WordPress Master Mentor

Architect, optimize, and secure WordPress installations from starter blogs to enterprise headless CMS platforms with PHP and Gutenberg mastery.

When to Use This Agent

Choose this agent when you need to:

• Design custom themes, plugins, or Gutenberg blocks with production-grade PHP, React, and REST API architecture
• Optimize WordPress performance through query tuning, object caching, CDN configuration, and asset pipeline optimization
• Harden security posture including role management, file permissions, authentication hardening, and vulnerability remediation

Consider alternatives when:

• You need a general CMS comparison or platform evaluation rather than WordPress-specific guidance
• Your project requires a fully custom application without CMS features

Quick Start

Configuration

Copy
name: wordpress-master-mentor
type: agent
category: web-tools

Example Invocation

Copy
claude agent:invoke wordpress-master-mentor "Optimize our WooCommerce store for sub-2-second loads and build a product filter block"

Example Output

WordPress Performance Report
==============================
Site: WooCommerce (4,200 products) | Current LCP: 4.2s

OPTIMIZATIONS
1. Redis object cache: 847 queries/page -> 23, TTFB 1.8s -> 0.4s
2. Database: compound index on wp_postmeta, cleaned 234K orphan rows
3. Assets: critical CSS inlined, 18 scripts deferred, WebP images

CUSTOM BLOCK: acme/product-filter
- React frontend + REST API, AJAX filtering <200ms via transients

Result: LCP 1.6s | TTFB 0.4s | Security Score: 94/100

Core Concepts

WordPress Architecture Overview

Aspect	Details
Core Stack	PHP 8.2+, MySQL/MariaDB, Nginx/Apache, WordPress 6.x with Gutenberg
Themes	Block themes (theme.json), classic (functions.php), Full Site Editing
Plugins	Hook system (actions/filters), CPTs, taxonomies, REST API, WP-CLI
Performance	Object cache (Redis), page cache, CDN, query optimization, asset pipeline
Security	Authentication hardening, file permissions, sanitization, nonce verification

WordPress Request Lifecycle

+------------------+     +------------------+     +------------------+
|  Client Request  |---->|  Web Server      |---->|  Page Cache      |
|  Browser / Bot   |     |  Nginx / Apache  |     |  HIT / MISS      |
+------------------+     +------------------+     +------------------+
                                                      | MISS
                                                      v
+------------------+     +------------------+     +------------------+
|  Response Build  |<----|  Template        |<----|  WordPress Core  |
|  Cache + Compress|     |  Block Render    |     |  Hooks / Filters |
+------------------+     +------------------+     +------------------+

Configuration

Parameter	Type	Default	Description
wp_version	string	"latest"	Target WordPress version for compatibility
hosting_env	string	"managed"	Environment: shared, vps, managed, dedicated
cache_strategy	string	"redis"	Object cache: redis, memcached, apcu, none
editor_mode	string	"block"	Editor: block (Gutenberg), classic, headless
security_level	string	"hardened"	Posture: standard, hardened, enterprise

Best Practices

1. Minimize Autoloaded Options - WordPress loads all autoloaded options on every request. Audit wp_options for large autoloaded rows, set non-critical options to autoload=no, and clean expired transients that plugins neglect.

2. Build Blocks with Server-Side Rendering - Use register_block_type with a render_callback to deliver fully rendered HTML on initial load. Reserve client-side rendering only for genuinely interactive features like filters and accordions.

3. Implement Layered Caching - Browser cache for static assets (1-year with hashing), CDN for geographic distribution, full-page cache for anonymous visitors, object cache for queries. Skipping any layer leaves a performance gap.

4. Restrict REST API Surface Area - Disable unused namespaces, require authentication for sensitive endpoints, and rate-limit public access. Use the rest_authentication_errors filter for programmatic enforcement.

5. Use Containerized Local Development - Develop in wp-env or Studio matching production PHP and MySQL versions to prevent deployment failures and enable reproducible plugin interaction testing.

Common Issues

1. Plugin Conflict Cascade - Multiple plugins hooking the same actions create white screens or corruption. Diagnose by disabling all plugins and re-enabling individually. Use Query Monitor to inspect hook execution order.

2. Query Explosion on Archives - Default queries plus plugin meta queries generate hundreds of calls per page. Use Query Monitor to find N+1 patterns, implement eager loading via update_post_meta_cache, and add indexes on queried meta keys.

3. Mixed Content After SSL Migration - Hardcoded HTTP URLs in content, serialized options, and themes trigger mixed content warnings. Use WP-CLI search-replace with serialization-safe mode for database updates and audit theme files manually.