Creating my own WordPress Theme. World of pain or simple?

Question

Here's the deal. I currently have WordPress that runs on a sub directory, i.e. everything outside that is non-WordPress.

My current WordPress theme works great but the branding and consistency is not there. Long story short I'd like to create my own theme to compliment the rest of my site. I am competent enough to style the theme and I understand that creating a theme is 'not difficult' but my main question is that of security - see below for more!

I'd really appreciate any thoughts or advice:

• In terms of security, as long as I use the WordPress php tags I should be all good when creating a theme?
• Can I pull the Theme CSS from outside the WordPress directory but in the same domain, or must it be in the same directory?
• How forward compatible is a self-made theme, i.e. when the WordPress team updates the CMS, would my theme break each time?

Thanks as always!

Answer 1

In terms of security, as long as I use the WordPress php tags I should be all good when creating a theme?

Yes. As long as you are keeping WordPress updated, good coding practices, and well-rated plugins. WP is very secure as long as you do not write custom code yourself that is insecure. WP has built in functions for sanitizing input working with the database to prevent SQL injections and other vulnerabilities.

The largest danger here is either using a poorly coded plugin that is vulnerable, or writing code yourself that is not secure.

Can I pull the Theme CSS from outside the WordPress directory but in the same domain, or must it be in the same directory?

You can edit header.php to pull in stylesheets from anywhere you want using the link tag in your head. You could also register it in functions.php using the wp_enqueue_style() function.

How forward compatible is a self-made theme, i.e. when the WordPress team updates the CMS, would my theme break each time?

Depends how it is coded and what plugins you rely on, but in general WordPress is pretty forward compatible, deprecated functions will continue to work and so forth. The Function Reference on the WP Codex is your bible. Follow guidelines there and you will be fine.

I would also recommend looking at starter themes or theme frameworks - these are often relatively minimalistic / barebones themes that you can either modify directly or create a child theme for and provide a sort of base template to build custom themes.

There are a million starter themes and frameworks out there but I personally really like Bones as it is very basic and lightweight and easy to turn into anything you want.

Answer 2

In terms of security, as long as I use the WordPress php tags I should be all good when creating a theme?

Yes. As long as you keep your WP core up to date.

Can I pull the Theme CSS from outside the WordPress directory but in the same domain, or must it be in the same directory?

Technically you can, just like including fonts by google or using a CDN for your CSS/JS. Just keep in mind, that including things with absolute URIs will possibly limit the portability of your theme. Themes are mostly 'one package containing everything' builds.

How forward compatible is a self-made theme, i.e. when the WordPress team updates the CMS, would my theme break each time?

Usually nothing brakes, most of the themes used in the wild do have 100% compatibility with all WP releases over the years. There are a very few 'deprecated' tags in Wordpress. The WP core team likes stable platforms a lot (and thats why I like it, too).

Personally, I would recommend to give it a try. A basic theme consists of 3 files, so the effort for stepping in is basically very low.