WordPress Interview Questions: Beginner to Advanced with Real Answers

WordPress powers 43% of the internet. And yet the most common reason developers fail WordPress interviews isn’t lack of experience — it’s that they’ve only ever used WordPress, never really understood it. There’s a difference between someone who builds sites and someone who can explain why their code works.

Most interview guides online are the same recycled list: “What is a child theme?” “What is a shortcode?” Useful for a beginner quiz, not for an actual interview in 2026. Companies today expect developers to understand hooks at a code level, know when not to use a plugin, and at least have a working vocabulary around REST API, Gutenberg blocks, and WooCommerce.

This article covers all of that. Every answer includes the “why” — not just the definition. Many questions include code snippets. And there’s a section specifically for business owners who need to evaluate a developer but don’t know PHP.

Explore Top 50 WordPress Interview Questions for Beginners

Basics — WordPress Interview Questions for Freshers

These are the questions you’ll almost certainly get in the first 10 minutes of any WordPress interview. The goal isn’t to recite a Wikipedia definition — it’s to show you understand what you’re working with.

Q1. What is WordPress, and why is it so popular?

WordPress is a free, open-source content management system (CMS) built on PHP and MySQL. It started as a blogging tool in 2003 and gradually evolved into a full web development platform. Today, it powers everything from personal blogs to enterprise e-commerce stores.

The reason it’s dominant isn’t just history — it’s the ecosystem. Over 60,000 plugins. Thousands of themes. A massive developer community. A business owner can get a working site up in a day using existing tools. A developer can extend it to do almost anything with code. That combination is hard to replicate.

Q2. What’s the difference between WordPress.com and WordPress.org?

Think of it this way: WordPress.org is the software. WordPress.com is a hosting service that runs the software for you — but with restrictions.

Feature	WordPress.org (Self-hosted)	WordPress.com (Hosted)
Hosting	You arrange it	Included
Plugin installation	Any plugin	Limited (plan-dependent)
Custom themes	Full control	Limited on free/basic plans
Monetisation	Your choice	WordPress.com takes a cut
Who it’s for	Developers, businesses, serious sites	Beginners, hobbyists

When someone hires a WordPress developer, they almost always mean WordPress.org. If a candidate doesn’t know this distinction, that’s a flag.

Q3. What is the difference between Posts and Pages?

Posts are time-stamped content — blog articles, news, updates. They belong to categories and tags, appear in the RSS feed, and show up in reverse chronological order on archive pages.

Pages are static content — About Us, Contact, Services, Privacy Policy. They don’t have publish dates in the traditional sense, aren’t categorised, and don’t appear in the blog feed.

In practice, a fresh developer mistake is building a company’s “Services” section as posts instead of pages (or a custom post type), which makes the URL structure messy and the content uncategorisable in a useful way.

Q4. What are plugins? Name 5 you should know cold.

Plugins are PHP files (sometimes with CSS and JS) that extend WordPress functionality without touching core files. You can install them from the dashboard or upload them manually.

Five plugins worth knowing for any interview:

~ Yoast SEO / RankMath — on-page SEO management

~ WooCommerce — e-commerce, built on WordPress

~ Advanced Custom Fields (ACF) — custom meta fields with a UI

~ Wordfence / Sucuri — security scanning and firewall

~ WP Rocket / W3 Total Cache — caching and performance

Q5. What is a child theme, and why do you always use one?

A child theme is a theme that inherits everything — styles, templates, functions — from a parent theme, but lets you override or add to it without modifying the parent’s files.

Why does this matter? Because when the parent theme updates, it overwrites its own files. If you edited those files directly, your changes are gone. A child theme keeps your customisations safe.

The minimum a child theme needs is a folder in wp-content/themes/, a style.css with a Template: header pointing to the parent, and a functions.php that enqueues the parent styles.

/* style.css */
/*
Theme Name: Astra Child
Template: astra
*/

/* functions.php */
add_action( 'wp_enqueue_scripts', 'child_enqueue_parent' );
function child_enqueue_parent() {
    wp_enqueue_style(
        'parent-style',
        get_template_directory_uri() . '/style.css'
    );
}

❌ Common Mistake

Editing the parent theme directly — even for one CSS change — means you’ll lose it the next time the theme updates. This has burned a lot of developers on client sites.

Q6. What is the WordPress Loop?

The Loop is the PHP code that retrieves posts from the database and renders them. WordPress runs a main query based on the current URL, then the Loop goes through the results and outputs whatever your template tells it to.

if ( have_posts() ) {
    while ( have_posts() ) {
        the_post();
        // Output post data
        the_title();
        the_content();
    }
} else {
    // Nothing found
    echo '<p>No posts found.</p>';
}

The key thing to understand: the_post() isn’t retrieving the post — it’s advancing the pointer and setting up global variables like $post. Beginners sometimes call the_post() outside the loop and wonder why nothing works.

Q7. What is a permalink, and why does its structure matter?

A permalink is the permanent URL for a post, page, or archive. WordPress lets you control the structure — the default is something ugly like /?p=123. A clean structure like /blog/post-name/ is better for both users and search engines.

From an SEO standpoint, your permalink should include the post name and nothing else that ages badly (like dates in the URL for evergreen content). You set this under Settings → Permalinks in the dashboard.

Q8. What is a shortcode?

A shortcode is a small tag in square brackets — like 

Error: Contact form not found.

 or  — that triggers a PHP function and outputs HTML. Plugins use them so users can embed complex features into post content without writing code.

You register one with add_shortcode():

add_shortcode( 'my_button', 'render_my_button' );

function render_my_button( $atts ) {
    $atts = shortcode_atts([
        'url'  => '#',
        'text' => 'Click Here',
    ], $atts);

    return '<a href="' . esc_url( $atts['url'] ) . '">'
         . esc_html( $atts['text'] ) . '</a>';
}
// Usage: [my_button url="https://archana.dev" text="Visit Site"]

Shortcodes output HTML, so always return the string — never echo it directly inside the function.

Interviewer’s Lens

For freshers, interviewers aren’t expecting you to build something complex from memory. They want to know you understand WordPress as a system — not just a tool you’ve clicked around in. Use the correct technical terms. Don’t say “I drag and drop things in Elementor” as your answer to a theme question.

Themes, Templates & the WordPress File Structure

Knowing how WordPress themes are structured is table stakes for any development role. The template hierarchy in particular gets asked a lot — and most candidates get it partially right.

Q9. What files does every WordPress theme need?

Technically, only two files are required: index.php and style.css. That’s it — WordPress can activate a theme with just those. But in practice, a functional theme also includes:

• functions.php — registers features, enqueues scripts/styles, sets up theme support
• header.php — site header, navigation, wp_head() call
• footer.php — footer content, wp_footer() call
• single.php — template for individual posts
• page.php — template for static pages
• archive.php — category, tag, and date archive pages

If WordPress can’t find a specific template, it falls back down the hierarchy until it hits index.php. Which brings us to the next question.

Q10. What is the WordPress Template Hierarchy?

The template hierarchy is the order in which WordPress looks for a template file for a given URL. It goes from most specific to least specific, and always ends at index.php as the fallback.

For a single post, WordPress checks in this order:

1. single-{post-type}-{slug}.php — e.g. single-product-red-shoes.php
2. single-{post-type}.php — e.g. single-product.php
3. single.php
4. singular.php
5. index.php

Why does this matter? If a client asks why their custom post type looks different from blog posts, the template hierarchy is usually where you start. Creating single-portfolio.php lets you control the layout of a “portfolio” CPT without touching single.php.

Q11. What does functions.php do and what should go in it?

functions.php is the theme’s feature file — it runs on every page load and is where you register menus, sidebars, custom image sizes, and theme support (like Gutenberg wide alignments or WooCommerce compatibility).

What belongs there: theme-specific functionality. Registering a nav menu, adding add_theme_support() calls, enqueuing theme assets.

What doesn’t belong there: anything that’s about your site’s functionality rather than your theme’s appearance. If you’re registering a custom post type, that belongs in a plugin — or at least a file separate from your theme. Why? Because if you ever switch themes, your CPT shouldn’t disappear with it.

Q12 How do you properly load CSS and JS in WordPress?

You use wp_enqueue_style() and wp_enqueue_script(), hooked to wp_enqueue_scripts. Not in header.php directly, not with a hardcoded <script> tag.

Why? Because WordPress manages script dependencies. If two plugins both need jQuery, WordPress loads it once. If you hardcode it, you might load it three times — which breaks things.

add_action( 'wp_enqueue_scripts', 'my_theme_assets' );

function my_theme_assets() {
    // CSS: handle, URL, deps, version, media
    wp_enqueue_style(
        'my-theme',
        get_stylesheet_directory_uri() . '/style.css',
        [],
        '1.0.0'
    );

    // JS: handle, URL, deps, version, load in footer
    wp_enqueue_script(
        'my-theme-js',
        get_stylesheet_directory_uri() . '/js/main.js',
        [ 'jquery' ],   // depends on jQuery
        '1.0.0',
        true            // load in footer, not <head>
    );
}

The last parameter true in wp_enqueue_script() loads the JS in the footer — almost always the right choice for performance.

🎯 Interviewer’s Lens

If a candidate can explain the template hierarchy clearly, it shows they understand how WordPress renders pages — not just how to use it. Ask them: “Why would you create single-project.php instead of editing single.php?” The answer reveals if they think architecturally.Section 03Intermediate

WordPress Hooks, Actions & Filters — The Interview Favourite

Hooks are the most commonly tested topic at every experience level. Freshers get asked to define them. Mid-level developers get asked to explain the difference between actions and filters with code. Senior developers get tricky questions about priority conflicts and hook removal.

Q13 What are WordPress hooks and why do they exist?

Hooks are predefined points in WordPress where you can attach your own functions — without modifying core files. They exist because WordPress needs to be extensible. If you had to edit wp-includes/ every time you wanted to change behaviour, updates would overwrite your changes immediately.

There are two types: Action hooks and Filter hooks.

Q14 What is the difference between add_action() and add_filter()?

Here’s the simplest way to think about it: Actions DO something. Filters CHANGE something.

An action hook says “at this point in execution, run these functions.” A filter hook says “here’s some data — your function can modify it before it gets used.”

Feature	add_action()	add_filter()
Purpose	Run code at a specific moment	Modify data before it’s used
Return value	Not required	Required — must return the value
Example use	Register a CPT, send an email on post save	Change post content, modify a title
Real hook example	save_post, init, wp_footer	the_content, the_title, wp_title

// ACTION: Run code when a post is saved
add_action( 'save_post', 'notify_on_save' );
function notify_on_save( $post_id ) {
    // No return needed — we're just DOING something
    wp_mail( 'admin@site.com', 'Post saved', 'ID: ' . $post_id );
}

// FILTER: Modify post content before it's displayed
add_filter( 'the_content', 'add_disclaimer' );
function add_disclaimer( $content ) {
    // MUST return the modified value
    return $content . '<p><em>Disclaimer: for informational purposes only.</em></p>';
}

❌ Most Common Filter Mistake

Forgetting to return the value in a filter function. If your filter function doesn’t return $content, the content becomes empty. This has wiped out entire pages on live sites.

Q15 What do priority and accepted_args do in add_action()?

The full signature is add_action( $hook, $function, $priority, $accepted_args ).

Priority controls the order functions run when multiple functions are attached to the same hook. Lower number = runs earlier. Default is 10. If you need to run after another plugin’s code, use 20 or 30. If you need to run before, use 5 or 1.

Accepted args tells WordPress how many arguments to pass to your function. Most hooks pass at least one. If you need the second argument too (e.g., the post object alongside the post ID), set this to 2.

Q16 How do you remove a hooked function?

With remove_action() or remove_filter(). The catch: you need to call it after the function was added, with the exact same hook name, function name, and priority.

// Remove a function another plugin added
remove_action( 'wp_head', 'wp_generator' );
// This removes the WordPress version meta tag from <head> — common security practice

💡 Tricky Variant

If a function was added inside a class method, removing it looks different: remove_action( 'init', [ $instance, 'method_name' ] ). You need a reference to the object. This trips up a lot of mid-level developers.

🎯 Interviewer’s Lens

A strong hooks answer goes beyond “actions do stuff, filters change stuff.” The real test is: can the candidate write a filter from memory and explain why forgetting the return value is dangerous? That’s the threshold between someone who read about hooks and someone who’s actually used them on a live site.Section 04Intermediate

Custom Post Types, Taxonomies & Meta Fields

Custom post types (CPTs) are how WordPress scales beyond blogs. Any serious project — a portfolio, a real estate site, an LMS, a job board — uses CPTs. If you can’t explain them confidently, you’ll struggle on most agency or freelance interviews.

Q17 What is a Custom Post Type and when do you create one?

A custom post type is a content type you define beyond the defaults (posts, pages, attachments). When a client needs to manage a list of “Properties,” “Team Members,” “Events,” or “Courses” — those become CPTs.

You create one when the content type has its own fields, its own archive page, and its own URL structure. If you’re just adding a few extra fields to a blog post, that’s not a CPT use case — that’s a meta field.

add_action( 'init', 'register_portfolio_cpt' );

function register_portfolio_cpt() {
    register_post_type( 'portfolio', [
        'label'        => 'Portfolio',
        'public'       => true,
        'has_archive'  => true,       // creates /portfolio/ archive
        'show_in_rest' => true,       // enables Gutenberg + REST API
        'supports'     => [ 'title', 'editor', 'thumbnail' ],
        'rewrite'      => [ 'slug' => 'work' ], // URL: /work/project-name/
    ]);
}

⚠️ Common gotcha

After registering a new CPT, go to Settings → Permalinks and click Save — even without changing anything. This flushes the rewrite rules. Without this step, your CPT archive URL returns a 404.

Q18 What is a custom taxonomy and how is it different from a category?

WordPress has two built-in taxonomies: categories (hierarchical) and tags (flat). A custom taxonomy is one you define for your own content types.

A real estate site might have a “Property Type” taxonomy (Apartment, Villa, Studio) for their “Property” CPT. That taxonomy can’t use the default categories — it’s specific to that post type. register_taxonomy() creates it:

register_taxonomy( 'property_type', 'property', [
    'label'        => 'Property Type',
    'hierarchical' => true,  // true = category-style, false = tag-style
    'show_in_rest' => true,
    'rewrite'      => [ 'slug' => 'property-type' ],
]);

Q19 What are post meta fields and how do you use them?

Post meta is additional data attached to a post — stored in the wp_postmeta table as key-value pairs. A “Property” CPT might have meta fields for price, bedrooms, square footage.

// Save meta
update_post_meta( $post_id, 'property_price', 4500000 );

// Retrieve meta
$price = get_post_meta( $post_id, 'property_price', true );
// Third param 'true' returns a single value, not an array

// Delete meta
delete_post_meta( $post_id, 'property_price' );

Q20 What is ACF and when is it overkill?

Advanced Custom Fields (ACF) is a plugin that gives you a UI to create meta fields — text, images, repeaters, relationships, galleries — and attaches them to any post type. It saves hours of code for complex field setups.

When it’s overkill: if you need one or two simple text fields on a custom post type, writing update_post_meta() manually is faster and cleaner than installing a plugin. ACF earns its place when you have complex repeater fields, relationships between post types, or a non-technical client who needs a structured editing experience.

Q21 What is the difference between wp_options and wp_postmeta?

This question separates juniors from mid-level developers. Both store key-value data, but for entirely different purposes.

wp_postmeta stores data specific to a single post — price, author bio, custom field values. The data is tied to a post ID.

wp_options stores site-wide settings — plugin configurations, theme settings, API keys, anything that applies globally. It’s accessed with get_option() and update_option(), not get_post_meta().

Putting site-wide settings in post meta (or the reverse) is a common architectural mistake on beginner projects.

🎯 Interviewer’s Lens

Ask: “Design a CPT structure for a real estate listings site with location filtering.” A strong answer mentions CPTs for properties, custom taxonomies for location/type/status, and ACF or meta for price and specs. A weak answer says “I’d use a plugin for that.”Section 05Intermediate

Database, WP_Query & Performance

WordPress uses MySQL, and the database structure isn’t complicated — but you need to understand it to write efficient queries and debug slow sites. This section also covers one of the most commonly misused functions in WordPress: query_posts().

Q22 Name the core WordPress database tables and what each stores.

WordPress installs 12 tables by default (all prefixed with wp_ unless customised):

Table	What it stores
wp_posts	Posts, pages, CPTs, menu items, attachments, revisions
wp_postmeta	Custom fields and meta data for posts
wp_terms	Names of categories, tags, and custom taxonomy terms
wp_term_taxonomy	Which taxonomy each term belongs to
wp_term_relationships	Maps posts to their terms (which post is in which category)
wp_users	User accounts
wp_usermeta	User meta — role, preferences, plugin data per user
wp_options	Site-wide settings and plugin/theme configuration
wp_comments	Comments on posts
wp_commentmeta	Meta data for comments
wp_links	Blogroll links (largely unused in modern WordPress)
wp_termmeta	Meta data attached to taxonomy terms

Q23 What is WP_Query and how do you use it?

WP_Query is the class WordPress uses to build and run database queries. You create an instance with an array of arguments, then loop through the results.

$args = [
    'post_type'      => 'portfolio',
    'posts_per_page' => 6,
    'tax_query'      => [[
        'taxonomy' => 'project_type',
        'field'    => 'slug',
        'terms'    => 'web-design',
    ]],
];

$query = new WP_Query( $args );

if ( $query->have_posts() ) {
    while ( $query->have_posts() ) {
        $query->the_post();
        the_title();
    }
    wp_reset_postdata(); // CRITICAL — always call this after a custom WP_Query
}

❌ Forgetting wp_reset_postdata()

After a custom WP_Query loop, always call wp_reset_postdata(). Without it, the global $post variable stays set to the last post in your custom query — which can break the main page template, sidebar widgets, and anything else that relies on the current post context.

Q24 WP_Query vs get_posts() vs query_posts() — which do you use?

This comes up constantly. Here’s the breakdown:

WP_Query — use this. Full-featured, flexible, works in any context. The right tool for most secondary queries.

get_posts() — a simpler wrapper around WP_Query. Good for quick lookups. Returns an array of post objects. Doesn’t set up the global $post, so template tags like the_title() won’t work inside its loop without extra setup.

query_posts() — don’t use it. It replaces the main query, which breaks pagination and confuses other plugins. The WordPress documentation itself says to avoid it. Knowing this distinction is a signal that a developer thinks about site-wide side effects, not just “does this work on screen.”

Q25 What are transients and when would you use them?

Transients store cached data in the database with an expiry time. When you’re pulling data from an external API, running a slow meta query, or aggregating data across hundreds of posts — you don’t want to do that on every page load.

$rates = get_transient( 'currency_rates' );

if ( false === $rates ) {
    // Transient expired or doesn't exist — fetch fresh data
    $rates = fetch_currency_rates_from_api();
    set_transient( 'currency_rates', $rates, 12 * HOUR_IN_SECONDS );
}

// Use $rates knowing it's either cached or freshly fetched

Q26 How do you safely run custom SQL in WordPress?

Through the $wpdb global and its prepare() method. Never concatenate user input directly into a SQL string — that’s how SQL injection happens.

global $wpdb;

// WRONG — never do this with user input
$results = $wpdb->get_results( "SELECT * FROM wp_posts WHERE post_title = '$title'" );

// CORRECT — prepare() escapes and sanitises the input
$results = $wpdb->get_results(
    $wpdb->prepare( "SELECT * FROM wp_posts WHERE post_title = %s", $title )
);

🎯 Interviewer’s Lens

The query_posts() question is a trap. If a candidate uses it confidently without mentioning its problems, that’s a real concern — it means they’re copying solutions without understanding the side effects.Section 06Advanced

WordPress REST API & Headless WordPress

The REST API is almost completely absent from the top-ranking interview guides online — which means knowing it well is an immediate differentiator. More companies are building on headless WordPress setups in 2026, and even traditional WordPress projects increasingly use the API for custom admin interfaces or mobile apps.

Q27 What is the WordPress REST API?

The REST API lets you interact with WordPress data over HTTP using JSON — from any language, any framework, or any external service. Instead of rendering a PHP template, WordPress sends back structured data that your front-end (React, Vue, mobile app) can consume and display.

Built-in endpoints exist for posts, pages, users, media, and more. You can hit /wp-json/wp/v2/posts and get a JSON array of posts without writing a line of PHP.

Q28 How do you create a custom REST API endpoint?

Using register_rest_route(), hooked to rest_api_init:

add_action( 'rest_api_init', 'register_my_endpoints' );

function register_my_endpoints() {
    register_rest_route( 'mysite/v1', '/featured-posts', [
        'methods'             => 'GET',
        'callback'            => 'get_featured_posts',
        'permission_callback' => '__return_true', // public endpoint
    ]);

    register_rest_route( 'mysite/v1', '/save-lead', [
        'methods'             => 'POST',
        'callback'            => 'save_lead_data',
        'permission_callback' => function() {
            return current_user_can( 'edit_posts' ); // auth required
        },
    ]);
}

function get_featured_posts( $request ) {
    $posts = get_posts([ 'post_type' => 'post', 'numberposts' => 5 ]);
    return rest_ensure_response( $posts );
}

The URL becomes /wp-json/mysite/v1/featured-posts. Note the permission_callback — you must always define one. Leaving it empty or as __return_true is fine for public data. For anything sensitive, check capabilities.

Q29 What is nonce verification in REST API requests?

Nonces (numbers used once) prevent cross-site request forgery attacks. For REST API calls made from your own WordPress front-end (AJAX buttons, Gutenberg blocks), you pass a nonce and verify it server-side:

// Localise the nonce to JavaScript
wp_localize_script( 'my-script', 'myData', [
    'nonce'   => wp_create_nonce( 'wp_rest' ),
    'api_url' => rest_url( 'mysite/v1/' ),
]);

// In the REST callback, verify it
function save_lead_data( $request ) {
    if ( ! wp_verify_nonce( $request->get_header( 'X-WP-Nonce' ), 'wp_rest' ) ) {
        return new WP_Error( 'forbidden', 'Invalid nonce', [ 'status' => 403 ] );
    }
    // Process safely...
}

Q30 What is headless WordPress?

In a headless setup, WordPress handles only the backend — content management, user auth, API responses. A separate front-end (Next.js, Nuxt, React) pulls data via the REST API or WPGraphQL and renders the UI.

Common stacks: Next.js + WPGraphQL (the most popular in 2026), React + REST API, or even a mobile app consuming WordPress content.

When does it make sense? When the client needs a very fast, custom front-end experience and a familiar WordPress content interface. When it doesn’t: when it adds infrastructure complexity for a basic marketing site that could just use a regular WordPress theme.

📌 For Business Owners

If a developer mentions “headless WordPress” in a proposal for a standard company website, ask them to justify it. It adds cost and maintenance overhead. It earns its place on high-traffic apps, mobile apps, and projects where the front-end needs to be in a JavaScript framework for specific reasons.Section 07Advanced

Gutenberg & Full Site Editing — 2026 Must-Know

This section is completely absent from all three top-ranking competitor articles. Which is strange, because Full Site Editing (FSE) is now the default in WordPress and has been for a few years. If you’re interviewing for a 2026 role and you can’t answer basic FSE questions, it looks like you’ve been building sites in 2019 mode.

Q31 What is Full Site Editing (FSE)?

FSE is WordPress’s block-based approach to building entire themes — not just post content, but headers, footers, sidebars, and page templates — all using the block editor. Instead of PHP template files, you use block templates saved as HTML files. Instead of CSS variables in functions.php, you configure design tokens in theme.json.

A theme built for FSE is called a “block theme.” The default WordPress theme (Twenty Twenty-Four, Twenty Twenty-Five) is a block theme.

Q32 What is theme.json?

theme.json is the configuration file for block themes. It controls colour palettes, typography scales, spacing presets, layout widths, and which block settings users can change in the editor. It’s declarative — you define what’s available, and the Gutenberg editor enforces it.

{
  "version": 2,
  "settings": {
    "color": {
      "palette": [
        { "slug": "primary", "color": "#1a1a2e", "name": "Primary" },
        { "slug": "accent",  "color": "#e94560", "name": "Accent"  }
      ]
    },
    "typography": {
      "fontSizes": [
        { "slug": "small",  "size": "14px", "name": "Small"  },
        { "slug": "large",  "size": "clamp(1.25rem, 3vw, 2rem)", "name": "Large"  }
      ]
    }
  }
}

Q33 What is the difference between a block theme and a classic theme?

A classic theme uses PHP template files (header.php, single.php, etc.) to control layout. The post content area is a block editor, but headers, footers, and sidebars are PHP-rendered.

A block theme uses HTML template files and the block editor controls everything — including headers, footers, and global styles. There’s no header.php equivalent; instead you have a templates/ folder with block markup.

Which should new projects use? Depends on the client. Block themes give non-technical clients more editing control but require the developer to understand the new patterns. Classic themes give developers more control but are increasingly considered legacy architecture.

Q34 How do you create a custom Gutenberg block?

Using the @wordpress/scripts build tool and a block.json file that registers the block’s metadata. A basic block has an edit function (what the editor shows) and a save function (what gets saved to the database as HTML).

// block.json
{
  "$schema": "https://schemas.wp.org/trunk/block.json",
  "apiVersion": 3,
  "name": "myplugin/call-to-action",
  "title": "Call to Action",
  "category": "design",
  "editorScript": "file:./index.js",
  "style": "file:./style.css"
}

💡 Even if you haven’t built FSE projects

Knowing the vocabulary — theme.json, block patterns, template parts, block themes vs classic themes — shows you’re following where WordPress is going. That matters in 2026 interviews more than it did in 2022.Section 08Advanced

WooCommerce Interview Questions

WooCommerce powers a massive portion of WordPress development jobs, and yet not one of the top three competitor articles covers it. If you’re applying for any role that involves e-commerce, these questions are coming.

Q35 How is the WooCommerce product loop different from the WordPress Loop?

The WooCommerce product loop uses woocommerce_product_loop and the wc_get_template_part() function to load product templates. It wraps output in WooCommerce’s template structure, not the standard WordPress Loop. On a shop archive page, WooCommerce runs its own query — you don’t need to write a WP_Query to display products.

If you want to display products in a custom template, use WC_Product_Query (WooCommerce’s equivalent of WP_Query):

$query = new WC_Product_Query([
    'limit'    => 4,
    'category' => [ 'sarees' ],
    'orderby'  => 'date',
    'order'    => 'DESC',
]);
$products = $query->get_products();

Q36 How do you override a WooCommerce template?

Copy the template file from wp-content/plugins/woocommerce/templates/ into your theme at wp-content/themes/your-theme/woocommerce/, maintaining the same folder structure. WooCommerce checks your theme folder first before loading its own template.

For example, to override the single product page: copy woocommerce/templates/single-product.php to your-theme/woocommerce/single-product.php. Never edit the plugin file directly — it’ll be overwritten on every WooCommerce update.

Q37 Name 3 important WooCommerce hooks.

WooCommerce has hundreds, but these three come up constantly:

• woocommerce_before_add_to_cart_button — add custom fields or notices before the Add to Cart button on a product page
• woocommerce_thankyou — runs after an order is placed. Use it to fire conversion tracking, send custom emails, or log order data
• woocommerce_cart_calculate_fees — add custom fees or discounts to the cart at checkout

Q38 What’s the difference between simple, variable, grouped, and external products?

• Simple — a single item with one price, one SKU. Most products start here.
• Variable — a product with options (size, colour). Each combination is a “variation” with its own price and stock.
• Grouped — a collection of individual simple products displayed together on one page.
• External/Affiliate — the product links out to another site. Price is displayed but the checkout happens elsewhere.

Q39 Common WooCommerce performance problems — and how to fix them.

WooCommerce can be slow for specific, fixable reasons:

• Unoptimised product queries — WooCommerce queries can hit wp_postmeta heavily. Use proper indexing and limit meta queries where possible.
• Cart fragments AJAX — WooCommerce loads cart data asynchronously on every page. On high-traffic sites, this adds server load. Some caching plugins handle this; others conflict with it.
• Too many variations — a single variable product with 500+ variations causes a large JSON payload on the product page. Split into separate products if possible.
• No page caching for logged-in users — most caching plugins disable caching for logged-in customers. If you have a lot of customers browsing while logged in, server load goes up significantly.

Section 09Advanced

WordPress Security — What Senior Devs Know

Every interview guide mentions security. Most of them say “use strong passwords” and “keep plugins updated.” That’s hygiene, not security knowledge. A senior developer should be able to answer security questions at the code level.

Q40 What is a nonce and how do you use it in a form?

A nonce (number used once) is a token that verifies a form submission or AJAX request came from your site, not from a third-party attacker. It prevents CSRF (Cross-Site Request Forgery) attacks.

// In the form template
wp_nonce_field( 'save_profile_action', 'profile_nonce' );
// This outputs a hidden input field automatically

// When processing the form submission
if ( ! isset( $_POST['profile_nonce'] ) ||
     ! wp_verify_nonce( $_POST['profile_nonce'], 'save_profile_action' ) ) {
    wp_die( 'Security check failed.' );
}
// Safe to process

Q41 What’s the difference between sanitise and escape in WordPress?

This is the question that separates developers who understand security from those who’ve just heard the word “XSS.”

Sanitise is what you do to data coming IN — cleaning it before saving to the database. Escape is what you do to data going OUT — cleaning it before rendering in HTML.

Function	Use for	Direction
sanitize_text_field()	Plain text input from forms	Input (save)
sanitize_email()	Email address fields	Input (save)
absint()	Numeric values, IDs	Input (save)
esc_html()	Text output inside HTML	Output (render)
esc_attr()	Text inside HTML attributes	Output (render)
esc_url()	URLs in href/src attributes	Output (render)
wp_kses_post()	HTML content (allows safe tags)	Both

Q42 What is $wpdb->prepare() and why does it matter?

It escapes variables before inserting them into a SQL query, preventing SQL injection. If you write raw SQL using $wpdb and concatenate user input without prepare(), an attacker can manipulate your query to read or delete your entire database.

Use %s for strings, %d for integers, %f for floats — similar to PHP’s sprintf(). Never use string interpolation for SQL.

Q43 What does DISALLOW_FILE_EDIT do?

Adding define('DISALLOW_FILE_EDIT', true); to wp-config.php removes the theme and plugin editor from the WordPress dashboard. If an attacker gains admin access, they can’t use the built-in editor to inject malicious code into your theme files. Every production site should have this.

Interviewer’s Lens

A developer who can explain input sanitisation vs output escaping and name the specific WordPress functions for each is far more trustworthy on a production site than one who can only say “I keep plugins updated.” The former understands what attacks look like at the code level. The latter is relying entirely on others to catch problems.Section 10Tricky

Questions That Trip Up Even Experienced Developers

These are the questions interviewers ask when they want to separate candidates who’ve worked on real projects from candidates who’ve memorised definitions. None of them are obscure — they’re all based on common real-world mistakes.

Q44 Why can’t you use wp_redirect() directly in a template file?

Because by the time a template file loads, WordPress has already sent HTTP headers to the browser. wp_redirect() needs to send a Location: header — but you can’t send headers after content has started outputting.

You’ll get a “headers already sent” PHP warning, and the redirect won’t work. The correct place to run redirects is on the template_redirect hook, which fires before any output:

add_action( 'template_redirect', 'redirect_non_members' );
function redirect_non_members() {
    if ( is_page( 'members-only' ) && ! is_user_logged_in() ) {
        wp_redirect( home_url( '/login/' ) );
        exit(); // Always call exit() after wp_redirect()
    }
}

Q45 What’s the difference between wp_die() and exit()?

exit() is raw PHP — it stops execution immediately with no output.

wp_die() is WordPress’s version — it stops execution but outputs a formatted error page with the WordPress admin header, a readable message, and a back link. It also fires the wp_die filter, so plugins can hook into it.

In plugin or theme code, use wp_die() for user-facing error messages. Use exit() after wp_redirect() — there’s no need for an error page there, you just need to stop execution.

Q46 When would you NOT use a plugin?

This is a maturity question. The answer isn’t “always write custom code” — it’s about understanding trade-offs.

Don’t use a plugin when: the plugin does 20 things and you only need one of them; the functionality is simple enough to write in 10 lines of code; the plugin hasn’t been updated in 2 years; installing it would add 3 new database tables for a minor feature; or the feature is so custom it would require more configuration than just coding it.

The cost of a plugin isn’t just the plugin itself — it’s the maintenance, the update testing, the security surface area, and the potential conflicts with other plugins. A developer who reaches for a plugin for every small thing is creating future problems.

Q47 What’s wrong with using add_action(‘init’, …) for everything?

init runs on every single page load. Putting everything there is fine when you have a small site — but it means registering post types, setting up menus, loading translations, and running custom logic all at the same time, regardless of whether the current page needs it.

Better practice: use the most specific hook available. Register a REST route on rest_api_init (not init). Load admin-only code on admin_init. Enqueue scripts on wp_enqueue_scripts. This keeps execution lean and makes your code easier to understand.

Q48 What happens when two functions are hooked to the same filter with the same priority?

Both run — in the order they were registered. The first function modifies the value and returns it. The second function receives the already-modified value from the first function, not the original. This order matters when two filters conflict.

If you need your filter to run after a specific plugin’s filter, set a higher priority number (e.g., 20 instead of the default 10).

Q49 A client’s site shows a white screen after a plugin update. Walk through your debug process.

This is a debugging process question. There’s no single right answer, but here’s a solid structured response:

1. Enable WP_DEBUG — add define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); to wp-config.php. Check wp-content/debug.log for the PHP error.
2. Deactivate the plugin via FTP or phpMyAdmin — if you can’t access the dashboard, rename the plugin folder in wp-content/plugins/ to disable it.
3. Check PHP version compatibility — the plugin update may have dropped support for an older PHP version the server is running.
4. Check for conflicts — re-enable the plugin and disable all others one by one to find a conflict.
5. Check error logs in hosting cPanel — some fatal errors won’t appear in WordPress’s debug log but will appear in server error logs.

Q50 What does “error establishing a database connection” mean?

WordPress can’t connect to the MySQL database. This happens when the database credentials in wp-config.php are wrong, the database server is down, the database user doesn’t have the right permissions, or the MySQL service itself has crashed on the server.

Debugging steps: check DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST in wp-config.php. Try connecting manually via phpMyAdmin with the same credentials. If credentials are correct, contact the host — the database server may be down.Section 11For Business Owners

For Business Owners: How to Evaluate a WordPress Developer

You don’t need to understand PHP to evaluate a WordPress developer. You need to know what questions reveal whether someone actually knows what they’re doing — and what answers should give you pause.

Q51: 5 questions to ask any WordPress developer you’re considering hiring

1. “What’s the difference between a plugin and a theme — and what goes in each?”
   You’re not testing knowledge, you’re testing clarity. A good developer explains it simply. A shaky one rambles. A red flag answer: “I just use Elementor for everything.”
2. “How would you handle making changes to a live site’s theme?”
   Correct answer involves child themes, a staging environment, version control. Wrong answer: “I just edit the theme files directly.”
3. “If a page on the site is loading slowly, where do you start?”
   Good answer: they mention GTmetrix or Google PageSpeed, check image sizes, look at which plugins are loading scripts, check for server response time. Anyone who says “I’d install a caching plugin” and stops there is not thinking about root causes.
4. “What do you back up and how often?”
   Files AND database. Both. Ideally automated, off-site, daily for active sites. A developer who says “the host does backups” and leaves it at that is trusting infrastructure they don’t control for your business data.
5. “Have you ever broken a client site? What happened?”
   You want honesty here, not a perfect record. Everyone who has worked on live sites has had a bad update go wrong. The question is whether they had a recovery process and what they learned.

Green Flags

• Mentions staging environments without being asked
• Talks about version control (Git)
• Explains tradeoffs, not just “what they’d do”
• Knows when a plugin is the wrong tool
• Asks about your hosting environment before recommending anything
• Can explain their work to a non-technical person

Red Flags

• “I use Elementor for everything”
• Can’t explain why they chose a particular plugin
• Never mentions security unless asked
• Edits parent theme files directly
• No process for testing before deploying to live
• Promises “no maintenance needed” after launch

Q52 What to look for in a portfolio beyond “it looks good”

Ask for a site that has real functionality — a booking system, a membership area, an e-commerce store — not just a brochure site. Then ask how specific parts were built. Custom post types? A plugin? Did they write custom code?

If a developer’s entire portfolio is sites built with a page builder and premium themes, that’s fine for basic work — but it won’t be enough if you need custom functionality. The work they’ve done tells you more than what they claim they know.

Q53 Freelancer vs Agency vs In-house — how to decide

A freelancer is cost-effective for a defined scope — building a site, adding a feature. Risk: limited availability, no backup if they disappear, slower response for emergencies.

A small agency costs more but gives you a team. If the developer is sick, someone else picks it up. Maintenance contracts are more reliable. Good for ongoing development and e-commerce stores that need regular attention.

An in-house developer makes sense only if you have enough WordPress work to justify a full salary. Most small businesses don’t — they need 5–10 hours of development per month, not 160.

One More Thing

No WordPress developer should promise a “set it and forget it” website. WordPress needs updates — core, themes, and plugins — on a regular schedule. Anyone who doesn’t mention ongoing maintenance as part of the conversation is either inexperienced or hoping you won’t ask about it.

Want to build with WordPress properly?

This guide covers the interview — my WordPress Complete Course covers the full stack from scratch, with real projects, Hindi explanations, and hands-on assignments.

View the Course →