skip to content

Web Services

Custom WordPress Themes

Thank you for your interest in developing a custom WordPress theme. Because we run a multi-user install of WordPress with everyone on the same domain, we need to set some ground rules for the security of everyone on the system. Please review the guidelines below and let the campus webmaster know if you have any questions.


  1. Author / Department — style.css

    To facilitate ease of contacting the appropriate parties responsible for a custom theme, we require that the Author tag in your custom theme is set including both your name and department as shown below. We would also appreciate if you include your campus login name preceded by a hash (#) as the Author URI.

    Author: Bridget Carriveau / Web Services
    Author URI: #carriveb

  2. Custom Fonts — style.css

    If you are using custom fonts in your theme (via @font-face or another means), we require a comment in your CSS noting the location you downloaded the font from so that we can verify the appropriate license is in place for using the font.

    If your font download included a text file with the license, please include it in your theme along with the font files themselves.

    If you're interested in using custom fonts in your design, we strongly recommend utilizing Google Web Fonts. There are hundreds of free fonts for you to use that should all have the appropriate licensing in place.

  3. wp_head() — header.php

    All themes must include wp_head(); in the <head> section of their header.php file. There are no exceptions to this rule. The wp_head function is used by the campus blog network to add various items to your blog that we use globally (such as Google Analytics). This is a standard in WordPress theme development.

  4. wp_footer() — footer.php

    All themes must include wp_footer(); in their footer.php file, generally it should go immediately before the closing body and html tags. There are no exceptions to this rule. The wp_footer function is used by the campus blog network to add various items to your blog that we use globally, similar to wp_head, but for when the end of the document is more appropriate. This is a standard in WordPress theme development.

  5. No Custom Favicons — header.php

    To keep a consistent brand identity for the university, we do not allow custom favicon shortcut icons on the campus blog network. If you set a custom shortcut icon using code similar to below or by any other means, it will need to be removed.

    <link rel="shortcut icon" href="your-own-favicon.png" />

  6. Set Your $content_width — functions.php

    Please set your $content_width variable to let WordPress know how wide the main column of your blog is. This will help included photos and videos be sized properly.

    if ( ! isset( $content_width ) ) $content_width = 640;

  7. Document Your Custom Functions — functions.php

    WordPress can do some great things and is highly extensible. We realize how easy it is to find custom functions around the web and implement them in to your theme. While we don't outright ban this practice, we do require you to document where you got each function from. Please include a link to the source in a comment immediately preceding any functions you add.

    If you write the function yourself, please follow WordPress coding standards and include a documentation tag above the function specifying what it does, and documenting the input/output parameters.

    If you include any custom SQL queries anywhere in your theme, be prepared for a delay in getting your theme put live in order to have your code analyzed and also be ready to be questioned on your knowledge of SQL injections attacks and securing your code. Be warned: if you're just doing a copy/paste from someone else on the web and don't really understand things, we're probably not going to let you do it.

  8. Javascript Includes

    If you're including any third party javascript files for effects like slideshows, sliders, or flyout navigation, you'll need to include a non-minified version that we can review.

    If you're creating your own custom javascript for effects, we'll need to see a non-minified version of that as well.

    Do not hardcode javascript libraries like jQuery in to your theme. Please make use of the wp_enqueue_script function in WordPress to ensure you don't have multiple copies of libraries being loaded.

  9. Avoid IFRAME, OBJECT, and EMBED Tags

    For security reasons, iframe, object, and embed tags are generally not allowed in blog posts or page content. If you're looking to embed a third party service (ie: YouTube video, Slideshare slideshow), you should set up a shortcode for the service in your functions.php file. We will only allow this for well-known services that we deem to not be a risk.

    Please do not create a custom shortcode for a service we already offer a standard shortcode for. If you have created a shortcode for a service we don't offer, but think it might be useful to others on campus, let us know and we may move your shortcode out of your theme and in to the sitewide shortcode file.

  10. Don't Forget Your 404

    We often see theme authors change the structure of their single post and page templates, but neglect to make the necessary changes in their 404 template as well. Don't forget to update it to match!

  11. Images Must Be Hosted on Domain

    You should not use images in your theme (or posts for that matter) that are referenced from an off-site domain. Aside from not being able to count on the images staying at that location, it's bandwidth theft, don't do it.

  12. SSL and HTTP(S) Policies

    Campus blogs are required to use SSL (HTTPS) when accessing the blog administration panels. Do not attempt to override this. You do not need to do anything special in your theme for this to work.

    Also on the flip side, campus blogs are currently forced back to a non-secure connection when viewing the site. This was done to reduce link duplication.


  1. Use Child Themes When Appropriate — style.css

    Around version 3.0 of WordPress, they added the capability to create child themes. If your theme is reusing files from another, verbatim, then you should really be using a child theme. Please convert your theme to a child theme by removing all the duplicate files, and setting the child theme tag in your style.css file. WordPress will reference the missing files from the main theme's folder, and when that theme is updated in the future, yours will get the benefit as well.

  2. IE Compatibility — header.php

    We strongly encourage you to test your new theme in IE8+ and make use of the developer tools to verify it looks correct in both IE7 and IE8. Please note that campus computers default to viewing sites in IE7 mode as they are local intranet sites, and as a best practice you should include the X-UA-Compatibility meta tag to tell IE what version you'd like it to use to render. While we do currently have this sent as a header for all WordPress blogs, it's in your best interest to set the META tag as well just in case our policy changes.

  3. Include a screenshot.png preview of your theme

    Please create a screenshot of your theme to help us keep track of what's what in the WordPress admin area. The screenshot should be 300x225.

  4. Permalinks

    We are happy to report we now support regular permalinks on blogs, index.php is no longer needed in the link. We recommend you take advantage of this and set up "pretty permalinks" for your blog using the WordPress admin interface.

  5. Responsive Design

    As mobile becomes more and more popular, we strongly recommend you develop your theme using responsive web design techniques that allow your theme to look great across a variety of devices.

  6. 960px or less

    If you are not going to create a responsive design, we strongly recommend keeping your design to a maximum width of 960px or less.

  7. Avoid HTML5

    Due to the nature of our campus-wide browser defaults, we recommend against developing your theme in HTML5 for the time being. Yes, it's cool and new, but we can almost guarantee you're going to have unexpected problems. This is merely a recommendation, you're welcome to try, but we currently don't find it worth the effort.

  8. Test Cross-Browser Compatibility

    While our campus default is Internet Explorer 8, only 53% of our current website visitors actually use Internet Explorer. As a result, we strongly recommend you also test your theme in Firefox, Safari, and Chrome.

    • Internet Explorer 8 - 37%
    • Firefox - 17%
    • Safari - 14.5% (12.5% excluding iOS)
    • Chrome - 13%
    • Internet Explorer 9 - 11%
    • Internet Explorer 7 - 5%
    • Android - 1.6%
    • Safari iPhone/iPod - 1.2%
    • Safari iPad - 0.85%