the link
global5	Accessibility	All Themes	must	have skip links	that move focus to the main content area of the page when activated	unless there is nothing to skip past, such as a menu or larger header section or secondary widget area before the main content.
global6	Accessibility	All Themes	must	have keyboard navigation	that provide visual keyboard focus highlighting in navigation menus and for form fields, submit buttons and text links.
global7	Accessibility	All Themes	must	have keyboard navigation	that makes all controls and links reachable by keyboard.
global8	Accessibility	All Themes	must	have keyboard navigation	that makes all controls usable with the mouse usable with the keyboard, regardless of device and screen size. Including but not limited to responsive versions for small screens, mobile and other touch screen devices. Further reading.
global9	Accessibility	All Themes	must	have underlined links within content and comments	that are distinguishes by an underlined a no other style	unless they are in navigation-like contexts (e.g. menus, lists of upcoming posts in widgets, grouped post meta data)
global10	Accessibility	All Themes	must	meet additional requirements if the theme has the tag ‘accessibility-ready’
global11	Language & internationalization	All Themes	must	use gettext for all text strings for translation
global12	Language & internationalization	All Themes	must	include the theme slug as the text-domain in style.css	that is the name of the theme in lower case, with spaces replaced by -. It is also the folder name for the theme.
global13	Language & internationalization	All Themes	If the theme uses a framework then no more than 2 unique slugs may be used (like tgmpa, redux-framework, kirki or some other allowed framework)
global14	Language & internationalization	All Themes	can	use any language for text	that only uses one language
quality9	Functionality and Features	All Themes	must	use the admin_notices API for all notifications generated by the theme.
quality10	Functionality and Features	All Themes	must	make notices dismissible.
quality11	Functionality and Features	All Themes	must	follow core UI design for everything wrapped in the admin notice
quality12	Functionality and Features	All Themes	can't	place WordPress features behind a paywall
quality13	Functionality and Features	All Themes	can't	remove, hide, or otherwise block the admin bar from appearing
quality14	Functionality and Features	All Themes	can't	redirect on theme activation or modify activation
quality15	Presentation vs Functionality	All Themes	can't	include custom post types
quality16	Presentation vs Functionality	All Themes	can't	include custom blocks
quality17	Presentation vs Functionality	All Themes	can't	include shortcodes
quality18	Presentation vs Functionality	All Themes	can't	include functionality that is not related to design and presentation.
distribute1	Selling, credits, and links	All Themes	can	include one single front facing credit link, which is restricted to the Theme URI or Author URI defined in style.css
distribute2	Selling, credits, and links	All Themes	can	have an additional footer credit link pointing to WordPress.org
distribute3	Selling, credits, and links	All Themes	must	state explicitly that the products you’re selling/distributing (free and paid) are GPL compatible	that needs to be in an easy-to-find place for visitors.
distribute4	Selling, credits, and links	All Themes	can't	display “obtrusive” upselling
distribute5	Selling, credits, and links	All Themes	can't	have affiliate URLs or links
distribute6	Licensing & copyright	All Themes	must	be compatible with the GNU General Public License	Although any GPL-compatible license is acceptable, using the same license as WordPress — “GPLv2 or later” — is strongly recommended. All code, data, and images — anything in the theme zip file — must comply with the GPL or a GPL-Compatible license.
distribute7	Licensing & copyright	All Themes	must	include third-party libraries, code, images, or otherwise that are GPL-compatible	For a specific list of compatible licenses, please read the GPL-Compatible license list on gnu.org.
distribute8	Licensing & copyright	All Themes	must	declare copyright for the theme itself.
distribute9	Licensing & copyright	All Themes	must	declare license, copyright information, and source for all resources included such as fonts or images.	that is provided in a list of all resources in one file.	unless the assets are public domain
distribute10	Licensing & copyright	All Themes	must	include code and design that are your own or legally yours	Cloning of designs is not acceptable
distribute11	Licensing & copyright	All Themes	must	only display the user’s copyright	that is not the theme author’s copyright.	Front end
distribute12	Files	All Themes	must	include all scripts, images, videos and other resources rather than hot-linking.	unless the resource is from Google Fonts.
distribute13	Files	All Themes	Main stylesheet
distribute14	Files	All Themes	must	use headers in style.css that follow the guidelines and requirements for the main stylesheet in the Theme Developer Handbook.
distribute15	Files	All Themes	can	include 'Theme URI' in style.css	that must be about the theme hosted on WordPress.org. If the URI is a demo site, the content must be about the theme itself and not test data and cannot be wordpress.org.	It's reserved for the default themes (Twenty *).
distribute16	Files	All Themes	can	include 'Author URI' in style.css	that links to a page or website about the author, author theme shop, or author project/development website.
distribute17	Files	All Themes	must	have tags in style.css that match what the theme actually does in respect to functionality and design	and doesn't use more than 3 subject tags (See: Theme Tag List).
distribute18	Files	All Themes	must	include a readme.txt file	that doesn't have empty lines in the file header
distribute19	Files	All Themes	must	include a readme.txt file	that has the 'tested up to' field
distribute20	Files	All Themes	must	include a readme.txt file	That has onle one WordPress.org username listed in the contributors field.
distribute21	Files	All Themes	can't	have minification of scripts or files	unless the original files are also in the theme folder.
distribute22	Files	All Themes	must	use WordPress’ default libraries.	WordPress includes a number of libraries such as jQuery. For security and stability reasons themes may not include those libraries in their own code. Instead themes must use the versions of those libraries packaged with WordPress. For a list of all JavaScript libraries included in WordPress, please review Default Scripts Included and Registered by WordPress.
distribute23	Files	All Themes	can't	have images that promote hate or violence or images that show children with recognizable facial or body features.
distribute24	Files	All Themes	can't	have a screenshot that looks like an advertisement	The reviewer can subjectively ask you to change screenshots if they find that it is not appropriate.
distribute25	Files	All Themes	can't	have a screenshot bigger than 1200 x 900px
distribute26	Files	All Themes	must	a ratio of width to height of 4:3
distribute33	Presentation vs Functionality	All Themes	Warning: Showing preview/demo data or manipulating the preview on WordPress.org is not allowed and can result in suspension or your user account being terminated
distribute34	Naming, spelling and trademarks	All Themes	can't	use: WordPress, Theme, Twenty* in their name
distribute35	Naming, spelling and trademarks	All Themes	must	spell “WordPress” correctly in all public-facing text: all one word, with both an uppercase W and P
distribute36	Naming, spelling and trademarks	All Themes	can't	have violation of trademarks.

System

These rules are related to uploading themes to .org.	ID	Category	Rule
system1	Theme author and theme upload restrictions	Only submit one new theme at the time. You can submit unlimited updates for your existing themes that are in the theme directory.
system2	Theme author and theme upload restrictions	A theme must be complete at the time of submission. Names cannot be “reserved” for future use or to protect brands.
system3	Theme author and theme upload restrictions	Licensing of themes distributed outside the theme directory
system4	Theme author and theme upload restrictions	If you distribute themes, you may only distribute themes that are 100% compatible with GPL.
system5	Theme author and theme upload restrictions	Otherwise you can not add themes to the WordPress.org Theme Directory (See explanation).
system6	Theme author and theme upload restrictions	Example: If you have a Themeforest account and you’re selling themes on it, all those themes need to state on their sales page that they are 100% GPL compatible (Info).
system7	Theme author and theme upload restrictions	You can have multiple accounts with the following restrictions:
system8	Theme author and theme upload restrictions	You can’t have more than one (1) open ticket in any of the trac reports/queues or under review. That means you can’t have one (1) theme ticket from an account and another one from a secondary account, simultaneously open in any of the queues.
system9	Theme author and theme upload restrictions	Failing to respect the above requirement will result in the closing of all tickets and not having the possibility to upload those themes again. Also, a 1 month no upload possibility for each ticket closed. Depending on the severity of the case, you might also end up with a permanent ban on all your accounts.
system10	Theme author and theme upload restrictions	To avoid penalties, the team requests that you disclose all your accounts by emailing us at themes[at]wordpress.org.
system11	Naming, spelling and trademarks	The themes team can decline themes based on the name and can request that the name be changed, if they deem the name inappropriate or too similar to the name of an existing theme or brand.

[carolinan]

Thank you, I was going to create a table for what is in the text on the requirements page, and list whether automated checks already exist or not.

[carolinan]

Also a reminder that there will be more changes and reductions, and changes that the team is making to the requirements need to be presented and discussed by the community and are not set in stone.

[carolinan]

If numbers can be added, I can easer point to the things the team changed last week 🤔

[StevenDufresne]

Thank you, I was going to create a table for what is in the text on the requirements page, and list whether automated checks already exist or not.

I figured it would be useful for development but not sure how and where to put it so I just dropped it here for now. I'm not sure how it helps the documentation and decision process ya'll are working on yet but willing to update it so it also makes sense for the Theme team to use as well.

Also a reminder that there will be more changes and reductions, and changes that the team is making to the requirements need to be presented and discussed by the community and are not set in stone.

Yep totally fair, this is mostly automated assuming that would be the case.

If numbers can be added, I can easer point to the things the team changed last week

👍

[carolinan]

Removed:

Safe 14 Safe 15

---

Updated: distribute12 https://github.com/WPTT/Theme-Requirements/blob/master/Requirements.md#9-files No remote resources are allowed without user consent Include all scripts, images, videos and other resources in the theme zip file. The only exception to this requirement is Google Fonts.

Do not: -Use CDN or similar services -Fetch any files or data from a remote resource, including your own websites, without the user's explicit consent.

This is because of GDRPR and privacy requirements and because remote resources can not be reviewed.

---

Updated: Distribute 18, 19, 20 , readme.txt now says: A valid readme.txt file must be included.

An example of what a valid file means will be included on the requirements page, see current example at https://make.wordpress.org/themes/handbook/review/required/#example

distribute20 was removed because even if this information would include more than one username, these are not actually used in the theme directory, the data in style.css is. This might change if the directory is updated to allow more than one author.

[StevenDufresne]

Closing in favor of https://github.com/WPTT/Theme-Requirements/issues/12