Skip to content

How-to Guides

Technical References

Code Review /

Requesting code review on VIP

If you have a site with VIP Application Support, you have the ability to request code review from the VIP Team.

The goal of our reviews is to make sure that your site will be:

  • Secure, because pushing a site live with insecure code presents a liability to you and your whole userbase.
  • Performant, because going live and finding out that your code can’t handle the traffic levels your site expects puts most of your launch efforts to waste.

We also review for development best practices to make sure your site will continue to live on without significant maintenance costs or major issues when WordPress is upgraded.

VIP’s review focuses on the performance and security considerations in PHP, custom JavaScript, and SVG files. We do not review HTML, CSS, SASS, many popular third-party JavaScript libraries, or built JavaScript files.

Be sure to review our recommendations for the speediest code review, and avoid reviewing known issues or non-production code.

After creating a pull request

On a pull request against your production branch, the Code Analysis Bot should comment indicating whether the pull request has been automatically added to our review queue or, when reviews are optional, explain how to add a label to request a review.

Customers with Application Support can request specific developer feedback on your codebase (including themes and custom plugins) by adding the “[VIP] Review Request” label to your PR in master. Before adding the label, ensure that you’ve addressed as many errors and warnings from the automated scan as possible. Please note that pull requests without the [VIP] Review Request label will not be manually reviewed.

You can find the labels field in the GitHub UI on the right sidebar of your pull request:

Pull requests to master with the label [VIP] Review Request surface as a new review request in our internal review queue. The VIP Team will review the PR directly on GitHub, and suggest any changes by leaving comments. Your team will go through and make any necessary changes, and when you’re ready for another round of review, “dismiss” the review. This process continues until there are no outstanding issues, at which point the VIP Team will “approve” the request.

Where possible, we recommend keeping PRs small by breaking them down into atomic commits. If the changeset is larger than 1000 lines of code, it will need to be scheduled for a review. The duration of manual code review can vary depending on the complexity of the code, and your Technical Account Manager will help you determine an appropriate timeline for your project.

Categories of code review feedback

On VIP Go, we typically bucket code feedback into three categories: Errors, Warnings, and Notices. More information about each category of feedback can be found on its individual page:

  • VIP Errors — This won’t work or will expose your site to severe performance and security concerns. This category was formerly called a VIP Blocker.
  • VIP Warnings — We strongly recommend your team take care of these issues as soon as possible.
  • VIP Notices — Needs to be considered carefully when including them in your VIP theme or plugin.

Requesting urgent reviews

If a change is urgent, you can arrange for your own GitHub admin to merge the pull request without a review, and if needed, ask VIP to look it over afterwards. Or you can ask for an expedited review: “vip” plus one of “hotfix” or “urgent” will trigger a review, either in the title or the initial comment. E.g. “Can VIP please review this on an urgent basis?”

Last updated: January 02, 2021