When WordPress is installed on your domain, either by performing a manual WordPress installation or using a WordPress installation script like Softaculous or Fantastico, a number of folders and files get added to your server’s root directory.
Although these folders and files are mostly accessed by technical users like website developers, it’s good to know what these folders and files are used for, especially if you plan to build or manage your own WordPress site.
(WordPress installation files)
You can view these folders and files using an FTP application or cPanel’s File Manager. For help with this, see the tutorial below:
Knowing what WordPress installation folders and files do is also important for areas like:
- WordPress Installation
- WordPress Configuration
- WordPress Customization
- WordPress Management
- WordPress Optimization
- WordPress Security
WordPress Installation Files: A Glossary For Non-Techies
Your WordPress site is made up of your WordPress installation files and your WordPress database. These are responsible for creating, storing, and managing all of your site’s information, web pages, etc.
Below is a glossary of WordPress installation files for non-techies. The glossary includes non-technical explanations and descriptions with links to related tutorials.
If you need more technical information about the folders or files below, please refer to the official WordPress documentation here:
This folder contains all of the files that control your WordPress site’s installation, administration, and management functions …
(WordPress wp-admin folder)
This folder holds all of the content supplied by users (e.g. images uploaded to the WordPress Media Library) and stores all of the WordPress Themes and WordPress Plugins installed on your site …
(WordPress wp-content folder)
This folder is also used for things like:
- Manually installing WordPress Plugins and Themes
- Troubleshooting common WordPress errors (e.g. if you need to deactivate plugins or themes).
This folder contains most of the technical files and instructions required for supporting WordPress functionality …
(WordPress wp-includes folder)
An .htaccess file is a configuration file used on web servers running the Apache Web Server software. It contains important server instructions …
(WordPress .htaccess file)
The .htaccess file is used to enable/disable functionality, such as:
- Enabling password protection on a directory
- Enabling content protection
- Denying visitors access to the website
- Redirecting visitors to another page or a custom error or 404 page
- Preventing images on your site from being hotlinked
If you experience WordPress errors, it may be because your .htaccess file has become corrupted. If this happens, see this tutorial:
This is the core WordPress index file that instructs your WordPress theme and blog to load.
This file looks to see if you have set a home page in WordPress and displays that page to your visitors. If not, it displays a default blog page.
Basically, what the index.php file does, is show visitors a page like this when they visit your site …
(This is what visitors see thanks to index.php)
Instead of a directory of internal files like this …
(This is what visitors see if index.php file is removed)
This file contains the WordPress GPL license which states that WordPress is free software and can be redistributed and/or modified under the terms of the GNU General Public License.
This file contains useful pre-installation information about WordPress …
(WordPress ReadMe file)
This file confirms that the activation key sent in an email after a user signs up for a new site matches the key for that user and then displays confirmation.
This file decides what to display based on the parameters that are passed to the blog from any page that wants to display WordPress content and loads the WordPress environment and template.
This file receives posted comments and adds them to the WordPress database. It also prevents duplicate comment posting.
This is a sample of the wp-config.php file used to connect WordPress to your MySQL database. You can use this sample file to manually create the wp-config.php file (see below).
The wp-config.php file is one of your most important WordPress installation files. The wp-config.php file is located in the root of your WordPress file directory and contains your website’s base configuration details, such as your database connection information (e.g. Database Name, Database Username, Database Password, Database Host, etc.)
Here is some useful information about wp-config.php file:
- The wp-config.php file isn’t included in the WordPress download files. It is created during the WordPress setup process based either on the information you provide during the manual installation process, or automatically, if you use a WordPress installation script (e.g. Softaculous, Fantastico, etc.)
- A wp-config.php file can be created manually by editing the sample file (“wp-config-sample.php”), resaving it as wp-config.php and uploading this file to the root install directory.
- The content of the wp-config.php file follow a specific order. Rearranging the order of this content may create errors on your website.
- Editing WordPress files like wp-config.php should always be done using a plain text editor. Never use a word processor like Microsoft Word or Google Docs to edit WordPress files.
Many important modifications to WordPress can be done manually by adding lines of code to the wp-config.php file. Some of the features and functionality affected by the wp-config.php file, for example, include:
- Adding WordPress Security Keys
- WordPress Autosave And Post Revision (including changing the Autosave interval and disabling Post revisions)
- Increasing PHP Memory Limit
- Defining the ‘home’ address of your WordPress site (i.e. the URL people type in to visit your site).
- Moving folders (e.g. content, plugins, themes, uploads folder, etc.) to directories in your server other than their default location.
- Enabling WordPress Multisite
- Using WordPress In Other Languages
- Disabling plugin and theme installation, updates, and edits
- Disabling WordPress automatic and core updates
- Blocking external URL requests
- Forcing Admins and Logins to use SSL
- Overriding default WordPress File Permissions
- Changing WordPress Cron settings
- Emptying the trash
- Debugging WordPress (troubleshooting errors and making repairs)
- Allowing WordPress users to optimize and repair the WordPress database
- And so much more …
A CRON job is essentially an automated scheduled task. It’s like someone programming a robot to do XYZ at a specific time. If someone asks the robot “is it time to do XYZ yet?” the robot can then either say “no, it’s not time yet” or “yes, it’s time” and then automatically perform the task.
By default, WordPress calls up wp-cron.php whenever someone visits your WordPress site and a scheduled task is present. Also, web hosting companies normally offer CRON. The wp-cron.php file provides a CRON function for hosts that do not offer CRON or where a CRON job has not been set up by software installed on your site.
The wp-cron.php file is used to perform virtual cron jobs (i.e. scheduled tasks) to automate things like publish scheduled posts, check for plugin or theme updates, send email notifications, etc.
This file converts links added to your site via the WordPress admin menu into a format called OPML (Outline Processor Markup Language).
OPML allows outlines and lists to be exchanged between different platforms, such as exchanging lists of RSS feeds between different feed aggregators.
Essentially, this file allows links to be exported from one WordPress site to another.
In computing terms, bootstrapping is a technique for loading a program by means of a few initial instructions which then enable the rest of the program to be loaded from somewhere else.
The wp-load.php file is a bootstrap file that loads the wp-config.php file. The wp-config.php file then loads the wp-settings.php file, which then sets up the WordPress environment.
This is the file that handles the WordPress login page for registered users, including user authentication, user registration, and resetting passwords.
WordPress uses this file to obtain blog posts submitted via email. The URL of this file is usually added to a CRON job so that it is regularly retrieved, enabling new email posts to be accepted.
This file performs various pre-execution routines and procedures, including checking for correct installation, including auxiliary functions, applying user plugins, initializing execution timers, etc.
WordPress uses this file to set up the area where users can sign up to your website or blog.
This file handles incoming trackback requests to WordPress.
This file provides XML-RPC protocol support for WordPress. This allows you to do things like post content to your site using programs and applications other than the built-in web-based administrative interface and for WordPress developers to extend WordPress functionality using plugins.
The additional files below aren’t part of the default WordPress installation but may be found in your server’s WordPress directory:
A php.ini file is the default file for configuring and running applications that require PHP. The server looks for this file when PHP starts up for instructions on how to control variables such as upload sizes, file timeouts, and resource limits.
Server & Webhosting
Below are some useful terms to know when installing WordPress on your server:
DKIM (DomainKeys Identified Email) lets a domain associate its name with an email message by affixing a digital signature to it.
Verification is carried out using the signer’s public key published in the DNS. A valid signature guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.
Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than message’s authors and recipients.
SPF (Sender Policy Framework) is an email validation protocol designed to detect and block email spoofing by providing a mechanism to allow receiving mail exchangers to verify that incoming mail from a domain comes from an IP Address authorized by that domain’s administrators.
The list of authorized sending hosts and IP addresses for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged “from” addresses and domains, so publishing and checking SPF records is considered to be one of the most reliable and simple to use anti-spam techniques.
We hope that you have found the above information useful.
"This is an awesome training series. I have a pretty good understanding of WordPress already, but this is helping me to move somewhere from intermediate to advanced user!" - Kim Lednum