diff --git a/admin/admin.php b/admin/admin.php
index feee61b..dbeb606 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -198,8 +198,7 @@ public function handle_hidden_page_deletion( $post_id ) {
 
 		if ( $exclude ) {	// post was hidden
 			// get children
-			$children_query = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $post_id );
-			$children = $wpdb->get_results( $children_query );
+			$children = $wpdb->get_results( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $post_id ) );
 
 			// mark each hidden
 			foreach ( (array) $children as $child ) {
@@ -232,10 +231,8 @@ public function ajax_check_hidden_page() {
 		$post_type = get_post_type_object( $post->post_type );
 
 		// get children pages/links
-		$page_children_query = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type='$post->post_type'", $post_id );
-		$page_children = $wpdb->get_results( $page_children_query );
-		$link_children_query = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type='".BU_NAVIGATION_LINK_POST_TYPE."'", $post_id );
-		$link_children = $wpdb->get_results( $link_children_query );
+		$page_children = $wpdb->get_results( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = %s", $post_id, $post->post_type ) );
+		$link_children = $wpdb->get_results( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = %s", $post_id, BU_NAVIGATION_LINK_POST_TYPE ) );
 
 		// case no children, output the "ignore" flag
 		if ( count( $page_children ) == 0 && count( $link_children ) == 0 ) {
diff --git a/admin/manager.php b/admin/manager.php
index a86db1f..298da23 100644
--- a/admin/manager.php
+++ b/admin/manager.php
@@ -220,7 +220,8 @@ public function load() {
 				}
 			}
 
-			wp_redirect( $url );
+			wp_safe_redirect( $url );
+			exit;
 
 		}
 
diff --git a/extras/bu-navigation-exclude.php b/extras/bu-navigation-exclude.php
index aabddb0..7fdb61a 100644
--- a/extras/bu-navigation-exclude.php
+++ b/extras/bu-navigation-exclude.php
@@ -24,12 +24,12 @@ function bu_navigation_filter_pages_exclude( $pages ) {
 
 		// Fetch pages that have been explicitly excluded from navigation lists
 		$ids = array_keys( $pages );
-		$query = sprintf( "SELECT post_id, meta_value FROM %s WHERE meta_key = '%s' AND post_id IN (%s)",
-			$wpdb->postmeta,
-			BU_NAV_META_PAGE_EXCLUDE,
-			implode( ',', $ids )
-			);
-		$exclude_meta = $wpdb->get_results( $query, OBJECT_K );
+
+		// Prepare statement split to accomodate the `$ids` array, as the method only accepts one extra param if the type is array.
+		$query  = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = %s", BU_NAV_META_PAGE_EXCLUDE );
+		$query .= $wpdb->prepare( " AND post_id IN (" . substr( str_repeat( ',%d', count( $ids ) ), 1 ) . ")", $ids ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		$exclude_meta = $wpdb->get_results( $query, OBJECT_K ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 
 		if ( false === $exclude_meta ) {
 			$this->plugin->log( '%s - Error querying navigation exclusions: %s', __METHOD__, $wpdb->last_error );
diff --git a/extras/bu-navigation-external-links.php b/extras/bu-navigation-external-links.php
index b525d11..ae1a63b 100644
--- a/extras/bu-navigation-external-links.php
+++ b/extras/bu-navigation-external-links.php
@@ -74,12 +74,12 @@ function bu_navigation_filter_pages_external_links( $pages ) {
 	if ( is_array( $pages ) && count( $pages ) > 0 ) {
 
 		$ids = array_keys($pages);
-		$query = sprintf("SELECT post_id, meta_value FROM %s WHERE meta_key = '%s' AND post_id IN (%s)",
-			$wpdb->postmeta,
-			BU_NAV_META_TARGET,
-			implode( ',', $ids )
-			);
-		$targets = $wpdb->get_results( $query, OBJECT_K );
+
+		// Prepare statement split to accomodate the `$ids` array, as the method only accepts one extra param if the type is array.
+		$query = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = %s", BU_NAV_META_TARGET );
+		$query .= $wpdb->prepare( " AND post_id IN (" . substr( str_repeat( ',%d', count( $ids ) ), 1 ) . ")", $ids ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		$targets = $wpdb->get_results( $query, OBJECT_K ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 
 		foreach ( $pages as $page ) {
 			if ( $page->post_type == BU_NAVIGATION_LINK_POST_TYPE ) {
diff --git a/extras/bu-navigation-labels.php b/extras/bu-navigation-labels.php
index 755dbe7..5efc5ac 100644
--- a/extras/bu-navigation-labels.php
+++ b/extras/bu-navigation-labels.php
@@ -16,12 +16,12 @@ function bu_navigation_filter_pages_navlabels( $pages ) {
 	if ( is_array( $pages ) && count( $pages ) > 0 ) {
 
 		$ids = array_keys( $pages );
-		$query = sprintf( "SELECT post_id, meta_value FROM %s WHERE meta_key = '%s' AND post_id IN (%s) AND meta_value != ''",
-			$wpdb->postmeta,
-			BU_NAV_META_PAGE_LABEL,
-			implode( ',', $ids )
-			);
-		$labels = $wpdb->get_results( $query, OBJECT_K );
+
+		// Prepare statement split to accomodate the `$ids` array, as the method only accepts one extra param if the type is array.
+		$query = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = %s", BU_NAV_META_PAGE_LABEL );
+		$query = $wpdb->prepare( " AND post_id IN (" . substr( str_repeat( ',%d', count( $ids ) ), 1 ) . ") AND meta_value != ''", $ids ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		$labels = $wpdb->get_results( $query, OBJECT_K ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 
 		if ( is_array( $labels ) && count( $labels ) > 0 ) {
 			foreach ( $pages as $page ) {
diff --git a/includes/class-reorder.php b/includes/class-reorder.php
index e5c5b75..17e9cf4 100644
--- a/includes/class-reorder.php
+++ b/includes/class-reorder.php
@@ -113,8 +113,7 @@ public function run() {
 					// Only update if menu order has actually changed
 					if( $child->menu_order != $position ) {
 
-						$stmt = $wpdb->prepare('UPDATE ' . $wpdb->posts . ' SET menu_order = %d WHERE ID = %d', $position, $child->ID );
-						$rc = $wpdb->query($stmt);
+						$rc = $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET menu_order = %d WHERE ID = %d", $position, $child->ID ) );
 
 						if( false === $rc ) {
 							$error_msg = sprintf('Error updating menu order (%s) for post (%s): %s', $position, $child->post_title, $wpdb->last_error );
diff --git a/includes/class-tree-view.php b/includes/class-tree-view.php
index 6e77194..b97e93c 100644
--- a/includes/class-tree-view.php
+++ b/includes/class-tree-view.php
@@ -477,12 +477,12 @@ public function filter_posts( $posts ) {
 
 			// Fetch posts that have been explicitly excluded from navigation lists
 			$ids = array_keys( $posts );
-			$query = sprintf( "SELECT post_id, meta_value FROM %s WHERE meta_key = '%s' AND post_id IN (%s)",
-				$wpdb->postmeta,
-				BU_NAV_META_PAGE_EXCLUDE,
-				implode( ',', $ids )
-				);
-			$exclude_meta = $wpdb->get_results( $query, OBJECT_K );
+			
+			// Prepare statement split to accomodate the `$ids` array, as the method only accepts one extra param if the type is array.
+			$query  = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = %s", BU_NAV_META_PAGE_EXCLUDE );
+			$query .= $wpdb->prepare( " AND post_id IN (" . substr( str_repeat( ',%d', count( $ids ) ), 1 ) . ")", $ids ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+			$exclude_meta = $wpdb->get_results( $query, OBJECT_K ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 
 			if ( false === $exclude_meta ) {
 				$this->plugin->log( '%s - Error querying navigation exclusions: %s', __METHOD__, $wpdb->last_error );
diff --git a/includes/library.php b/includes/library.php
index 991cb85..ccc75bf 100644
--- a/includes/library.php
+++ b/includes/library.php
@@ -56,7 +56,6 @@ function bu_navigation_load_sections( $post_types = array(), $include_links = tr
 			unset( $post_types[ $index ] );
 		}
 	}
-	$in_post_types = implode( "','", $post_types );
 
 	// Try the cache first
 
@@ -73,14 +72,10 @@ function bu_navigation_load_sections( $post_types = array(), $include_links = tr
 		return $all_sections;
 	}
 
-	$wpdb->query('SET SESSION group_concat_max_len = ' . GROUP_CONCAT_MAX_LEN);
-	$query = sprintf("
-		SELECT DISTINCT(post_parent) AS section, GROUP_CONCAT(ID) AS children
-		  FROM %s
-		 WHERE post_type IN ('$in_post_types')
-		 GROUP BY post_parent
-		 ORDER BY post_parent ASC", $wpdb->posts);
-	$rows = $wpdb->get_results($query);
+	$wpdb->query( $wpdb->prepare( "SET SESSION group_concat_max_len = %d", GROUP_CONCAT_MAX_LEN ) );
+	$rows = $wpdb->get_results(
+		$wpdb->prepare( "SELECT DISTINCT(post_parent) AS section, GROUP_CONCAT(ID) AS children FROM $wpdb->posts WHERE post_type IN (" . substr( str_repeat( ',%s', count( $post_types ) ), 1 ) . ") GROUP BY post_parent ORDER BY post_parent ASC", $post_types ) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	);
 
 	$sections = array();
 	$pages = array();
@@ -429,7 +424,7 @@ function bu_navigation_get_posts( $args = '' ) {
 	$r = wp_parse_args( $args, $defaults );
 
 	// Start building the query
-	$where = $orderby = '';
+	$where = '';
 
 	// Post fields to return
 	$fields = array(
@@ -446,7 +441,7 @@ function bu_navigation_get_posts( $args = '' ) {
 		'post_password'
 		);
 	$fields = apply_filters( 'bu_navigation_filter_fields', $fields );
-	$fields = implode( ",", $fields );
+	$fields = implode( ",", esc_sql( $fields ) );
 
 	// Append post types
 	$post_types = $r['post_types'];
@@ -469,8 +464,7 @@ function bu_navigation_get_posts( $args = '' ) {
 			}
 		}
 
-		$post_types = implode( "','", $post_types );
-		$where .= " AND post_type IN ('$post_types')";
+		$where .= $wpdb->prepare( " AND post_type IN (" . substr( str_repeat( ',%s', count( $post_types ) ), 1 ) . ")", $post_types ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 	}
 
 	// Append post statuses
@@ -480,32 +474,28 @@ function bu_navigation_get_posts( $args = '' ) {
 			$post_status = explode( ',', $post_status );
 
 		$post_status = (array) $post_status;
-		$post_status = implode( "','", array_map( 'trim', $post_status ) );
-		$where .= " AND post_status IN ('$post_status')";
+		$post_status = array_map( 'trim', $post_status );
+
+		$where .= $wpdb->prepare( " AND post_status IN (" . substr( str_repeat( ',%s', count( $post_status ) ), 1 ) . ")", $post_status ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 	}
 
 	// Limit result set to posts in specific sections
 	if ( is_array( $r['sections'] ) && ( count( $r['sections'] ) > 0 ) ) {
 		$sections = array_map( 'absint', $r['sections'] );
-		$sections = implode( ',', array_unique( $sections ) );
-		$where .= " AND post_parent IN ($sections)";
+		$sections = array_unique( $sections );
+		$where .= $wpdb->prepare( " AND post_parent IN (" . substr( str_repeat( ',%d', count( $sections ) ), 1 ) . ")", $sections ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 	}
 
 	// Limit to specific posts
 	if ( is_array( $r['post__in'] ) && ( count( $r['post__in'] ) > 0 ) ) {
 		$post__in = array_map( 'absint', $r['post__in'] );
-		$post__in = implode( ',', array_unique( $post__in ) );
-		$where .= " AND ID IN($post__in)";
+		$post__in = array_unique( $post__in );
+		$where .= $wpdb->prepare( " AND ID IN(" . substr( str_repeat( ',%d', count( $post__in ) ), 1 ) . ")", $post__in ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 	}
 
-	// Result sorting
-	$orderby = 'ORDER BY post_parent ASC, menu_order ASC';
-
  	// Execute query, fetch results as objects in an array keyed on posts.ID
-	$posts = $wpdb->get_results(
-		"SELECT $fields FROM $wpdb->posts WHERE 1=1 $where $orderby",
-		OBJECT_K
-		);
+	$posts = $wpdb->get_results( "SELECT $fields FROM $wpdb->posts WHERE 1=1 $where ORDER BY post_parent ASC, menu_order ASC", OBJECT_K ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
+	
 	if ( ! is_array( $posts ) || ( count( $posts ) == 0 ) )
 		return false;
 
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
new file mode 100644
index 0000000..d553d78
--- /dev/null
+++ b/phpcs.xml.dist
@@ -0,0 +1,333 @@
+<?xml version="1.0"?>
+<ruleset name="WordPress Coding Standards">
+	<description>Apply WordPress Coding Standards to all Core files</description>
+
+	<!-- Only scan PHP files. -->
+	<arg name="extensions" value="php"/>
+
+	<!-- Whenever possible, cache the scan results and re-use those for unchanged files on the next scan. -->
+	<arg name="cache"/>
+
+	<!-- Set the memory limit to 256M.
+		 For most standard PHP configurations, this means the memory limit will temporarily be raised.
+		 Ref: https://github.com/squizlabs/PHP_CodeSniffer/wiki/Advanced-Usage#specifying-phpini-settings
+	-->
+	<ini name="memory_limit" value="1024M"/>
+
+	 <!-- Check all files in this directory and the directories below it. -->
+    <file>./</file>
+
+	<!-- Strip the filepaths down to the relevant bit. -->
+	<arg name="basepath" value="./"/>
+
+	<!-- Check up to 20 files simultaneously. -->
+	<arg name="parallel" value="20"/>
+
+	<!-- Show sniff codes in all reports -->
+	<!-- <arg value="ps"/> -->
+	<arg value="ps"/>
+
+	<rule ref="WordPress-Extra">
+
+		<!-- This would take a significant amount of effort to fix (12,162 in themes) -->
+		<exclude name="WordPress.Security.EscapeOutput.OutputNotEscaped" />
+
+		<!-- WordPress core has gone back and forth on this recently, and it is not something that is worth fixing. -->
+		<exclude name="WordPress.PHP.YodaConditions.NotYoda" />
+
+		<!-- This should be fixed over time, but is a difficult ask and can require a significant amount of investigation. -->
+		<exclude name="WordPress.PHP.StrictComparisons.LooseComparison" />
+
+		<!-- This could be useful at some point, but not now. -->
+		<exclude name="Internal.NoCodeFound" />
+
+		<!-- Formatting issues that can be fixed automatically one day. -->
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.CloseBraceNewLine" />
+		<exclude name="Generic.WhiteSpace.DisallowSpaceIndent.SpacesUsed" />
+		<exclude name="Generic.WhiteSpace.ScopeIndent.Incorrect" />
+		<exclude name="Generic.Classes.OpeningBraceSameLine.BraceOnNewLine" />
+		<exclude name="Generic.WhiteSpace.ArbitraryParenthesesSpacing.SpaceAfterOpen" />
+		<exclude name="Generic.WhiteSpace.ArbitraryParenthesesSpacing.SpaceBeforeClose" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.SpaceBeforeCloseBracket" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.SpaceAfterOpenBracket" />
+		<exclude name="WordPress.WhiteSpace.PrecisionAlignment.Found" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.OpenBraceNotSameLine" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.ExtraSpaceBeforeOpenParenthesis" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.SpaceBeforeFunctionOpenParenthesis" />
+		<exclude name="PSR2.Files.ClosingTag.NotAllowed" />
+		<exclude name="Squiz.Functions.FunctionDeclarationArgumentSpacing.SpaceBeforeEquals" />
+		<exclude name="Squiz.Functions.FunctionDeclarationArgumentSpacing.SpaceAfterEquals" />
+		<exclude name="Squiz.Functions.FunctionDeclarationArgumentSpacing.NoSpaceBeforeArg" />
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.ArrayItemNoNewLine" />
+		<exclude name="Generic.Functions.FunctionCallArgumentSpacing.NoSpaceAfterComma" />
+		<exclude name="Squiz.WhiteSpace.SuperfluousWhitespace.EndLine" />
+		<exclude name="Generic.Formatting.SpaceAfterCast.NoSpace" />
+		<exclude name="WordPress.WhiteSpace.OperatorSpacing.SpacingAfter" />
+		<exclude name="WordPress.Arrays.ArrayIndentation.MultiLineArrayItemNotAligned" />
+		<exclude name="Squiz.ControlStructures.ControlSignature.NewlineAfterOpenBrace" />
+		<exclude name="WordPress.Arrays.CommaAfterArrayItem.NoSpaceAfterComma" />
+		<exclude name="Generic.PHP.LowerCaseType.ParamTypeFound" />
+		<exclude name="Generic.PHP.LowerCaseConstant.Found" />
+		<exclude name="Squiz.WhiteSpace.LanguageConstructSpacing.IncorrectSingle" />
+		<exclude name="WordPress.Classes.ClassInstantiation.MissingParenthesis" />
+		<exclude name="PSR2.Classes.PropertyDeclaration.StaticBeforeVisibility" />
+		<exclude name="WordPress.WhiteSpace.CastStructureSpacing.NoSpaceBeforeOpenParenthesis" />
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.SpaceAfterArrayOpener" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.SpacingBeforeClose" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.ContentBeforeEnd" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.ContentAfterEnd" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.ContentBeforeOpen" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.ContentAfterOpen" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.MultipleStatements" />
+		<exclude name="Squiz.WhiteSpace.SuperfluousWhitespace.EndFile" />
+		<exclude name="Generic.Formatting.DisallowMultipleStatements.SameLine" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.SpaceAfterCloseBracket" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.SpacingAfterCase" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.EmptyLine" />
+		<exclude name="Generic.Functions.FunctionCallArgumentSpacing.SpaceBeforeComma" />
+		<exclude name="PSR12.Keywords.ShortFormTypeKeywords.LongFound" />
+		<exclude name="Generic.PHP.LowerCaseKeyword.Found" />
+		<exclude name="WordPress.WP.CapitalPDangit.Misspelled" />
+		<exclude name="Squiz.WhiteSpace.SuperfluousWhitespace.StartFile" />
+		<exclude name="PEAR.Files.IncludingFile.UseRequire" />
+		<exclude name="PEAR.Files.IncludingFile.UseRequireOnce" />
+		<exclude name="WordPress.Arrays.CommaAfterArrayItem.SpaceAfterComma" />
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.SpaceInEmptyArray" />
+		<exclude name="WordPress.Arrays.MultipleStatementAlignment.LongIndexSpaceBeforeDoubleArrow" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.SpaceBeforeColonCASE" />
+		<exclude name="Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingBeforeArg" />
+		<exclude name="Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingBetween" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.ExtraSpaceBeforeCloseParenthesis" />
+		<exclude name="WordPress.Arrays.CommaAfterArrayItem.SpaceBeforeComma" />
+		<exclude name="WordPress.Arrays.CommaAfterArrayItem.CommaAfterLast" />
+		<exclude name="WordPress.CodeAnalysis.EmptyStatement.SemicolonWithoutCodeDetected" />
+		<exclude name="Generic.Arrays.DisallowShortArraySyntax.Found" />
+		<exclude name="Squiz.WhiteSpace.ObjectOperatorSpacing.Before" />
+		<exclude name="WordPress.Arrays.ArrayKeySpacingRestrictions.SpacesAroundArrayKeys" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.ExtraSpaceAfterOpenParenthesis" />
+		<exclude name="Squiz.WhiteSpace.LanguageConstructSpacing.Incorrect" />
+
+		<!-- Naming conventions are nice, but not a high priority for the 5.x upgrade. -->
+		<exclude name="WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid" />
+		<exclude name="WordPress.NamingConventions.ValidFunctionName" />
+
+		<exclude name="WordPress.NamingConventions.ValidVariableName.VariableNotSnakeCase" />
+		<exclude name="WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase" />
+		<exclude name="WordPress.NamingConventions.ValidVariableName.InterpolatedVariableNotSnakeCase" />
+		<exclude name="WordPress.NamingConventions.ValidVariableName.PropertyNotSnakeCase" />
+
+		<exclude name="WordPress.NamingConventions.ValidHookName.UseUnderscores" />
+
+        <exclude name="WordPress.Files.FileName" />
+		<exclude name="WordPress.Files.FileName.InvalidClassFileName" />
+
+		<!-- Exclude all rules currently classified as "secondary" -->
+		<exclude name="Generic.PHP.ForbiddenFunctions.FoundWithAlternative" />
+
+		<exclude name="WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace" />
+		<exclude name="WordPress.PHP.DevelopmentFunctions.error_log_error_log" />
+		<exclude name="WordPress.PHP.DevelopmentFunctions.error_log_print_r" />
+		<exclude name="WordPress.PHP.DevelopmentFunctions.error_log_trigger_error" />
+		<exclude name="WordPress.PHP.DevelopmentFunctions.error_log_var_dump" />
+		<exclude name="WordPress.PHP.DevelopmentFunctions.error_log_var_export" />
+		<exclude name="WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting" />
+
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.obfuscation_str_rot13" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_error_reporting" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.runtime_configuration_set_include_path" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.system_calls_exec" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.system_calls_shell_exec" />
+		<exclude name="WordPress.PHP.DiscouragedPHPFunctions.urlencode_urlencode" />
+
+		<exclude name="WordPress.PHP.IniSet.display_errors_Blacklisted" />
+		<exclude name="WordPress.PHP.IniSet.max_execution_time_Blacklisted" />
+		<exclude name="WordPress.PHP.IniSet.memory_limit_Blacklisted" />
+		<exclude name="WordPress.PHP.IniSet.Risky" />
+		<exclude name="WordPress.PHP.NoSilencedErrors.Discouraged" />
+		<exclude name="WordPress.PHP.RestrictedPHPFunctions.create_function_create_function" />
+
+		<exclude name="WordPress.Security.PluginMenuSlug.Using__FILE__" />
+
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_close" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_errno" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_error" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_exec" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_getinfo" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_http_version_1_1" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_init" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_ipresolve_v4" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_setopt" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_setopt_array" />
+		<exclude name="WordPress.WP.AlternativeFunctions.curl_curl_sslversion_tlsv1_1" />
+		<exclude name="WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents" />
+		<exclude name="WordPress.WP.AlternativeFunctions.file_system_read_fclose" />
+		<exclude name="WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents" />
+		<exclude name="WordPress.WP.AlternativeFunctions.file_system_read_fopen" />
+		<exclude name="WordPress.WP.AlternativeFunctions.file_system_read_fread" />
+		<exclude name="WordPress.WP.AlternativeFunctions.file_system_read_fsockopen" />
+		<exclude name="WordPress.WP.AlternativeFunctions.file_system_read_fwrite" />
+		<exclude name="WordPress.WP.AlternativeFunctions.json_encode_json_encode" />
+		<exclude name="WordPress.WP.AlternativeFunctions.parse_url_parse_url" />
+		<exclude name="WordPress.WP.AlternativeFunctions.rand_mt_rand" />
+		<exclude name="WordPress.WP.AlternativeFunctions.rand_rand" />
+		<exclude name="WordPress.WP.AlternativeFunctions.strip_tags_strip_tags" />
+
+		<exclude name="WordPress.WP.CronInterval.CronSchedulesInterval" />
+
+		<exclude name="WordPress.WP.DiscouragedConstants.MUPLUGINDIRUsageFound" />
+		<exclude name="WordPress.WP.DiscouragedConstants.STYLESHEETPATHUsageFound" />
+		<exclude name="WordPress.WP.DiscouragedConstants.TEMPLATEPATHUsageFound" />
+		<exclude name="WordPress.WP.DiscouragedFunctions.query_posts_query_posts" />
+		<exclude name="WordPress.WP.DiscouragedFunctions.wp_reset_query_wp_reset_query" />
+
+		<exclude name="WordPress.WP.EnqueuedResourceParameters.MissingVersion" />
+		<exclude name="WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion" />
+		<exclude name="WordPress.WP.EnqueuedResourceParameters.NotInFooter" />
+		<exclude name="WordPress.WP.EnqueuedResources.NonEnqueuedScript" />
+		<exclude name="WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet" />
+
+		<exclude name="WordPress.WP.PostsPerPage.posts_per_page_numberposts" />
+		<exclude name="WordPress.WP.PostsPerPage.posts_per_page_posts_per_page" />
+
+		<exclude name="WordPress.WP.TimezoneChange.timezone_change_date_default_timezone_set" />
+		<exclude name="WordPress.DateTime.RestrictedFunctions.date_date" />
+
+		<!-- Exclude all rules currently classified as "tertiary". -->
+		<exclude name="Generic.Classes.DuplicateClassName.Found" />
+		<exclude name="Generic.CodeAnalysis.EmptyStatement.DetectedCatch" />
+		<exclude name="Generic.CodeAnalysis.EmptyStatement.DetectedElse" />
+		<exclude name="Generic.CodeAnalysis.EmptyStatement.DetectedElseif" />
+		<exclude name="Generic.CodeAnalysis.EmptyStatement.DetectedForeach" />
+		<exclude name="Generic.CodeAnalysis.EmptyStatement.DetectedIf" />
+		<exclude name="Generic.CodeAnalysis.EmptyStatement.DetectedWhile" />
+		<exclude name="Generic.CodeAnalysis.ForLoopWithTestFunctionCall.NotAllowed" />
+		<exclude name="Generic.CodeAnalysis.UselessOverridingMethod.Found" />
+		<exclude name="Generic.ControlStructures.InlineControlStructure.NotAllowed" />
+		<exclude name="Generic.Files.EndFileNewline.NotFound" />
+		<exclude name="Generic.Files.OneObjectStructurePerFile.MultipleFound" />
+		<exclude name="Generic.Formatting.MultipleStatementAlignment.IncorrectWarning" />
+		<exclude name="Generic.Formatting.MultipleStatementAlignment.NotSameWarning" />
+		<exclude name="Generic.Functions.FunctionCallArgumentSpacing.TooMuchSpaceAfterComma" />
+		<exclude name="Generic.Functions.OpeningFunctionBraceKernighanRitchie.BraceOnNewLine" />
+		<exclude name="Generic.Functions.OpeningFunctionBraceKernighanRitchie.ContentAfterBrace" />
+		<exclude name="Generic.Functions.OpeningFunctionBraceKernighanRitchie.SpaceBeforeBrace" />
+		<exclude name="Generic.NamingConventions.UpperCaseConstantName.ClassConstantNotUpperCase" />
+		<exclude name="Generic.PHP.BacktickOperator.Found" />
+		<exclude name="Generic.PHP.DisallowAlternativePHPTags.MaybeASPOpenTagFound" />
+		<exclude name="Generic.PHP.DisallowAlternativePHPTags.MaybeASPShortOpenTagFound" />
+		<exclude name="Generic.PHP.DisallowShortOpenTag.PossibleFound" />
+		<exclude name="Generic.PHP.Syntax.PHPSyntax" />
+		<exclude name="Generic.Strings.UnnecessaryStringConcat.Found" />
+		<exclude name="Generic.WhiteSpace.ScopeIndent.IncorrectExact" />
+		<exclude name="Internal.LineEndings.Mixed" />
+		<exclude name="Internal.NoCodeFound" />
+		<exclude name="PEAR.Files.IncludingFile.BracketsNotRequired" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.CloseBracketLine" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.ContentAfterOpenBracket" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.Indent" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.MultipleArguments" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.OpeningIndent" />
+		<exclude name="PEAR.Functions.FunctionCallSignature.SpaceBeforeOpenBracket" />
+		<exclude name="PEAR.NamingConventions.ValidClassName.Invalid" />
+		<exclude name="PEAR.NamingConventions.ValidClassName.StartWithCapital" />
+		<exclude name="PSR2.Classes.PropertyDeclaration.Multiple" />
+		<exclude name="PSR2.Classes.PropertyDeclaration.ScopeMissing" />
+		<exclude name="PSR2.Classes.PropertyDeclaration.Underscore" />
+		<exclude name="PSR2.Classes.PropertyDeclaration.VarUsed" />
+		<exclude name="PSR2.ControlStructures.ElseIfDeclaration.NotAllowed" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.BodyOnNextLineCASE" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.BodyOnNextLineDEFAULT" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.BreakIndent" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.TerminatingComment" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.WrongOpenercase" />
+		<exclude name="PSR2.ControlStructures.SwitchDeclaration.WrongOpenerdefault" />
+		<exclude name="PSR2.Methods.MethodDeclaration.AbstractAfterVisibility" />
+		<exclude name="PSR2.Methods.MethodDeclaration.Underscore" />
+		<exclude name="PSR2.Namespaces.NamespaceDeclaration.BlankLineAfter" />
+		<exclude name="Squiz.Classes.SelfMemberReference.NotUsed" />
+		<exclude name="Squiz.ControlStructures.ControlSignature.SpaceAfterCloseBrace" />
+		<exclude name="Squiz.ControlStructures.ControlSignature.SpaceAfterCloseParenthesis" />
+		<exclude name="Squiz.ControlStructures.ControlSignature.SpaceAfterKeyword" />
+		<exclude name="Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterOpen" />
+		<exclude name="Squiz.Scope.MethodScope.Missing" />
+		<exclude name="Squiz.Operators.IncrementDecrementUsage.Found" />
+		<exclude name="Squiz.Operators.IncrementDecrementUsage.NoBrackets" />
+		<exclude name="Squiz.Operators.IncrementDecrementUsage.NotAllowed" />
+		<exclude name="Squiz.Operators.ValidLogicalOperators.NotAllowed" />
+		<exclude name="Squiz.PHP.CommentedOutCode.Found" />
+		<exclude name="Squiz.PHP.DisallowMultipleAssignments.Found" />
+		<exclude name="Squiz.PHP.DisallowMultipleAssignments.FoundInControlStructure" />
+		<exclude name="Squiz.PHP.DisallowSizeFunctionsInLoops.Found" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.NoSemicolon" />
+		<exclude name="Squiz.PHP.EmbeddedPhp.SpacingAfterOpen" />
+		<exclude name="Squiz.PHP.NonExecutableCode.ReturnNotRequired" />
+		<exclude name="Squiz.PHP.NonExecutableCode.Unreachable" />
+		<exclude name="Squiz.Strings.ConcatenationSpacing.PaddingFound" />
+		<exclude name="Squiz.Strings.DoubleQuoteUsage.NotRequired" />
+		<exclude name="Squiz.WhiteSpace.SemicolonSpacing.Incorrect" />
+		<exclude name="Squiz.WhiteSpace.SuperfluousWhitespace.EmptyLines" />
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.AssociativeArrayFound" />
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.NoSpaceAfterArrayOpener" />
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.NoSpaceBeforeArrayCloser" />
+		<exclude name="WordPress.Arrays.ArrayDeclarationSpacing.SpaceAfterKeyword" />
+		<exclude name="WordPress.Arrays.ArrayIndentation.CloseBraceNotAligned" />
+		<exclude name="WordPress.Arrays.ArrayIndentation.ItemNotAligned" />
+		<exclude name="WordPress.Arrays.ArrayKeySpacingRestrictions.NoSpacesAroundArrayKeys" />
+		<exclude name="WordPress.Arrays.CommaAfterArrayItem.NoComma" />
+		<exclude name="WordPress.Arrays.MultipleStatementAlignment.DoubleArrowNotAligned" />
+		<exclude name="WordPress.CodeAnalysis.AssignmentInCondition.Found" />
+		<exclude name="WordPress.CodeAnalysis.AssignmentInCondition.FoundInTernaryCondition" />
+		<exclude name="WordPress.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition" />
+		<exclude name="WordPress.CodeAnalysis.AssignmentInCondition.NonVariableAssignmentFound" />
+		<exclude name="WordPress.NamingConventions.PrefixAllGlobals.DeprecatedWhitelistCommentFound" />
+		<exclude name="WordPress.PHP.DontExtract.extract_extract" />
+		<exclude name="WordPress.PHP.POSIXFunctions.ereg_ereg" />
+		<exclude name="WordPress.PHP.POSIXFunctions.ereg_replace_ereg_replace" />
+		<exclude name="WordPress.PHP.POSIXFunctions.split_split" />
+		<exclude name="WordPress.PHP.PregQuoteDelimiter.Missing" />
+		<exclude name="WordPress.PHP.StrictInArray.MissingTrueStrict" />
+		<exclude name="WordPress.Security.EscapeOutput.DeprecatedWhitelistCommentFound" />
+		<exclude name="WordPress.Security.EscapeOutput.UnsafePrintingFunction" />
+		<exclude name="WordPress.Security.NonceVerification.DeprecatedWhitelistCommentFound" />
+		<exclude name="WordPress.Security.NonceVerification.Missing" />
+		<exclude name="WordPress.Security.NonceVerification.Recommended" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.BlankLineAfterEnd" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.ExtraSpaceAfterCloseParenthesis" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.NoSpaceAfterCloseParenthesis" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.NoSpaceAfterOpenParenthesis" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.NoSpaceAfterStructureOpen" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.NoSpaceBeforeCloseParenthesis" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.NoSpaceBeforeOpenParenthesis" />
+		<exclude name="WordPress.WhiteSpace.ControlStructureSpacing.NoSpaceBetweenStructureColon" />
+		<exclude name="WordPress.WhiteSpace.DisallowInlineTabs.NonIndentTabsUsed" />
+		<exclude name="WordPress.WhiteSpace.OperatorSpacing.NoSpaceAfter" />
+		<exclude name="WordPress.WhiteSpace.OperatorSpacing.NoSpaceBefore" />
+		<exclude name="WordPress.WhiteSpace.OperatorSpacing.SpacingBefore" />
+		<exclude name="WordPress.WP.GlobalVariablesOverride.DeprecatedWhitelistCommentFound" />
+		<exclude name="WordPress.WP.GlobalVariablesOverride.Prohibited" />
+		<exclude name="WordPress.WP.I18n.MismatchedPlaceholders" />
+		<exclude name="WordPress.WP.I18n.MissingSingularPlaceholder" />
+		<exclude name="WordPress.WP.I18n.MissingTranslatorsComment" />
+		<exclude name="WordPress.WP.I18n.NoEmptyStrings" />
+		<exclude name="WordPress.WP.I18n.NonSingularStringLiteralContext" />
+		<exclude name="WordPress.WP.I18n.NonSingularStringLiteralDomain" />
+		<exclude name="WordPress.WP.I18n.NonSingularStringLiteralText" />
+		<exclude name="WordPress.WP.I18n.TooManyFunctionArgs" />
+		<exclude name="WordPress.WP.I18n.UnorderedPlaceholdersText" />
+	</rule>
+
+	<!-- Exclude NPM and Composer dependencies -->
+	<exclude-pattern>node_modules/*</exclude-pattern>
+	<exclude-pattern>vendor/*</exclude-pattern>
+
+	<!-- Exclude checking of line endings when reporting errors, but fix them when running phpcbf.
+		Git and SVN manage these pretty well cross-platform as "native".
+		Whitelist configuration files. -->
+	<rule ref="Generic.Files.LineEndings">
+		<exclude phpcs-only="true" name="Generic.Files.LineEndings"/>
+	</rule>
+</ruleset>
diff --git a/tests/phpunit/test-library.php b/tests/phpunit/test-library.php
index 9d23b9e..ed75699 100644
--- a/tests/phpunit/test-library.php
+++ b/tests/phpunit/test-library.php
@@ -666,23 +666,23 @@ public function test_bu_navigation_get_pages() {
 
 		// Create and order three pages using 'order' as a custom post type
 		$cpt_args = array( 'hierarchical' => true );
-		register_post_type( 'order', $cpt_args );
+		register_post_type( 'test_order', $cpt_args );
 
 		// Create pages using the 'order' post type
-		$page_args = array( 'post_type' => 'order' , 'menu_order' => '2' );
+		$page_args = array( 'post_type' => 'test_order' , 'menu_order' => '2' );
 		$last_order = $this->factory->post->create( $page_args );
 
-		$page_args = array( 'post_type' => 'order' , 'menu_order' => '1' );
+		$page_args = array( 'post_type' => 'test_order' , 'menu_order' => '1' );
 		$middle_order = $this->factory->post->create( $page_args );
 
-		$page_args = array( 'post_type' => 'order' , 'menu_order' => '0' );
+		$page_args = array( 'post_type' => 'test_order' , 'menu_order' => '0' );
 		$first_order = $this->factory->post->create( $page_args );
 
 		// Construct Expected Order
 		$expected_order = array( $first_order, $middle_order, $last_order );
 
 		// Get Pages
-		$args = array( 'post_types' => array( 'order' ));
+		$args = array( 'post_types' => array( 'test_order' ));
 		$pages = bu_navigation_get_pages( $args );
 
 		// Get actual page order