Pressready — WordPress upgrade readiness scanner

The problem

Upgrading PHP or WordPress on a site with dozens of third-party plugins is a gamble. There is no way to know what breaks until it breaks — in production. Pressready changes that.

⬡

Whole-stack scan

Scans every plugin, theme, and mu-plugin in wp-content — not just your own code. Third-party code breaks too.

⊕

PHP + WordPress in one pass

Two engines, one command. PHPCompatibility handles the PHP axis; a custom sniff handles the WordPress deprecation axis.

◎

Honest severity model

Fatals (white screen) are separated from risky behaviour changes and mere deprecations — no false alarms, no hiding real problems.

⊞

Per-component attribution

Findings group by the plugin or theme that owns them, sorted fatals-first, so you know exactly which package to fix or replace.

◉

Baseline for legacy sites

Snapshot today's known issues and fail CI only on new findings — adopt on a site with pre-existing tech debt without drowning in noise.

⌘

WP-CLI native

Run wp pressready scan from the WordPress root on a live site. No database needed — readiness scanning is entirely static.

How it works

One scan, two engines. Pressready runs PHPCompatibility and its own WordPress sniff in a single PHP_CodeSniffer pass.

⬡

PHP axis — PHPCompatibility

The battle-tested community standard. Catches removed functions, deprecated language features, and behavioural changes for any PHP version from 5.3 to 8.4. Runs via the phpcompatibility/phpcompatibility-wp wrapper that skips functions WordPress itself polyfills — no false positives.

⊕

WP axis — custom sniff + dataset

A custom PHPCS sniff driven by an authoritative, regenerable JSON dataset of every WordPress core deprecation — extracted straight from core's own _deprecated_* annotations. 641 calls → 602 unique entries covering functions, methods, classes, hooks, files, and arguments back to WordPress 1.5.

The dataset is regenerable against any wordpress-develop checkout: php bin/gen-wp-deprecations.php --src=/path/to/wordpress-develop/src --out=data/wp-deprecations.json. Re-run each WordPress release to refresh for free.

Level	Meaning	Source
fatal	PHP symbol removed by the target version → call to undefined → white screen	PHPCompatibility (message says "removed since PHP")
risky	Behavioural / correctness change that still runs but may produce wrong results	Other PHPCompatibility errors
php	PHP feature deprecated (not yet removed) by the target version	PHPCompatibility warnings
wp	WordPress core API deprecated by the target WP version	Pressready sniff

Install

Pressready is a Composer dev tool. It registers the Pressready PHPCS standard automatically via dealerdirect/phpcodesniffer-composer-installer.

PHP 8.2–8.4 detection needs the pre-release PHPCompatibility 10 engine, so your project must allow dev stability (it still prefers stable everywhere else) and allow the PHPCS installer plugins.

# Configure your project once
composer config minimum-stability dev
composer config prefer-stable true
composer config --no-plugins allow-plugins.dealerdirect/phpcodesniffer-composer-installer true
composer config --no-plugins allow-plugins.phpcsstandards/phpcsutils true

# Add to your project as a dev dependency
composer require --dev itzmekhokan/pressready

# Verify the standards registered
vendor/bin/phpcs -i   # lists "Pressready" and "PHPCompatibilityWP"

Requires PHP 7.4+. Uses PHPCompatibility 10.x (pre-release, pinned) for PHP 8.x removal data — will be unpinned when it ships stable.

Quick start

Run the standalone CLI directly after composer install.

# Both axes — the headline question.
vendor/bin/pressready --php=8.4 --wp=6.9 --path=wp-content

# One axis at a time.
vendor/bin/pressready --php=8.4 --path=.
vendor/bin/pressready --wp=6.9  --path=.

# Delta: only what newly breaks upgrading FROM 6.4 TO 6.9.
vendor/bin/pressready --wp=6.9 --since=6.4 --path=.

# CI gate: fail the build only on real fatals.
vendor/bin/pressready --php=8.4 --wp=6.9 --fail-on=fatal --path=.

# Machine-readable output.
vendor/bin/pressready --php=8.4 --wp=6.9 --format=json --path=.

# GitHub PR inline annotations.
vendor/bin/pressready --php=8.4 --wp=6.9 --format=github --path=.

# SARIF for code-scanning dashboards (GitHub Advanced Security).
vendor/bin/pressready --php=8.4 --wp=6.9 --format=sarif --path=. > pressready.sarif

# A PHP upgrade path — everything that breaks across 8.1 → 8.4.
vendor/bin/pressready --php=8.1-8.4 --path=.

# Hide the deprecation tail; show only fatals and risky changes.
vendor/bin/pressready --php=8.4 --wp=6.9 --ignore-on=deprecated --path=.

--format: grouped (default) · table · summary · json · sarif · github
--fail-on: fatal · risky · deprecated · --ignore-on: hide findings at/below a level (the inverse)

Large stacks & performance

Built to scan a full enterprise wp-content — hundreds of plugins, tens of thousands of files — without crawling.

Speed

# Parallel is ON by default (auto-detects CPU cores).
vendor/bin/pressready --php=8.4 --wp=6.9 \
  --path=wp-content --parallel=8

# Cache results — re-scans only reprocess changed files.
vendor/bin/pressready --php=8.4 --wp=6.9 \
  --path=wp-content --cache

Focus & signal

# The 10 worst components, or just one.
vendor/bin/pressready --php=8.4 --wp=6.9 \
  --path=wp-content --top=10
vendor/bin/pressready --php=8.4 --wp=6.9 \
  --path=wp-content --only=woocommerce

Un-fixable / generated code is skipped by default (vendor, node_modules, build, dist, *.min.php, tests). Add your own with --ignore=<patterns> or turn the built-ins off with --no-default-ignore. Repeated identical findings collapse into one line with an (×N) count.

Config file

Commit shared defaults to a .pressready.json in your project root — CLI flags always win.

{
  "php": "8.4",
  "wp": "6.9",
  "fail-on": "fatal",
  "ignore": ["*/cache/*", "*/languages/*"],
  "top": 20
}

WP-CLI — `wp pressready scan`

Same engine, run from the WordPress root. Defaults to the site's wp-content. Runs before WordPress boots — no database required.

Register the command

Add to your project's wp-cli.yml:

require:
  - vendor/itzmekhokan/pressready/wp-cli.php

Or pass --require inline:

wp --require=vendor/itzmekhokan/pressready/wp-cli.php pressready scan --php=8.4 --wp=6.9

Usage

# Scan with both axes — the main question.
wp pressready scan --php=8.4 --wp=6.9

# Scan a specific directory instead of the default wp-content.
wp pressready scan wp-content/plugins --php=8.4

# WordPress axis only, JSON output.
wp pressready scan --wp=6.9 --format=json

# CI gate: exit non-zero when fatals are present.
wp pressready scan --php=8.4 --wp=6.9 --fail-on=fatal

# Delta: only what newly deprecates upgrading from 6.4.
wp pressready scan --wp=6.9 --since=6.4

# Table format (default), summary, CSV, or count.
wp pressready scan --php=8.4 --format=table
wp pressready scan --php=8.4 --format=summary
wp pressready scan --php=8.4 --format=csv

Options

`scan [<path>]`	Directory to scan. Default: this site's `wp-content`. Positional — WP-CLI reserves `--path` for the install dir.
`--php=<ver>`	Target PHP version (e.g. `8.4`). Reports removed/deprecated PHP features.
`--wp=<ver>`	Target WordPress version (e.g. `6.9`). Reports deprecated core APIs.
`--since=<ver>`	With `--wp`, only what newly deprecates upgrading from this version.
`--format=<fmt>`	`table` (default) · `summary` · `json` · `csv` · `yaml` · `count`
`--fail-on=<lvl>`	Exit non-zero when findings at/above this level exist: `fatal` · `risky` · `deprecated`
`--ignore-on=<lvl>`	Hide findings at/below this level (the inverse of `--fail-on`).
`--parallel=<n>`	phpcs worker processes. Default: auto (CPU cores); `1` to disable.
`--cache[=<file>]`	Cache results so re-scans only reprocess changed files.
`--ignore=<patterns>`	Extra comma-separated path patterns to skip (`--no-default-ignore` drops the built-ins).
`--only / --top`	Focus the report: one component by name, or the N worst.
`--config=<file>`	Load defaults from a JSON config file (CLI flags still win).

Baseline & CI

Adopt Pressready on a legacy site without drowning in pre-existing findings — snapshot today's known issues, then fail CI only on new ones.

Standalone CLI

# Snapshot existing findings.
vendor/bin/pressready \
  --php=8.4 --wp=6.9 \
  --generate-baseline

# From now on, fail only on NEW findings.
vendor/bin/pressready \
  --php=8.4 --wp=6.9 \
  --baseline --fail-on=fatal

GitHub Actions

- name: Pressready scan
  run: |
    php bin/pressready \
      --php=8.4 --wp=6.9 \
      --baseline \
      --fail-on=fatal \
      --format=github \
      --path=wp-content

Findings are keyed by path → signature (sniff code + message with line numbers neutralised), so the baseline survives line shifts and reordering. --baseline=<file> / --generate-baseline=<file> accept a custom path.

Per-finding suppression

Uses native PHPCS inline comments — no custom syntax to learn.

// Suppress everything on this line.
create_function( '$x', 'return $x;' ); // phpcs:ignore

// Suppress a specific sniff.
get_postdata( 1 ); // phpcs:ignore Pressready.WordPress.Deprecated.DeprecatedFunction

Roadmap

The core scanning engine and WP-CLI integration are complete and production-ready.

Phase	Scope	Status
1	WP-deprecations dataset generator + authoritative JSON dataset	done
2	Custom PHPCS sniff + reporter (grouped / summary / json), version gate, exit codes	done
3	`--php=` via bundled PHPCompatibility; unified severity model (fatal / risky / php / wp)	done
4	Per-component attribution, baseline, `--format=github`, inline suppression	done
5	`wp pressready scan` WP-CLI command (before_wp_load, all formats, `--fail-on`)	done
6	Enterprise scale: parallel scanning, result cache, path ignores, duplicate collapsing, `--only`/`--top`, `.pressready.json` config, SARIF output, PHP version ranges, docblock-driven dataset coverage	done
7+	DataViews admin report; fix-hint links; Update Safety Net (sequel); WP.org distribution	planned