Questions to ask when hiring WordPress development experts

WordPress powers 52% of the top 10k sites with a known CMS. Yet most enterprise WordPress hires still get evaluated by decades-old standards.

The platform has fundamentally changed. The Block Editor is no longer optional. Modern PHP versions break legacy coding habits with fatal errors. The European Accessibility Act passed its June 2025 enforcement deadline, making non-compliant sites a legal liability for any business serving EU customers. WordPress 6.9 introduced the Abilities API, exposing WordPress capabilities for easy discovery and use, enabling easier integrations, including with AI agents.

The developer who customized themes five years ago is not the architect you need today. The agency that built your last site on page builders may lack the Block Editor expertise your next project demands.

This guide gives you the questions to separate legacy maintainers from WordPress development experts who understand modern enterprise requirements.

Before you start: Define what you actually need

Poor hiring decisions rarely stem from bad candidates. They stem from unclear requirements. Before reviewing a single portfolio, audit your platform’s lifecycle stage, internal capabilities, and compliance obligations.

Whether you’re vetting a WordPress development agency for a full rebuild or screening dedicated WordPress experts for staff augmentation, clarity on your needs comes first.

What stage is your WordPress platform at?

The skill set for building a new site differs vastly from maintaining a legacy one. Each stage demands different expertise.

New builds

These require a developer who can architect a complete enterprise platform, not just implement a design. That starts with content architecture:

• Custom post types, taxonomies, and field structures that match how your organization actually works
• Editorial workflows with appropriate roles and permissions, integration strategy for your CRM, analytics, and marketing tools, and a hosting infrastructure sized for your traffic patterns

On the frontend, they need fluency with theme.json governance, Block Patterns, and the Block Bindings API to build editing environments where content teams can update layouts without filing developer tickets. But the Block Editor is just one layer. Without solid content architecture underneath, even the prettiest block theme becomes a maintenance nightmare.

Following this approach reduces long-term maintenance costs compared to custom PHP template builds. Every change that doesn’t require a developer is money saved.

Redesigns

Changing the site design demands someone who can audit existing technical debt before proposing solutions. Most redesign failures happen when developers rebuild the frontend without addressing underlying architecture problems.

A redesign specialist will evaluate your current plugin dependencies, database structure, and content architecture before writing a single line of code, then deliver a migration strategy that preserves SEO equity while modernizing the stack.

Scaling multisite or enterprise networks

Scaling requires someone who treats WordPress Multisite as a governance framework. At scale, role definitions and database optimization become critical bottlenecks. A single misconfigured capability can expose 50+ subsites to unauthorized access.

These specialists understand domain mapping, network-wide plugin activation strategies, and horizontal scaling patterns that consolidate infrastructure costs. Instead of paying for separate hosting, maintenance, and plugin licenses for each site, you share a single codebase, one update cycle, and unified security monitoring across the entire network.

Performance optimization

Site performance calls for developers obsessed with Core Web Vitals and server response times. Google’s ranking algorithm weighs page experience signals, and slow sites lose 7% of conversions for every additional second of load time.

Performance specialists know how to implement Speculative Loading, configure object caching layers, and audit the wp_options table for autoload bloat, among many other things.

Legacy maintenance

Maintaining a WordPress site needs someone comfortable with digging through years of code changes. They should have an innate understanding of how things actually work in WordPress.

The primary driver is compatibility with modern PHP versions. Legacy codebases often contain deprecated parameters, function calls, and patterns that trigger fatal errors on current server environments. These specialists use static analysis tools to identify breaking changes before they crash production.

Do you actually need headless?

Most web-first projects don’t.

The Interactivity API (stable since WordPress 6.5) delivers the instant, reactive user experience of a single-page application while retaining the SEO and operational simplicity of server-side PHP. Speculative Loading in WordPress 6.8 enables near-instant page transitions without a decoupled stack.

Headless architectures substantially increase both development and maintenance costs. You’re now paying for separate frontend hosting infrastructure, building and securing custom API layers, and hiring developers fluent in both WordPress backend and your chosen JavaScript framework. Every feature that WordPress handles natively (authentication, previews, SEO, caching) becomes a custom engineering problem you fund from scratch.

Reserve headless for projects that strictly require multi-channel content distribution: mobile apps, kiosks, and smartwatches. If your primary channel is the web (for most enterprises, it is), hire a developer who understands modern native WordPress, not a Next.js specialist who’ll over-engineer the solution.

WordPress with Interactivity API and Speculative Loading now delivers app-like experiences without the architectural overhead.

OpenWeb: Sub-second headless when the use case demanded it

For projects requiring headless, we built OpenWeb’s Gatsby + WordPress architecture, achieving time-to-first-byte under 0.3 seconds and Interactive First Paint (IFP) under 1 second. We’ve also published a comprehensive Interactivity API implementation guide for projects where native WordPress delivers the same experience at a lower cost.

What’s your resource gap?

If you have an internal team lacking specific skills, you may need a block specialist to train your PHP developers on React and the Site Editor. If you lack internal resources entirely, you need a partner who can handle the complete software supply chain, including generating a Software Bill of Materials (SBOM) to track vulnerabilities in third-party plugins and npm packages.

What are your compliance obligations?

Since the European Accessibility Act deadline passed in June 2025, compliance is a binary legal state. The EAA effectively requires WCAG 2.1 Level AA through the harmonized standard EN 301 549. A “good enough” approach is now a liability risk with penalties reaching €1 million in some EU countries. Your strategic definition must include accessibility as a non-negotiable Definition of Done.

Is AI integration on your roadmap?

WordPress 6.9 introduced the Abilities API, allowing developers to register site functions as machine-readable capabilities. These registered abilities become available to multiple consumers: AI agents can execute them via the Model Context Protocol, the Command Palette surfaces them as user actions, and automation platforms like Zapier and n8n can discover and trigger them through the REST API.

If your roadmap includes AI automation or workflow integrations, you need a developer who can implement secure Abilities API patterns with proper permission callbacks and input validation.

Note: The Model Context Protocol Adapter is a separate package that leverages the Abilities API. It’s not bundled in WordPress Core.

Quick reference: Matching expertise to project stage

Stage	What you need	Key expertise
New builds	Complete platform architecture	Content architecture, theme.json, Block Patterns, Block Bindings API, editorial workflows
Redesigns	Technical debt audit before solutions	Migration strategy, SEO equity preservation, database, and plugin evaluation
Scaling multisite	Governance framework thinking	Domain mapping, role definitions, horizontal scaling, network-wide plugin strategy
Performance optimization	Core Web Vitals obsession	Speculative Loading, object caching, wp_options auditing
Legacy maintenance	Compatibility expertise	Static analysis tools, modern PHP deprecation handling

Questions to evaluate WordPress development partners

Whether you need a full agency partnership or dedicated experts to augment your team, these questions reveal technical depth, process maturity, and ability to deliver enterprise-grade solutions. The answers separate legacy maintainers from architects who understand where WordPress is heading.

Technical expertise and architecture

1. Can you walk me through your most recent enterprise WordPress builds?

Third-party page builders often represent technical debt for new enterprise builds. They signal an inability to work with WordPress’s native Full Site Editing, powered by its native Gutenberg editor.

What you want to see:

• Projects built with native block themes
• theme.json for global style management
• Block Patterns to empower editors while maintaining brand consistency

Partners deeply invested in WordPress’s future will speak enthusiastically about Gutenberg and Full Site Editing. Those who still recommend Classic Editor workflows for new builds may be optimizing for their existing skill set rather than for your long-term platform health.

Cox Automotive: 103% engagement lift

For Cox Automotive, we built a centralized Design Library of reusable Gutenberg blocks and patterns. The result: 103% increase in visitor engagement, 100% more lead conversions, and 70-80% code reuse across seven brand sites. Our Block Editor development handbook documents our approach.

2. How do you balance building custom solutions with using native WordPress capabilities?

The Block Bindings API lets developers bind standard core blocks to custom data sources without writing new block code. The best developers exhibit architectural restraint, using Core APIs to inherit security and performance updates automatically rather than building custom blocks for every use case.

Watch for awareness of Data Views, being developed to replace the legacy WP_List_Table class. Developers still building admin interfaces exclusively with WP_List_Table are building for yesterday.

3. How do you decide whether a project needs headless or can use native WordPress features?

This is the architectural litmus test. A headless-only shop might over-engineer a simple site. A PHP-only agency will fail to deliver modern interactivity.

Look for nuanced thinking, such as using the Interactivity API for standard interactive features (filters, toggles, add-to-cart buttons) because it’s lightweight and SEO-friendly, while reserving full headless architectures for complex, app-like experiences that require multi-channel distribution.

For high-traffic sites, look for mentions of Speculative Loading to achieve sub-second page loads without a separate frontend. Single-answer responses like “Always headless” or “Never decouple” reveal inflexible thinking.

4. How do you keep codebases compatible with modern PHP and WordPress standards?

Each major PHP release deprecates patterns that were once common practice. Legacy coding styles can now trigger fatal errors or deprecation notices.

You want evidence of:

• Static analysis tools (PHPCS with modern rulesets, PHPStan, Rector) in CI/CD pipelines
• Deep understanding of WordPress sanitization functions (sanitize_text_field, wp_kses) to prevent XSS attacks
• Transition from PHP-heavy templates (page.php) to HTML-based block templates with theme.json for CSS management

“I still prefer the Classic Editor” indicates a legacy mindset. “We test manually” means they’ll miss type errors that automated tools catch instantly.

5. What’s your approach to performance optimization beyond basic caching plugins?

A bloated wp_options table kills performance. Many plugins leave behind autoloaded data even after deletion, loading into RAM on every page request.

You want:

• Routine auditing of autoloaded options
• Comfort using WP-CLI to query for orphaned rows and transient data slowing Time to First Byte
• Specific mention of cleaning up after deactivated plugins

If they’ve never thought about wp_options, they’ve never optimized a mature WordPress site.

Team structure and continuity

6. Tell me about your team structure and how you handle transitions.

Years of experience are no longer a proxy for competence. A developer with 15 years of WordPress experience who hasn’t kept up with the Block Editor and modern PHP is effectively junior in the current ecosystem.

You want developers with both depth and breadth: deep backend expertise combined with functional frontend competence. “Our senior devs focus on PHP while juniors handle the block editor” leads to fractured architectures, with no one owning the full stack.

Ask about their escalation matrix and what happens if a key developer becomes unavailable. Continuity relies on standardization: WordPress Core APIs rather than proprietary wrappers, standard GitHub Actions rather than custom scripts. Any expert should be able to pick up the codebase without having to learn the internal tools.

Dedicated project and engineering managers on every build

Every complex project has a dedicated Project Manager and Engineering Manager. Our WordPress staff augmentation practice provides vetted engineers trained on your specific tech stack.

7. How do you keep skills current as WordPress evolves? Do you contribute to the WordPress Core and the open-source ecosystem?

WordPress evolves rapidly. Major releases introduce new APIs, deprecate old patterns, and shift best practices. Each major React update introduces breaking changes that affect the Block Editor.

General community involvement is valuable, but for technical validation, you need code contributions: patches submitted, plugins maintained, Core issues resolved. Vague answers like “We keep up with trends” reveal a lack of systematic skill development. Agencies that only consume open source without contributing fixes often lack the deep platform expertise required for complex enterprise work.

34 consecutive Core releases

rtCamp has WordPress Core contributions in 34 consecutive releases. Our QA team contributed to the WordPress Core Playwright migration, migrating 25+ test cases. We launched a WordPress development course freely available to the community.

Delivery process and tooling

8. Have you worked with enterprise hosting platforms like WordPress VIP, Pantheon, or AWS?

Enterprise hosting platforms enforce Git-based deployment where production servers are read-only. You can’t auto-update plugins or generate CSS files on production.

You want a DevOps mindset:

• CI/CD pipelines (deploying via Git, not FTP)
• Offloading uploads to S3
• Object caching with Redis or Memcached
• Generating all assets during builds rather than at runtime

If their deployment experience is limited to clicking “Update” in wp-admin or they’ve only worked with shared hosting and FTP deployments, they’ll struggle with enterprise infrastructure requirements.

VIP Gold Partner with 100% migration success rate

As a WordPress VIP Gold Agency Partner with 15 years of experience and a 100% migration success rate, we’ve led digital transformations for brands including Cox Automotive, Al Jazeera, and Grist Magazine on enterprise platforms including WordPress VIP, Pagely, Pantheon, and AWS.

9. How do you document features that aren’t visible in the code?

In block themes using the Block Bindings API, data connections are stored as attributes within block markup or theme.json, invisible during casual code review.

You need:

• A Data Architecture Map listing which block attributes are bound to which custom fields
• Documentation of registered abilities and permission callbacks (if using the Abilities API)
• Living documentation tools that parse block.json and theme.json to automatically generate style guides

“I’ll write a README when I’m done” means that README will be outdated the first time someone changes a binding.

Public Client Handbook: Zero vendor lock-in

Our public Client Handbook outlines our documentation standards, ensuring full ownership of your asset with zero vendor lock-in.

10. Do your demos include the backend editor experience?

With Full Site Editing in force, a frontend-only demo is misleading. A site might look perfect to end users but be a nightmare for editors with confusing block options, no guardrails, and unstable layouts. 

You want weekly or bi-weekly demos that walk through the Site Editor, demonstrate how an editor modifies a pattern or updates a bound field, and prove the editing experience is intuitive and appropriately locked down. If they only show you the frontend, ask explicitly: “Can we see how the editor works?”

MBA newsletter editor: Full day’s work reduced to 10 minutes

For the Mortgage Bankers Association, we built a custom Gutenberg interface that reduced newsletter creation from a full day’s work to under 10 minutes. The solution sets an example of what’s possible with Gutenberg.

12. How do you catch bugs before production and ensure updates don’t break existing functionality?

Traditional PHPUnit tests cannot verify interactive blocks or Full Site Editing features. WordPress Core migrated to Playwright for end-to-end testing.

Look for Playwright integration in CI/CD, with visual regression tests (Playwright or BackstopJS) that take screenshots before and after updates. Updates should only hit production if visual tests pass.

You also want a systematic debugging methodology, such as browser console analysis plus server-side tools like Query Monitor or Xdebug. “I look at the white screen and try things” indicates they lack the methodology complex projects require.

Core Playwright contributors

Our QA team contributed to the WordPress Core Playwright migration, migrating 25+ test cases. Our Quality Engineering handbook documents our tested methodologies.

13. What does your collaboration workflow look like across distributed teams?

Email and spreadsheets are obsolete for technical delivery. Async-first is the most efficient model.

You want:

• Modern ticketing systems (Linear, Jira) integrated with GitHub or GitLab
• Automated code review tools (SonarQube, CodeClimate) running in CI/CD
• Clear handover protocols with asynchronous video updates (Loom, Slack clips)
• Synchronous time reserved for complex architectural decisions, not routine updates

Project management scattered across email threads and Dropbox folders leads to missed deadlines.

Publicly documented workflows

Our Client Handbook publicly documents our development methodologies, communication protocols, escalation matrix, and reporting structure.

Security, compliance, and governance

14. How do you approach accessibility compliance from discovery through delivery?

Since the European Accessibility Act deadline passed, accessibility is a mandatory legal standard for e-commerce and digital services in the EU.

You want:

• A structured discovery phase with an EAA gap analysis
• Native semantic compliance (not overlays)
• Testing with automated scanning (Axe, Pa11y) and manual auditing with screen readers (NVDA, VoiceOver)

Accessibility overlays have been legally challenged for failing to provide genuine compliance. “We install a plugin to handle accessibility” is legally insufficient.

Native accessibility for regulated industries

Our accessibility guide details our approach to semantic HTML, ARIA, and WCAG compliance. As a WordPress VIP partner, we leverage a platform that aligns with WCAG 2.2 AA guidelines.

15. How do you track vulnerabilities in third-party plugins and dependencies?

A WordPress site is a compilation of hundreds of third-party libraries that may contain hidden vulnerabilities. The EU Cyber Resilience Act will require Software Bills of Materials (SBOMs) for products with digital elements, with the main obligations taking effect in December 2027.

You want partners that generate SBOMs during deployment and use scanning tools. If they say “We just use standard plugins” without a manifest or build dependencies, that’s a supply chain risk waiting to happen.

16. How do you secure a site before launch and protect it after?

Security needs to be designed in, not bolted on. Before launch, you want third-party penetration testing, data minimization practices for GDPR/SOC 2, and security-by-design thinking (proper headers, XML-RPC disabled, automated data retention policies).

But launch is just the beginning. Ask how they handle zero-day vulnerabilities. The window between a vulnerability announcement and the official patch is when you’re most exposed. Partners with a Web Application Firewall (WAF) and virtual patching protocol can block specific attack vectors immediately, rather than waiting for the plugin developer to ship a fix.

By the time the patch ships, the damage is done.

When we migrated KHM Travel Group to WordPress VIP, the pre-launch audit covered every plugin across a 2,000-site multisite network. We removed unused sites, hardened the codebase, and delivered a platform that was 35% lighter and loaded twice as fast. 

We did the same for AlphaTarget, a financial services platform with strict compliance requirements. Our team did a full technical audit followed by a WordPress VIP migration to meet its enterprise-grade security obligations.

Enterprise-grade security for regulated industries

WordPress VIP, our default enterprise recommendation, is the only WordPress platform with FedRAMP Moderate ATO, trusted by U.S. federal agencies for government, finance, and healthcare projects.

Engagement flexibility

17. How flexible are your engagement models, from retainers to team scaling to pilot projects?

Enterprise WordPress isn’t a one-time build. Your site’s compliance status can change with a single plugin update. You may need an accessibility specialist for an audit sprint but not year-round. A major product launch might require temporary team expansion.

You want:

• Retainers covering quarterly accessibility audits, SBOM vulnerability scanning, and PHP compatibility checks (not just “plugin updates”)
• Ability to augment the team with subject matter experts on an ad-hoc basis without full-time lock-in
• Willingness to undertake a small, paid pilot to assess code quality and adherence to modern standards

Fixed team sizes with no flexibility means you’ll either overpay for idle expertise or lack critical skills when needed. Resistance to pilots may indicate capability gaps.

Managed maintenance with proactive compliance

Our managed site maintenance services include performance optimization, security hardening, and compliance monitoring. Our Quality Engineering team ensures ongoing testing coverage.

Evaluation scorecard

Use this checklist to compare WordPress development partners. Score each criterion (1-5).

Category	Criterion	Score (1-5)
Technical expertise and architecture	Native block theme case studies (not page builders)
	Block Bindings and Core API usage over custom code
	Nuanced headless vs. native decision-making
	Modern PHP compatibility (static analysis tools)
	Performance optimization depth (wp_options, caching)
Team structure and continuity	Senior engineers with modern stack expertise
	Clear escalation matrix and transition protocols
	WordPress Core or Gutenberg contributions
	Systematic training program
	AI governance policy (Human-in-the-Loop)
Delivery process and tooling	Enterprise hosting experience (VIP, Pantheon, AWS)
	Documentation standards (Data Architecture Maps, living docs)
	Backend editor demos (not just frontend)
	Automated testing in CI/CD (Playwright, visual regression)
	Async-first communication protocols
Security, compliance, and governance	Accessibility gap analysis in onboarding (no overlays)
	SBOM generation and vulnerability tracking
	Third-party security audits and virtual patching protocol
	GDPR/SOC 2/FedRAMP readiness
Engagement flexibility	Compliance and governance retainer options
	Fractional roles and team scaling
	Paid pilot engagement option
Total

Making the decision

The cost of a bad WordPress hire is no longer just buggy code. It’s measured in accessibility non-compliance liability, supply chain security breaches, and crippling technical debt from fighting Core updates.

True expertise is defined by architectural restraint. The best developers know that the most efficient solution often writes the least custom code, leveraging Core APIs like Block Bindings and Interactivity to inherit security and performance updates automatically.

When you hire, you’re looking for someone more than just a PHP developer. Someone who can steward your digital supply chain who understands the intersection of performance, accessibility, and AI governance.

Staff augmentation and full project delivery since 2009

As a WordPress development agency with 16+ years of engineering excellence, rtCamp offers both dedicated WordPress staff augmentation service and full project delivery. With a 100% migration success rate, we’ve led digital transformations for brands including Cox Automotive, Al Jazeera, and Grist Magazine.

Frequently asked questions

How do I hire WordPress VIP experts?

Look for agencies with official WP VIP partnership status (indicating they’ve passed technical vetting), experience with their Git-based deploys, and familiarity with WP VIP-specific functions and restrictions. A true WP VIP expert will optimize for VIP’s object caching infrastructure and navigate their strict code review process.

When should I hire WordPress plugin developers?

Custom plugin development makes sense when no existing solution meets your requirements, when you need deep integration with proprietary systems, or when performance demands code optimized for your use case.

Hire developers who follow WordPress coding standards and demonstrate experience with both Classic Editor hooks and Block Editor extensions. They should build plugins that work within Full Site Editing, register custom blocks, and integrate with theme.json. Verify they understand plugin security (nonce verification, capability checks, data sanitization) and can maintain plugins across WordPress Core updates.

What does expert WordPress development look like in practice?

Expert WordPress development prioritizes Core APIs over custom solutions: Block Bindings instead of custom blocks, Interactivity API instead of jQuery, theme.json for design system management.

Expert developers deliver sites that pass automated accessibility scans, include comprehensive documentation, generate Software Bills of Materials, and evolve with WordPress Core rather than fight against it. The result: lower maintenance costs, easier knowledge transfer, and automatic inheritance of Core security and performance improvements.