Skip to content

Run PHPCS against code

Running a PHPCS scan against code, particularly third-party plugins and themes, can provide useful and actionable feedback on existing warnings and errors within the code.

Refer to the PHP_CodeSniffer Wiki for additional guidance on scanning code with PHPCS.


PHPCS is installed on the user’s local machine as well as the WordPress Coding Standards and the VIP Coding Standards.

The following command example sets the appropriate standard (WordPress-VIP-Go), tells PHPCS to show the violation code for any violations(-s), show a progress bar (-p), cut the file paths down to be relative from the current directory (--basepath=.), and to ignore the vendor/ directory.

phpcs --standard=WordPress-VIP-Go -sp --basepath=. --ignore=vendor path/to/code/directory

Path to the directory or file to be scanned

PHPCS scans can be run against the contents of a directory or against a single file. The path value in a PHPCS command can be an absolute path or a relative path to the directory from which the PHPCS command is run.

If the user is in the directory Desktop in the terminal prompt, and the example-site repository has been cloned to Desktop/working-folder/example-site, the repository’s path value in the command will be working-folder/example-site.

Format command output

Command output can be formatted as a specific “Report Type”, and limited to specific ranges of severity levels. This command example demonstrates how to format the command output in columns as a CSV, and only output errors and warnings of severity level 6 or higher:

phpcs --standard=WordPress-VIP-Go -sp --basepath=. --ignore=vendor --warning-severity=6 --error-severity=6 --report=csv /path/to/code/directory/ | column -t -s, | less -S


A PHPCS scan might fail due to memory exhaustion when run against large amounts of code. To resolve this issue, scan smaller amounts of code (e.g. one plugin directory at a time).

Last updated: December 23, 2023

Relevant to

  • WordPress