I made a theme in WordPress which hit the mod_security rule on HostGator and gave 403 error.
I contacted people there(at HostGator) and they fixed it for me. But I don't want my theme to work like this.
I just wanted to know if there are any guides/blog post/tutorials telling about writing PHP code which is mod_security friendly?
I tried Google, but didn't find anything helpful.
I'm not sure there are many guides for this, especially since mod_security configuration varies from server to server.
The closest thing I would recommend is taking a look at the Core Rule Set Project. There's tons of rules in there. There's a lot of them.
Some general things to avoid would be:
What exactly triggers it may vary. If possible, I would ask the HostGater people what rule it triggered and try to get some feedback. If not setup mod_security on your private box (or a VM), and see if your theme triggers any of the rules in the core rule set.