Agency Client Site: Take-Home Exercise

Welcome, and thanks for taking the time. This is a scaled-down version of real work we do: you've just inherited a client's WordPress site as a single plugin, and you need to get it running, finish a small feature, fix what's broken, and tell us how you'd ship it safely.

Ground rules

• Timebox: 3–4 hours. We are not looking for polish. We want working solutions and clear reasoning. If you run out of time, write down what you'd do next. That counts.
• Use whatever tools and references you normally use. We care about the result and your thinking, not whether you memorized an API signature.
• Keep notes as you go (see What to submit below). Your reasoning is graded as heavily as your code.

The situation

A client handed us wp-content/plugins/agency-client-plugin. It powers a Case Study section, a newsletter sign-up form, and a partner content feed. The previous developer is gone, there are no tests, and the client has been complaining the site "feels slow" and that "something looks off on the sign-up form."

Getting started

You need Docker Desktop installed. Then:

cp .env.example .env
docker compose up -d

# Fastest path: one command installs WP, activates the plugin, and seeds a demo
# landing page so you can see everything working immediately:
docker compose --profile setup run --rm wp-setup

Then open http://localhost:8080 for the site and http://localhost:8080/wp-admin (admin / admin) for the dashboard. The home page already renders the plugin's partner feed and newsletter form, and three sample Case Studies are seeded in the database.

Prefer to do it by hand? Skip the wp-setup step and finish the WordPress install in the browser, then activate Agency Client Plugin yourself, then document whatever you did.

You're free to use a different local stack (Local, Lando, MAMP, a bare PHP setup, etc.). Just document what you did so we can reproduce it.

Your tasks

1. Stand it up and document it

Get the site running and the plugin active. In docs/SETUP.md, write the exact steps you took so a teammate could reproduce your environment from a clean machine.

2. Finish the Case Study feature

The Case Study custom post type is half-built (includes/class-acp-cpt.php). Complete it so it behaves like a first-class content type (admin UI, editor support, and a place to store a headline metric per case study). Then build either a shortcode or a block that outputs a list of published case studies with their metric. Your choice of approach. Tell us why you chose it.

3. Find and fix the performance problem

The partner content feed (includes/class-acp-market-widget.php) is the main reason the site feels slow. Diagnose it, fix it, and in docs/NOTES.md explain what was wrong, how you confirmed it, and what your fix changes.

4. Find and fix the security problem

The newsletter sign-up (includes/class-acp-shortcode.php) has at least one real security issue. Find it, fix it the WordPress-idiomatic way, and document what you found and why it was dangerous in docs/NOTES.md.

5. Write a promotion plan

We deploy from staging → production. Without writing any deploy automation, fill in docs/PROMOTION-PLAN-TASK.md describing how you'd promote a change to production, especially how you handle the database and secrets. This is the most important writing in the exercise.

6. Headless slice Bonus, not required

If, and only if, you have time left, flesh out the REST stub in includes/class-acp-rest.php into a proper read endpoint for case studies, and build a small React or Vue widget in assets/widget/ that consumes it. This is scored as a bonus, not a gate. A great submission can completely skip it.

What to submit

Commit your work to a git repository and send us a link (or a git bundle / zip that includes the .git history, since we like to see your commits). Include:

• docs/SETUP.md: how to run your environment
• docs/NOTES.md: what you found, what you changed, and why (tasks 3 & 4 especially)
• docs/PROMOTION-PLAN-TASK.md: your filled-in promotion plan
• Your code changes to the plugin