Merge branch 'master' of https://github.com/WordPress-Phoenix/wordpress-development-toolkit

Author: David Ryan

docs/best-practices-frontend-deps.md renamed to docs/best-practices-asset-management.md

@@ -1,4 +1,4 @@
-# WordPress Frontend Dependency Best Practices
+# WordPress Asset Management Best Practices
 
 #### Break `wp_register_script()` and `wp_register_style()` arguments onto their own lines
 
@@ -22,7 +22,7 @@ When registering CSS or JS within a PHP class, always store the asset handle as
 
 #### Leverage dependency chaining and the `array()` method for `wp_enqueue_*()`
 
-A common place that can feel repetitive is registering and initializing enqueued assets. Make sure you make good, appropriate forcing order and perhaps enqueue of dependencies via `wp_register_*`'s `$dependency` parameter.
+A common place that can feel repetitive is registering and initializing enqueued assets. Perhaps trigger enqueue of dependencies via `wp_register_*`'s `$dependency` parameter.
 
 Also, if enqueueing multiple scripts or styles simultaneously, use a single `wp_enqueue_script()` or `wp_enqueue_style()` with an array of dependency slugs to avoid repetition.
 
@@ -51,5 +51,5 @@ WordPress does little to prevent the collision of scripts. Short of defining dep
 
 Plus at time of writing it's 2017 and React and Vue-based apps, use of JavaScript tools is becoming more prevalent. Some of these authors create a rollup file of dependencies and a rollup of their app. Even in an environment you control, you likely rely on some 3rd party plugins that load dependencies.
 
-### Provide a version string for caching
-We recommend tying product assets the version for the Theme or Plugin you're in. Having a condition that checks for local environments (i.e. check request string for ".test") and toggling between a production version and a rand(0,PHP_INT_MAX) is another good option.
+#### Provide a version string for caching
+We recommend tying product assets the version for the Theme or Plugin you're in. Having a condition that checks for local environments (i.e. check request string for ".test") and toggling between a production version and a `rand(0,PHP_INT_MAX)` is another good option.

docs/resources.md

@@ -1,32 +1,31 @@
 
 
-# Great Enterprise-Grade WordPress & Web Development Resources
+### Great Enterprise-Grade WordPress & Web Development Resources
 
 * [WordPress The Right Way](https://www.wptherightway.org/en/getting_started/) - [PDF](https://www.gitbook.com/download/pdf/book/tomjn/wordpress-the-right-way?lang=en)
 
-* WordPress Action & Filter Reference [https://codex.wordpress.org/Plugin_API/Action_Reference]
-* GenerateWP.com -- Interactive tools for creating Core API queries and WordPress File Headers
-* https://github.com/kamranahmedse/design-patterns-for-humans
+* [WordPress Action & Filter Reference](https://codex.wordpress.org/Plugin_API/Action_Reference)
+* [GenerateWP.com](https://generatewp.com) -- Interactive tools for creating Core API queries and WordPress File Headers
+* [Design Patterns for Humans](https://github.com/kamranahmedse/design-patterns-for-humans)
 
-* 10Up Engineering Standards & Best Practices (forked XWP copy of standards)
-* WordPress.com VIP "What We Look For"
-* Locutus.io/php -- Common PHP methods ported to JavaScript.
-* YouMightNotNeedjQuery.com -- An explainer on using native JavaScript alternatives to jQuery.
+* [10Up Engineering Standards & Best Practices](https://10up.github.io/Engineering-Best-Practices/) [(forked XWP copy of standards)](https://xwp.github.io/engineering-best-practices/)
+* [WordPress.com VIP "What We Look For"](https://vip.wordpress.com/documentation/code-review-what-we-look-for/)
+* [Locutus.io/php](https://locutus.io/php) -- Common PHP methods ported to JavaScript.
+* [YouMightNotNeedjQuery.com](http://youmightnotneedjquery.com) -- An explainer on using native JavaScript alternatives to jQuery.
 
-Great Topical Guides / Blogs
+### Great Topical Guides / Blogs
 * [Understanding WordPress Directory Structure](https://www.rarst.net/wordpress/directory-structure/)
-* 10 WordPress Things I've Learned Working With 10Up[http://rachievee.com/10-wordpress-things-ive-learned-working-with-10up/]
-* Intro to Underscore.js Templates in WordPress [https://themehybrid.com/weblog/intro-to-underscore-js-templates-in-wordpress]
-* On using `apply_filters( 'the_content' )` in the loop or rolling a custom version [https://themehybrid.com/weblog/how-to-apply-content-filters]
-* Introduction to WordPress Term Meta API [https://themehybrid.com/weblog/introduction-to-wordpress-term-meta]
-* Using Shortcode Attributes [https://pippinsplugins.com/shortcodes-101-shortcode-attributes/]
-* Using Template Files for Better Frontend Shortcodes
-[https://pippinsplugins.com/shortcodes-101-using-template-files-better-shortcodes/]
-* On Checking Plugin, Class and Method Dependencies [https://pippinsplugins.com/checking-dependent-plugin-active/]
-* On the WordPress Heartbeat API [https://pippinsplugins.com/using-the-wordpress-heartbeat-api/]
-* WordPlate Helpers [https://wordplate.github.io/docs/helpers]
-
-Little-used/documented WordPress Core JavaScript
+* [10 WordPress Things I've Learned Working With 10Up](http://rachievee.com/10-wordpress-things-ive-learned-working-with-10up/)
+* [Intro to Underscore.js Templates in WordPress](https://themehybrid.com/weblog/intro-to-underscore-js-templates-in-wordpress)
+* [On using `apply_filters( 'the_content' )` in the loop or rolling a custom version](https://themehybrid.com/weblog/how-to-apply-content-filters)
+* [Introduction to WordPress Term Meta API](https://themehybrid.com/weblog/introduction-to-wordpress-term-meta)
+* [Using Shortcode Attributes](https://pippinsplugins.com/shortcodes-101-shortcode-attributes/)
+* [Using Template Files for Better Frontend Shortcodes](https://pippinsplugins.com/shortcodes-101-using-template-files-better-shortcodes/)
+* [On Checking Plugin, Class and Method Dependencies](https://pippinsplugins.com/checking-dependent-plugin-active/)
+* [On the WordPress Heartbeat API](https://pippinsplugins.com/using-the-wordpress-heartbeat-api/)
+* [WordPlate Helpers](https://wordplate.github.io/docs/helpers)
+
+### Little-used/documented WordPress Core JavaScript
 * wp.template() -- A simple implementation of underscore.js' `_.template()` method.
 * wp.shortcode.next() -- Parse shortcode string into data object using JavaScript.
 * wp.shortcode.string() -- Generate a WordPress shortcode string using JavaScript data.
@@ -38,7 +37,7 @@ Little-used/documented WordPress Core JavaScript
 * wp.emoji.test() - Test if a string contains emoji.
 * wpCookie.get(), wpCookie.set(), wpCookie.remove() - Cookie CRUD tools
 
-# On Leveraging Stack Overflow, The WordPress Codex and Search-Sourced Solutions
+### On Leveraging Stack Overflow, The WordPress Codex and Search-Sourced Solutions
 
 Stack Overflow, The Codex and Solutions found on blogs are often excellent starting points to learn and develop solutions. However, many solutions aren't written to consider enterprise needs, high-traffic sites or large-scale environments.
 
@@ -50,23 +49,10 @@ When integrating someone else's solution, please consider the following:
 * Is this functionality "right-sized?" Perhaps break large procedural functions into helpers.
 * Does the author properly sanitize and validate user input while late-escaping output?
 
-# Helpful Utility/Development Plugins
+### Helpful Utility/Development Plugins
 * [FakerPress](https://wordpress.org/plugins/fakerpress/) - Generate Fake WordPress Data (optionally use 500px for real, varied featured post images)
 * [Regenerate Thumbnails](https://wordpress.org/plugins/regenerate-thumbnails/) - Regenerate Thumbnails after 
 changing Thumbnail Sizes
 * [P3 Plugin Profiler](https://wordpress.org/plugins/p3-profiler/) - Tool to better understand plugin performance
 * [Locomotive](https://github.com/reaktivstudios/locomotive) - Simple, repeatable batch process tasks for wordpress
-
-# Helpful Open-Source Resources for Enterprise-Ready WordPress Code
-(not all code available in these organizations is "enterprise ready for everyone", however, there are many good examples for many kinds of enterprises)
-* https://github.com/10up
-* https://github.com/crowdfavorite
-* https://github.com/xwp
-* https://github.com/humanmade
-* https://github.com/automattic
-	* https://github.com/Automattic/vip-go-mu-plugins-built
-* https://github.com/easydigitaldownloads/easy-digital-downloads
-* https://github.com/stuttter
-* https://github.com/washingtonstateuniversity
-* https://github.com/webdevstudios
-* https://github.com/dfmedia
+* [Query Monitor](https://wordpress.org/plugins/query-monitor/) - Debug WordPress deeply in any environment. Detect every running action, filter, registered script, environment configuration, simple PHP errors and evaluate long-running database queries.

docs/security.md

@@ -1,5 +1,7 @@
 # On WordPress Security
 
+### THIS PAGE NEEDS FORMATTING AND COMPLETION, PRs welcome!
+
 * Using Nonces
 
 The primary security mechanism in WordPress is nonces. Nonces are time-stamped and tap into the logged-in user cookie. All nonces in the WordPress Admin leveraging the REST API should use the `wp_rest` action ( `wp_create_nonce('wp_rest')` ) and be passed via either the `_wpnonce` data param (GET or POST) or the `X-WP-Nonce` header.