I designed a theme in WordPress which hit the mod_security rule on HostGator and gave 403 error.

I approached people there(at HostGator) plus they fixed it for me personally. But I'm not going my theme to operate such as this.

I simply desired to determine if you will find any guides/blog publish/lessons telling about writing PHP code that is mod_security friendly?

I attempted Google, but did not find anything useful.

I am unsure you will find many guides with this, especially since mod_security configuration differs from server to server.

The nearest factor I would suggest is considering the Core Rule Set Project. There's a lot of rules inside. There's lots of them.

Some general items to avoid could be:

  • including function names in parameters
  • using SQL queries/key phrases (like Choose, UPDATE, Remove FROM) within the URL or Publish
  • using HTML within the url

Just what triggers it might vary. If at all possible, I'd request the HostGater people what rule it triggered and then try to acquire some feedback. Otherwise setup mod_security in your private box (or perhaps a VM), and find out in case your theme triggers the rules within the core rule set.