Home Blog WordPress Management What is WordPress Core & What are the Core Files?

What is WordPress Core What are the Core Files

What is WordPress Core & What are the Core Files?

Understanding the foundation your WordPress website is built on can help you troubleshoot issues and gain a better understanding of WordPress development. 

At the heart of every WordPress site lies the WordPress core, the collection of code and files that power the entire platform. These key files include everything from the code that generates your site’s interface to the functions that allow you to manage content and users.

Every WordPress site is built on the same core files, and knowing what these files are and how they work can help you master development and troubleshoot issues with your site.

Let’s examine the WordPress core in detail and explain how to download the files and keep them up to date.

What are WordPress core files?

WordPress core files are the backbone of your website. While WordPress is made up of many files and folders, these files comprise the fundamental code that keeps WordPress functioning.

Core files consist of several directories which include the code that forms the admin area/dashboard and key WordPress functions and classes that power your site. There are also individual, critical files like wp-config.php, index.php, and functions.php.

All of this is written in PHP and Javascript, with some HTML and CSS for front-end elements.

Core files are maintained by the WordPress development team and released for free at WordPress.org. WordPress is constantly updating with new features and tweaks. You can even browse the source code and take a look at the foundation of every WordPress install.

Anyone can contribute to WordPress, but to become a full committer with the ability to add code to the platform, you’ll need to spend a long time assisting with its development in other ways.

A detailed breakdown of WordPress core components

WordPress core is made up of several key files broken into directories. WordPress is free to download, so you can examine this file structure yourself. Here’s an overview.

  • The root folder – When you first open up WordPress core, you’ll see several folders and files. Some of the most important files here include wp-config.php, which contains your database connection details and other critical configuration settings, and index.php, which is the main index file that loads and initializes WordPress. .htaccess is another important configuration file for Apache servers.
  • The wp-admin folder – This folder contains the files and scripts that power the WordPress admin dashboard – the back end where you manage your entire site’s settings and appearance. The central file here is admin.php, but there are dozens of files that control each and every aspect of the dashboard.
  • The wp-content folder – This is where your themes, plugins, and uploaded media files are stored.. WordPress comes with a few default themes and plugins. These are not technically part of WordPress’ core files; this folder will get filled with your own images, themes, and plugins.
  • The wp-includes folder – This houses the core WordPress functions, classes, and libraries that keep WordPress running.

Most of these files should not be edited, but there are two exceptions: wp-config.php, which contains configuration options you can edit or add your own, and functions.php – every theme has one of these, and if you know what you’re doing (and are using a child theme), you can add custom code here.

What isn’t included in WordPress core files?

While WordPress core forms the essential foundation of your site, that’s not all there is to it. There are several other types of files which are not part of the central code that makes up WordPress.

1: Database – The heart of your WordPress website is actually stored in the database and not in the website files. Things like the posts you write and comments left by users are all stored in the database.

2: Themes – Your theme is a template that forms the front end of your website and its appearance. With just the WordPress core, you’d have only the back-end dashboard and no actual website.

3: Plugins – Plugins extend the functionality of your website; they range from tiny code snippets that make small changes to entire apps in their own right. For example, our plugin Melapress Login Security is like a security app that adds a range of functionalities related to securing your login page(s). While WordPress comes installed with some plugins, most of these will have to be installed from the WordPress plugin repository.

4: Server files – Some web hosts/servers add extra files to your server. For example, Apache environments add a .htaccess file, which is a very important server configuration file.

How to install WordPress core

Thanks to WordPress being open source and free, it’s generally very easy to install. However, how exactly you install WordPress core greatly depends on the method you choose.

If you’re on a managed hosting environment, installing WordPress core can often be done at the click of a button.
Many web hosts include auto-installers like Softaculous for installing apps and CMSs like WordPress. Some can even create new WordPress instances on demand, sparing you the need to set them up manually.

However, if you’re on a custom hosting environment, there are some additional steps you should take.

If you haven’t done so already, then you first need to install any required dependencies and configure your web server for running WordPress.

[insert here]These will largely depend on the environment your hosting provider has set up for you as well as the Operating System. For example, if you’re installing WordPress on a clean Ubuntu installation, you’ll need to install these dependencies first.

If you need to set up WordPress yourself, here’s how you can install it through FTP.

1: Download WordPress from the link above and unzip it.

Visit the Download page on WordPress.org and click to download the latest version.

2: Obtain your FTP credentials from your web host. If you use cPanel, log in and scroll down to FTP Accounts. If your host doesn’t use cPanel, check your hosting dashboard or ask them for help.

3: Download and open an FTP client like FileZilla. Enter your username, password, and port and click Quickconnect.

4: Drop the unzipped WordPress folder into your webserver root folder, located in the right-hand panel.

5: Now you’ll need to create a database. You may already have one, so check within your web hosting panel to make sure. If you do, open up cPanel, click Database Wizard, and follow the instructions.

6: Back in your FTP client, look for wp-config-sample.php. Rename the WordPress core file to wp-config.php.

7: Open this file in any text editor, and replace the DB_NAME, DB_USER, and DB_PASSWORD values with the name, username, and password for your database that you just created. For example, for the DB_NAME value, replace database_name_here with the name you set for your database.

8: Visit your website in a web browser (or its subdirectory if you installed it in one). You can also append this to your website’s URL: /wp-admin/install.php.

Now just run the installer on that page and you should be good to go!

How to update WordPress core files

Keeping WordPress up to date is important, so let’s run through how to check if your WordPress installation is up to date, and how to update WordPress core if not.

This is really easy to do – just head to Dashboard > Updates. WordPress will automatically check for updates and let you know if you have the latest version.

If you have automatic updates turned off, you can enable them by clicking Enable automatic updates for all new versions of WordPress.

While it’s good to have automatic updates on, you may choose to leave it off as auto-updates can sometimes cause technical issues or incompatibilities with certain plugins and themes.

Why you should keep WordPress core up to date

If there’s one thing you need to know about WordPress core, it’s that you should always try to keep the platform up to date. Many websites run on an outdated installation of WordPress for compatibility reasons, but it can do more harm than good.

1: Security – The absolute biggest reason to keep WordPress up to date is for security reasons. When you run an outdated version of WordPress, your website may be vulnerable to being hacked – often by bad actors exploiting vulnerabilities patched months or years ago. And if you’re running an old version of WordPress, chances are you’re also on an outdated version of PHP, which only opens you up to more vulnerabilities.

2: Compatibility – While using an outdated WordPress version can allow you to work with old versions of PHP or particular plugins for longer, it also locks you out of many newer plugins and themes. Trying to run them could lead to conflicts and bugs.

3: Performance – Updates can come with performance improvements, so not keeping WordPress up to date may be slowing your website down.

4: New features and bug fixes – By failing to keep WordPress core up to date, you’re missing out on a lot of new features, plus a bunch of squashed bugs.

How to access WordPress core files

If you need to get to the core files, whether to edit them or just to examine them, there are multiple ways you can do so.

It’s highly recommended that you don’t edit the WordPress core, especially without guidance, as even one small change can break your site. If you want to add or remove functionality, it’s better to use a plugin or code your own rather than modifying the core files.

Geek note: If you choose to implement additional functionality through a custom plugin, consider installing it as a mu-plugin. Short for Must Use, mu-plugins are always activated and cannot be deactivated unless uninstalled. Thus, you can ensure the availability of the additional functionality without the risks of accidental deactivation.

Even if you manage not to break something, all your code will be erased next time WordPress updates anyway.

The exception here is wp-config.php. While you still should take care while editing it, your changes won’t be overwritten on update.

If you must edit WordPress core files directly, it’s recommended that you backup your site first, so any damage can be quickly reverted. You may also wish to use a revision system like Git alongside the Melapress File Monitor plugin so you can track exactly what changes you’re making.

With that said, here’s how you can access WordPress core files.

Access some files through the dashboard

While most core files can’t be edited through the admin dashboard, at least by default, WordPress does come with two options built in: the ability to edit theme and plugin files.

Just like editing core files, it’s generally recommended that you don’t edit these directly, as your changes will be lost when the theme/plugin updates. For themes, there’s a workaround; you can create a child theme, which will allow you to keep your theme up to date while saving any code changes.
You can find the theme editor in Tools > Theme File Editor and the plugin editor in Tools > Plugin File Editor.

And of course, remember to create a backup before making any changes to files on your website.

Use a file manager plugin

If you want to directly edit WordPress files from the dashboard, you’ll need a plugin.

While this can be a bit of a security risk if someone hacks your account, if you find yourself frequently accessing WordPress files, you may find it convenient to be able to view/edit any core file from within the dashboard.

Here’s how to edit core files in the WordPress dashboard.

1: Go to Plugins > Add New and search for File Manager. Install and activate the plugin.

2: Navigate to the new WP File Manager section in your navigation on the left.

3: Right click any file you want to edit and click Code Editor, or look for the Edit file button in the top bar.

4: When you finish editing, click Save & Close.

Access core files through FTP

Finally, you can access your core files through FTP. The steps for this are fairly similar to downloading WordPress in the first place, but let’s run through it.

1: Ask your web host for your FTP credentials, or, if your website uses cPanel, log in and check the FTP Accounts section for the necessary info.

2: Download FileZilla or another FTP client. Open it up and enter your username, password, and port. Now click Quickconnect.

3: You now have access to your WordPress files. To edit one, just right-click open. Save the document and upload it back to the server.

How to monitor core files with Melapress File Monitor

Sudden changes to core WordPress files are rarely a good sign – at least when an official update isn’t involved. It’s a good idea to keep an eye on file changes on your website, and for this, you can use our free plugin, Melapress File Monitor.

1: In your dashboard, navigate to Plugins > Add New. Search for and install/activate Melapress File Monitor.

2: Click File Monitoring and run through the installation wizard. Make sure you tick Enable WordPress core files scanning.

3: Your first scan will run now. When it’s finished, check back to see recent file changes.

You can also set up email alerts, and the plugin includes hourly, daily, and weekly scans.

Everything you need to know about WordPress core files

Now that you have a full understanding of WordPress core files, you’re equipped to work with and understand the underlying mechanisms of WordPress.

Each component plays a key role in keeping your site running, and it’s important to be careful when editing WordPress files. But if you’re careful and know what you’re doing, you should be able to install, view, and – when needed – edit WordPress core files.

As for keeping an eye on file changes, don’t forget to check out Melapress File Monitor, our free plugin that will log any changes made to core files. And for security-conscious WordPress users, our other security plugins are just what you need to keep your files safe.

Posted inWordPress Management
Brenda Barron
Brenda Barron

Brenda is a freelance writer with over a decade of experience with web design, development, and WordPress. When not click-clacking at the keyboard, she’s spending time with her family, playing music, or taking up a new hobby.


Leave a Reply

Your email address will not be published. Required fields are marked *

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon
Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2