일반적인 상황에서는 WordPress 파일 구조에 대해 실제로 걱정할 필요가 없습니다. . WordPress에는 엔진이 내부에서 어떻게 작동하는지 알지 않고도 사이트 실행에 집중할 수 있는 훌륭한 wp-admin 인터페이스가 있습니다.
그러나 사이트의 기본 사항을 아는 것이 유용할 수 있습니다. 이는 특히 예기치 않은 문제가 발생한 경우에 해당됩니다. , 모든 도움말은 특정 WordPress 파일을 수정하거나 데이터베이스의 값을 재설정하는 방법에 대해 설명합니다.
문제가 발생하지 않았지만 백업 또는 보안에 대해 읽고 있을 수 있습니다. 핵심 파일 및 데이터베이스, 또는 wp-config.php 및 wp-uploads와 같은 용어는 문맥에서 자주 언급됩니다.
이 용어를 이해하면 주제에 대한 미묘한 이해를 얻고 귀하의 사이트에 가능한 최선의 결정을 내리도록 매우 도움이 됩니다. .
다음과 같은 질문이 있는 경우:
- 코어 파일이란 무엇입니까?
- 플러그인과 테마는 어디에 저장되나요?
- 데이터베이스에는 무엇이 포함되어 있습니까?
- wp-uploads 폴더가 보안 문제인 이유는 무엇입니까?
- WordPress 파일 및 폴더 구조란 무엇입니까?
당신은 올바른 위치에 있습니다. 이 기사에서는 WordPress 파일 및 폴더 구조를 이해하고 있다고 자신 있게 말할 수 있도록 사이트의 비하인드 스토리를 안내합니다.
틀;DR WordPress 사이트에는 파일과 데이터베이스의 두 부분이 있습니다. 이 두 가지는 사이트 기능에 매우 중요합니다. 작동 방식을 이해하면 고급 사용자가 되어 문제를 해결하고 사이트에 대한 올바른 결정을 내릴 수 있습니다. 가장 좋은 결정 중 하나는 WordPress 사이트를 보호하는 것입니다. 좋은 보안 플러그인을 설치하고 백업에 투자하세요.
종종 우리는 웹사이트를 변경하기를 원하며 방법 문서에서는 사이트 코드를 살펴보라고 지시합니다. 이것이 충분히 나쁘지 않다면 FTP 클라이언트 또는 파일 관리자를 사용하여 사이트 파일과 폴더를 살펴보는 것이 모두 상당히 어리둥절해 보일 수 있습니다.
각 사이트 폴더와 파일은 중요해 보이지만 종종 중요합니다! 가장 작은 오류가 사이트 충돌을 초래할 수 있다는 무서운 경고는 그리 멀지 않습니다.
즉, 지식이 힘입니다. WordPress 파일 및 디렉토리 구조를 이해하면 웹사이트를 변경하거나 실제로 작은 문제를 해결할 수 있다는 자신감을 심어주는 데 큰 도움이 됩니다. 모든 경우에, 수정하기 전에 항상 사이트를 백업하는 것이 좋습니다.
WordPress 파일 및 디렉토리 구조 이해
WordPress 파일 및 폴더 구조는 사이트의 엔진입니다. 파일에는 사이트를 강화하는 코드가 포함되어 있습니다. 대부분은 눈에 보이지 않기 때문에(당연히 그래야 함) 이해하기가 약간 혼란스러울 수 있으며 자동차 후드 아래를 보는 것과 유사합니다.
WordPress 루트 디렉토리
WordPress를 사용하려면 먼저 서버에 설치해야 합니다. 대부분의 웹 호스트는 웹 호스트 계정을 처음 만들 때 자동으로 이 작업을 수행합니다. 또는 WordPress를 다운로드하여 서버에 직접 업로드할 수 있습니다.
설치는 모든 기본 WordPress 파일을 서버에 새로 설치하는 것을 의미합니다. 이것이 사이트의 기초입니다.
가장 일반적으로 WordPress 설치는 public_html 또는 공개 폴더. 이 폴더는 WordPress 루트 디렉토리 또는 단순히 루트로 알려져 있으며 WordPress 핵심 파일 및 폴더를 찾을 수 있는 곳입니다. 폴더는 완전히 다른 이름으로 불릴 수 있지만 대부분 public_html 폴더입니다. It is worth knowing which folder is the root, as it is an important location for several site admin tasks, like migration or backups.
The WordPress root directory contains the following files and folders:
- wp-admin
- wp-content
- wp-includes
- .htaccess
- index.php
- license.txt
- readme.html
- wp-activate.php
- wp-blog-header.php
- wp-comments-post.php
- wp-config-sample.php
- wp-cron.php
- wp-links-opml.php
- wp-load.php
- wp-login.php
- wp-mail.php
- wp-settings.php
- wp-signup.php
- wp-trackback.php
- xmlrpc.php
- wp-feed.php
WordPress core files and folders
WordPress Core files and folders are those installed during the WordPress installation. These files power everything from the login page and the admin dashboard, to the database connection and managing users. There are 2 core WordPress folders:wp-admin and wp-includes , and several core files.
wp-admin 폴더
As the name suggests, this folder manages the entire experience of your WordPress wp-admin dashboard. There are seven folders in the wp-admin folder as follows:
- css
- images
- includes
- js
- maint
- network
- user
There are lots of files too, the important ones being:
- admin.php – core file that manages the wp-admin dashboard
- index.php – loads pages in response to visitor requests
- install.php – installs WordPress
- plugins.php – controls all the plugins, active or inactive
- themes.php – controls all the installed themes
- users.php – manages users and their permissions
Most of the files are fairly self-explanatory as to their function. Essentially, all the WordPress folders and files within the wp-admin folder centre around the admin.php file , which controls the dashboard and all the functionality within it.
wp-includes 폴더
wp-includes contains all the core software for your WordPress site . You’ll see this referred to in a variety of ways:packages, code libraries, and WordPress source code. The nomenclature isn’t important here, but the code is critical.
Therefore, it is inadvisable to modify anything in the wp-includes directory ever, because it can and will break your site. Plus, there is no good reason to do so. Rarely will you come across a tutorial that advises you to alter any of the code contained in the wp-includes folder.
The one possible exception to this rule is the functions.php 파일. The functions.php file contains all the code for all the functions on your site. It is a special case because it works in tandem with the functions.php file that exists in your active theme as well. Typically, things like Google Analytics code and other tracker code are added to the theme’s functions.php file, but are liable to get lost if the theme is changed. That’s why you may come across advice to add the tracking code to the core functions.php file instead. However, we recommend against changing anything in the core files. You can always copy code from an old theme to a new theme easily, without endangering your entire site.
We strongly recommend against making changes to WordPress core files and folders, because they control your site. Even small errors can lead to your site crashing completely. If at all you absolutely must make changes, please make sure to take a full site backup just before. In any event, every time WordPress is updated, these files are overwritten, and any changes you do make will be lost.
WordPress core files
In the root folder, you will also see several files. While all of them are important, some of them are worth noting.
index.php
An index.php file is responsible for showing your site in response to a visitor request. It initialises and loads the right core files when a page is requested. This concept is better understood by seeing what happens when there isn’t an index file.
If your root folder didn’t have an index file, when someone tries to visit your site, the contents of the root folder will be displayed on the browser. Apart from the terrible unintended user experience, this is also a security issue.
The index file is a directory-level file and will be visible in most folders and sub-folders. For instance, it also exists in the wp-content folder. If that file was missing, the contents of the folder would be visible. As it stands, a blank white screen is shown instead.
Apart from the one in the root folder, the index.php file is often a blank file with a single-line comment:“Silence is golden.”
WordPress configuration files
There is a special subset of core files known as configuration files. Configuration files are the only core files that you can reasonably expect to edit. That is not to say that they aren’t equally important as the other core files, however, there is certain site functionality that you can only toggle from within a configuration file.
Ideally, you should use a plugin wherever possible to make these changes. For instance, it is vastly better and easier to use a plugin to implement geo-blocking, rather than modifying the .htaccess file. However, if you are creating a multisite, then you would need to add code to the configuration files manually during the network setup.
wp-config.php
The wp-config file is used to store database connection info, security keys and salts, and the database prefix . It is often targeted by hackers for this reason, as the database credentials are stored in cleartext, as are the security keys and salts.
Security keys and salts are an encryption mechanism used by WordPress to authenticate logged-in users securely. We have a step-by-step guide on how to change your security keys and salts, in case you think that a user account has been compromised.
The wp-config file also contains the built-in WordPress debugging feature . By default, the debugging feature is disabled. Once enabled from the wp-config file, it will show all errors, warnings, and notices. This is different from typical behaviour which may only show critical errors or fatal errors.
In a lot of security articles, you will see advice to move the wp-config file to another location, out of the root. But this is of limited value, because every WordPress site has a wp-config file somewhere in the installation, and a determined hacker with requisite access will find it eventually. A better way to secure your WordPress site is to install a security plugin; preferably one with a good firewall.
.htaccess
The .htaccess file is another important configuration file that is used to manage site links. Things like permalink structure, URL redirects, IP address blocking , and so on are managed by the .htaccess file. For instance, if you ever want to implement geoblocking manually, you will need to modify the .htaccess file, although we definitely don’t recommend it. In addition to links, the .htaccess file can also be used to password-protect your site.
Both the .htaccess and the wp-config files are generated on WordPress installation, and thus would not be visible in a downloaded installation package. Even once installed, the .htaccess file is hidden. To be able to see it, enable the option to view hidden files on your FTP client.
The .htaccess file is a configuration file specifically for Apache web servers. Some web hosts use nginx instead of Apache servers, so there will be no .htaccess file for your site altogether.
wp-content folder
Plugin and theme files and folders are, as the names suggest, installed with plugins and themes. For instance, if you install a contact form plugin, the code for that plugin will be in these files. Similarly, with the theme; the code for displaying images and fonts are in these files.
All plugins and themes are generally found in the wp-content folder, unless in special circumstances. For example, a firewall plugin would be located at the root level, so it loads before the rest of the site. This concept is known as load order, which is often seen in relation to WordPress security.
Each plugin or theme will mostly have its own folder with the files it needs to function correctly. In fact, plugin and theme installation files can be uploaded via FTP directly to the wp-content folder and then unzipped there.
Themes
Plugins have enormous variety, so rarely conform to a template. Themes, on the other hand, usually affect the same elements of a site, so they can look quite similar at a code level.
For instance, every theme has a functions.php file . We briefly referred to this while speaking about the functions.php file in the wp-includes folder. The theme functions.php file contains all the code needed to execute the theme. It also often has the extra code needed to run analytics and trackers on your site. When changing over to a new theme, you need to backup the functions.php file to make sure that you don’t lose any of that customisation.
Interestingly, although a WordPress site will work without a single plugin—albeit be very boring—it cannot function without a theme. The active theme is indicated in a required field in the database and has to be available for the site to load at all.
wp-uploads
The wp-uploads folder is where the files that visitors upload to the site are stored. It correlates directly to everything visible in the site’s media library. The files are stored in yearly and then monthly folders for retrieval.
The wp-uploads folder is universally accessible by default, so it often poses a security risk. This is why the folder shouldn’t have any executable files ever.
It is important to remember that we are talking about the boilerplate installation of WordPress. Since customisation of plugins, themes, and of WordPress itself can vary significantly from site to site, this is by no means an exhaustive list. The WordPress codex has a full list of WordPress files that come with the basic installation.
You may or may not see some of the files in the folders as described above, depending on how the installation is configured. Alternatively, you may not see the .htaccess file in your FTP client, because it is a hidden file. You will need to enable that setting to see it.
Understanding WordPress database tables
A database is a system used to store, organize, and retrieve data to run your website. Along with the files, it forms the other crucial part of your site. The WordPress database is used to store user-generated content like posts, pages, comments, etc. in tables.
Note:this is often the reason why advice on how to backup your WordPress site often suggests you backup only the database, assuming you can download everything else. This is not good practice, as you should always backup your entire site.
WordPress uses a MySQL database to store site information in tables, SQL commands to manipulate the data within, and the programming language PHP to communicate between the files and database. Therefore, when you install WordPress for the first time, during the installation you will need to create a MySQL user for the database. And, as we will see later, you can use an interface like phpMyAdmin or Adminer to access your site’s database.
Each site has a single associated database, and each database consists of multiple tables. The core WordPress tables are:
- wp_options
- wp_users
- wp_usermeta
- wp_posts
- wp_postmeta
- wp_terms
- wp_term_relationships
- wp_term_taxonomy
- wp_comments
- wp_commentmeta
- wp_links
These tables are installed with WordPress. Over the course of time, as the site grows and plugins are added, the database grows with more tables and therefore more data.
The important thing to remember is that the tables often work in tandem with each other. That means data can be drawn from different tables. For instance, comments on posts are stored in the wp_comments table, but wp_commentmeta also is important for retrieval. This is especially true for WooCommerce sites, where order and product data is stored across multiple tables.
We have a full article with more information on how the WordPress database functions.
How to access the WordPress files, directories, and database
Your WordPress site is stored on a web host server, which is essentially a remote computer. To access the WordPress file structure and database, you need to connect to this computer. There are several ways to do this though. Each method has its pros and cons, so it is worth reading about all the methods and deciding which one works best for you.
cPanel
The most common method talked about in WordPress tutorials is to use cPanel. cPanel is a control panel software offered by most web hosts. It has a variety of tools for different tasks. The ones that we are most interested in for the purposes of viewing WordPress files and the database are the File Manager and phpMyAdmin 각기.
To access cPanel on your site, enter yourdomain.com in the URL bar, followed by /cpanel. Login with cPanel credentials, which are different from your wp-admin ones.
Under the Files section, you will find an icon for File Manager.
File Manager is a bit like your computer’s file explorer. You will see WordPress folders and files in a similar interface. To edit any of the files, you need to download them, edit them on your local machine, and then reupload them to the correct folder, after deleting the existing file.
To access the database, look for the phpMyAdmin icon under the Databases section on cPanel.
phpMyAdmin is separate from cPanel, so the icon is merely a shortcut to access it. If you aren’t logged in automatically, you can find the database login credentials in the wp-config.php file.
Under the Databases tab or from the left side panel, find the database that is associated with your site if there is more than one database.
Clicking on your database will open it to display all the tables within. Further, clicking on a table name will display the rows and values.
Some web hosts don’t provide cPanel, and may have an alternative control panel software like Plesk or Webmin. Others may not have any options at all, in which case you would need to use FTP to access your site files.
FTP/SFTP
File Transfer Protocol or FTP is an alternative to HTTP. We are all familiar with HTTP, which is a protocol used to transfer information over the internet. They work in different ways and are used interchangeably to access data on a server.
FTP is different from HTTP in one key way, which is that it requires authentication. That means you have to provide login credentials to be able to access the server.
To use FTP or SFTP, which is more secure, you need to download and install a client, like FileZilla. For the purposes of this article though, we are going to use Cyberduck.
First, locate your FTP credentials on your web host dashboard.
Next, create a new connection on the FTP client, and plug in the credentials.
Once the connection has been established, you can view the WordPress files and folders on the server.
If your web host doesn’t have cPanel access, they may not use phpMyAdmin either. However, most web hosts do provide a link to the website database from the dashboard.
In this example, Cloudways has a button to Launch Database Manager from the website dashboard. Cloudways uses Adminer instead of phpMyAdmin.
On the other hand, Dreamhost does, and you can find a Manage link on the website panel.
SSH
Short for ‘secure shell’, SSH is a way to connect securely to a remote computer over potentially insecure networks. In the case of WordPress, you can use it to access files on your site server from anywhere else.
SSH uses a command-line interface to interact with and control the site files and folders instead of a browser. Like with FTP, you may need a client to use SSH, although most systems have the ability built-in. We used the Terminal on macOS to open a connection to our web server.
Similar to FTP again, you will need credentials to log in:server address, username, and password. You may or may not need the port number. To connect to your server with SSH, type in ssh username@serveraddress. You will be prompted for a password, and once that is in, you will be able to interact with your site files.
With SSH, you need to have some familiarity with the command-line interface or be prepared to look through a ton of documentation. This list of commands can help you get started, although it is not comprehensive.
Note:Using the command-line interface, you can also leverage WP-CLI commands. WP-CLI is a tool to interact specifically with WordPress site files and its database, and thus has commands that are specific to WordPress.
Plugins
If you want to avoid cPanel and FTP altogether, you can also install a plugin to view and interact with WordPress files and folders.
The advantage of using a plugin is that you can see the files directly on your wp-admin dashboard, without needing to log in separately. The disadvantage is that if your site crashes for any reason and you want to fix an errant plugin or theme, you won’t be able to use these plugins to do so. However, it is still a viable alternative in most cases.
We tried out WP File Manager, and it was a breeze to use. Find the plugin from the plugins directory, install it, and you’re done.
The dashboard clearly shows all the files of your site, right from wp-admin.
One word of caution here is that searching for ‘file manager’ plugins also lists results for media library file managers. Those plugins serve an entirely different purpose.
Similarly, you can install a plugin to view the site database as well.
We tried Database Admin and saw that we could select our site database without logging in.
The interface is very basic though, and it helps to have a little understanding of SQL to navigate more effectively.
We also tried WP Adminer as an alternative.
It was very similar to accessing the database directly. The plugin appears as a shortcut in the Tools menu.
Why you should learn about WordPress file and directory structure
Your site is working, and working well at that. So why should you spend time learning about WordPress file structure? Apart from the simple reason of understanding how your site works, there are several good reasons:
- Solve minor issues on your own steam, like disabling a plugin or theme that is acting up.
- In case you face a major issue, it is important to be able to distinguish between good and bad advice . There is a ton of poor, although well-meaning advice, especially with respect to WordPress security. A little knowledge can help you ask the right questions when needed, and discard poor advice immediately.
- Understanding the file structure of your site makes you a power user . You may be able to accomplish a great deal more than previously. It is a stepping stone to learning WordPress development as well, should you be so inclined. For instance, suppose you need to add redirects to your site, you can do so by modifying the .htaccess file without needing developer intervention.
- It will also prevent you from deleting or changing critical files or database values, knowing that this will cause your site to crash.
- Setting file permissions will become easier once you know the interplay between different files, and which users need access to them. At first glance, the strongest permissions and tightest security rules seem like the best option. This is not true at all. Remember that files need to communicate with each other, and therefore need appropriate permissions to do so.
If you are reading this article to figure out which files to backup, then the answer is everything. Always take complete backups, and restore partially as and when required.
How to protect WordPress files, folders, and database from malware
Now that you have a good understanding of WordPress structure, both inside and out, you can take steps to protect it from hackers. In WordPress security, prevention is always better than cure, and doing the following will keep out the majority of malware attacks.
- Install MalCare, a top-notch security plugin with an integrated firewall
- Invest in site backups
- Keep WordPress, plugins, and themes updated as far as possible
- Use strong passwords, and a password manager to remember them
- Implement a good user policy
- Never use nulled software
We have compiled all our security expertise into actionable advice that you can use to protect your site in minutes.
결론
Now that you have a working knowledge of your site, it is sensible to take a backup every time you want to change something. This is your safety net in case anything goes awry and you have to restore in a hurry. BlogVault has the best WordPress backups and comes with a whole host of other great features to manage your site effectively.
FAQ
What is WordPress file structure?
WordPress file structure is the site’s organisational system. WordPress sites use files that contain code to run and interact with a database, which stores data.
How are WordPress files organised?
WordPress files are organised in a hierarchical folder structure. The WordPress installation is in a root directory, generally public_html or public, and everything else comes within it. There are 3 core folders in the WordPress root directory:wp-content, wp-includes, and wp-admin.
What should be in the wp-includes folder?
The wp-includes folder contains WordPress core packages and code that are installed with WordPress. The wp-includes folder and its constituent files remain constant. If you suspect there are changes, you can download a fresh installation of WordPress and compare those files with what is on your site.
Where are WordPress files located?
WordPress files are installed in a root directory on your site server. The root directory is often named public_html or public. All WordPress files are stored within the root directory in a hierarchical system of files and folders.