Home Blog WordPress Management A beginner’s guide to WordPress website file access

How to access WordPress files

A beginner’s guide to WordPress website file access

If you’re a WordPress administrator looking to understand how to access WordPress files, you’re in the right place. WordPress files play a critical role in WordPress. While you might not need to access these files daily, understanding how to access them can help you improve your WordPress management and troubleshooting processes.

In this blog post, we explain how to access the WordPress files and directories that are common to all WordPress websites. We provide a step-by-step guide for each method, including accessing your website files locally, via SSH, FTP, SFTP, cPanel, and from the WordPress dashboard.

What you’ll find in WordPress files

The WordPress core files include all of the code required to make WordPress work, the WordPress media library, WordPress configuration files, as well as some web server configuration files, such as the htaccess file.

Because WordPress is open source, all of the code can be easily accessed and modified if you’re so inclined through these very files.

For example, the admin.php file, which you’ll find in the wp-admin folder, is the driving force behind the WordPress backend and even handles connections to the WordPress MySQL database.

The wp config.php file is another file you’ll find in the WordPress directory. It is created during the WordPress installation process and contains information on database settings, WordPress secret keys, the database table prefix, and the absolute path to the WordPress file directory.

  • functions.php: /wp-content/themes/themename/ (where themename is the name of the theme)
  • wp-config.php: / (the root WordPress folder)
  • Plugins files: /wp-content/plugins
  • Media files: /wp-content/uploads
  • Theme files: /wp-content/themes/

Why access to WordPress files?

WordPress website files are the building blocks of your WordPress website. These files are stored in a folder-based directory on the server on which WordPress is hosted. Indeed, these very files (and the WordPress database) make up WordPress.

It is important to understand the WordPress core files, how they fit together, and how you might use them to manage your WordPress website.

With direct access to WordPress files, you can:

  • Manually disable or delete problematic plugins
  • Troubleshoot website issues
  • Create, manage, and delete your website’s files
  • Backup and restore important WordPress files.

If you’re going to edit a PHP file, consider using an IDE (Integrated Development Environment) such as Visual Studio Code, which provides syntax highlighting.

File and Folder Permissions

WordPress folders and files make use of permissions to restrict and grant access. If you’re going to edit WordPress file permissions, you’ll need to proceed with caution. Gaining access to a WordPress directory or file for a WordPress website means a user can access files to see information, make changes to content and configuration files, and upload or delete files. 

It is essential to restrict access to relevant users only on a granular (by individual directory or file) basis to reduce security vulnerabilities and protect your website from accidental file changes or configurations, data leaks, or malicious hacks.

Each WordPress installation has its own configurable file permissions. There are three standard levels of permissions:

  • Read allows users to read the contents of a file or folder
  • Write allows users to read the contents of a file or folder and modify it
  • Execute (the highest level) allows users to read the content of a file or folder, modify files, and execute anything in the folder

Backups

It is important to remember that before you begin accessing your WordPress files and making any changes, you should take a backup of your WordPress website. Depending on your setup and access methods, different backup options can be available to you. Whichever way you decide to backup your files, it is essential to follow best practices and avoid exposing WordPress backup files to avoid unnecessary security risks.

How to Access WordPress Website Files

Your website’s WordPress files are located in a directory on the machine that is acting as the web server. This could be your computer or a server hosted by your WordPress hosting provider. The files behave the same regardless of where they are hosted. The main differentiator here is how you access them.

Let’s look at each method of accessing your website’s files in turn, some of which give you full access right from the WordPress root directory.

  • Locally
  • Secure Shell (SSH)
  • File Transfer Protocol (FTP/SFTP)
  • Plugin
  • cPanel
  • WordPress Dashboard

How to access WordPress website files locally

If you have physical access to the web server on which WordPress is hosted or can access the server through a remote desktop connection, you can access the files locally.
Accessing WordPress files locally is as easy as accessing any other locally stored files. The location of the files will depend on the Operating System you are using and the software you are running. We will illustrate with a few different examples; however, your mileage may vary if you have some sort of custom setup.

Windows

While Windows is not a popular Operating System for hosting WordPress websites, it is an option that is used by many. If you have a Windows computer, you can also use it to set up a staging site, with many different options available, as highlighted below

IIS: IIS, short for Internet Information Services, is Microsoft’s own web server. Think of the web server as the software that allows you to serve websites to visitors and not a physical server. By default, IIS stores webpages in the following directory: C:\inetpub\wwwroot.

Local Flywheel: Local Flywheel is a nifty software that lets you quickly set up WordPress websites on your local machine. It hides much of the complexity that goes in setting up web servers, making it an ideal solution for testing out WordPress and setting up staging environments, among other things. By default, Local Flywheel stores webpages in the following directory: C:\Users\your_username\Local Sites, where your_username is your Windows username.

XAMPP: XAMPP is a popular way to install all of the components you need to run WordPress on a Windows machine. It is also available for MAC and Linux. XAMPP installs Apache, MariaDB (a common MySQL alternative), PHP, and Perl in one convenient package, making it a favorite among many. By default, XAMPP stores web folders in C:\xampp\htdocs however, the full path may differ depending on how it was configured during installation.

Linux

Linux is often the Operating System (OS) of choice for web servers. It is a free OS that is very stable and secure. However, its file structure is very different from that of Windows, which may take some time getting used to if you don’t have much experience with it.

Apache: Apache is one of the most commonly used web servers. The location of WordPress files can vary according to the configuration. If your WordPress is hosted on an Apache server, you might want to try the following locations:

  • /var/www/html/
  • /srv/www/

Nginx: Just like on Apache, the default WordPress folder location will depend on the configuration. The below locations are commonly used, but you might want to refer to the Nginx configuration file to find the exact location:

  • /usr/share/nginx/www
  • /usr/local/nginx

How to Access WordPress Website Files via SSH

Accessing your website’s WordPress file structure via Secure Shell SSH is very popular. It offers much flexibility and enables access to the WordPress Command Line Interface (WP-CLI). WP-CLI is a WordPress-specific command line interface that provides a handy method for updating files, making site changes, and troubleshooting.

Prerequisites for accessing your website’s files stored on your web host’s remote server:

  • Ensure your webserver allows you to connect to your website over SSH, and that it is configured correctly
  • Download and install a Terminal client such as PuTTY
  • Locate the correct credentials, which you can find in the SSH Keys Manager (or similar) section of your website host’s dashboard. You will need the following credentials:
    • Servername/Hostname, e.g., ‘yoursite.com’
    • Username and password
    • Port, e.g., ‘21’

Steps

Using SSH is easy (and a lot of fun). We’ll walk you through the entire process, step-by-step using Solar-PuTTY; a free SSH client by Solarwinds.

  1. Open Solar-PuTTY and click on the Create new session button
  2. Enter the following information:
    1. Session name: a friendly name for the connection, which can be anything you want
    2. IP or hostname: The IP address or hostname of the WordPress web server
    3. Port: The port number you want to connect over
    4. Type of connection: The type of connection allowed by the server (SSHv2 is the most widely used)
    5. Username: The username of the user that can connect over SSH
    6. Password: The password associated with the user
    7. Private key: If SSH requires a private key to connect, select the appropriate key

Once ready, click on Create.

This will create and save the connection, which will now be visible in the Overview window. Double-click it to connect to the server.

In most cases, you’ll connect to the server’s home folder, so you’ll need to navigate to the appropriate folder.

How to Access WordPress Website Files via a FTP

File Transfer Protocol is a method for conveniently transferring files between a computer and a server. For this method to work, you need an FTP server on one end and an FTP client on the other end.

SFTP is its secure counterpart, and the two terms are often used interchangeably. Even so, it is of the utmost importance always to use SFTP, thus ensuring communication is secure. FTP over TLS

To access files through SFTP, you need an SFTP client. Windows does have a built-in FTP client, but most use a dedicated client, with FileZilla being an absolute favorite. Other options that you might want to consider include WinSCP and Cyberduck.

One important thing to note here is that an FTP server must be configured and running on your WordPress server. Check with your hosting provider if you’re unsure whether this is the case.

  1. Open FileZilla
  2. Click on File and then Site Manager
  3. Click on New Site and give it a name
  4. Next, select SFTP from the Protocol drop-down menu
  5. Enter the Host name and Port number
  6. Choose the Logon Type by selecting Normal if you’re using a username and password combination or Key file if you’re using SSH keys
  7. Enter the User name and Password if you’re using Normal logon type or User name and Key file if you’re using SSH keys
  8. Click Connect to connect

You now have access to your WordPress website’s directories and files.

Navigating FileZilla

If you’re new to FileZilla, here is a quick tour of the main window, showing:

  • Your local directory is in the top left Local site section, with files including file types in that directory listed in the section just underneath it
  • Your website server’s directory is in the top right Remote site section, with files in that directory listed in the section just underneath it

In the bottom window:

  • Any files that are currently in the process of being uploaded to your remote website or downloaded to your local website will be displayed (temporarily) in the Queued files tab
  • Any files that have not been uploaded or downloaded properly will be displayed in the Failed transfers tab
  • Any files that have been downloaded will be displayed on the Successful transfers tab

Depending on how your FTP account is set up, once you log in, you should be in the webserver root folder. You may need to navigate to the WordPress directory to find the files.

You can now upload files, copy folders from the local to the remote website, or add items, such as theme files and plugin files.

How to Access WordPress Website Files via a cPanel Dashboard

cPanel is a popular, Linux-based website hosting control panel. Some website hosting providers include it as part of the hosting package. It provides access to several tools, including File Manager, which you can use to access WordPress site files.

There are two ways to get to the cPanel: from your website host’s dashboard, or directly from your browser.

To access cPanel through your website host dashboard:

  1. Log in to your hosting account’s control panel and locate cPanel. The exact procedure varies significantly from one provider to the next. If in doubt, check your hosting provider’s documentation
  2. Once in cPanel, navigate to the Files section and then Locate and click File Manager

To access cPanel directly from your browser, append the cPanel port to the website URL as shown:

  1. If your website uses HTTP, add ‘:2082’, e.g. http://yourwebsiteaddress.com:2082 or, if your website uses HTTPS, add ‘:2083’, e.g. https://yourwebsiteaddress.com:2083.
  2. The cPanel login page is displayed. Enter your Username and Password, and click Log in.
  3. To access your WordPress files, find the Files section and click File Manager.

From the same area in your website’s cPanel, you can also connect to FTP (look for FTP Accounts or FTP Session).

How to Access WordPress Website files via the WordPress Dashboard

You can also access WordPress files through the dashboard by installing a file manager plugin. WP File Manager is a popular choice that enables you to access your files directly from the WordPress admin dashboard.

How to access WordPress File Manager

You can download the plugin by searching for File Manager in the Add Plugins screen and installing it just like any other plugin.

Once installed, it allows you to easily access all core WordPress files along with all other files and folders in the WordPress folder. You can upgrade to the Pro edition for a more advanced file manager, which offers additional features.

Monitoring for Changes in Your WordPress Files

Keeping tabs on changes in your WordPress files is essential – a change in a core WordPress file can take your website offline and, without a record, can be near-impossible to find.

Melapress File Monitor is a plugin that keeps tabs on your WordPress files and alerts you whenever there is a change. It also integrates with WP Activity Log, helping you keep a unified record of what goes on your WordPress website.

Frequently Asked Questions

Which method is the best to access WordPress files?

Your setup configuration is a bigger factor in determining which methods might be available to you. Using a plugin is the most straightforward and accessible method and should work regardless of your setup. Do check with your hosting provider to see which methods are available, including SFTP and SSH, since these offer a lot of flexibility.

How do I check and set file access permissions in WordPress?

Once you gain access to your files, as explained in the various methods in this document, you can configure default directory and file permissions individually on each one using the Read, Write, and Execute settings.

How do I access the File Manager in WordPress?

WordPress does not have a File Manager function. However, you can access a file manager through cPanel or WP File Manager, a third-party plugin.
cPanel availability depends on your hosting provider and is not something you can install yourself unless you have your own server. WP File Manager is a free plugin you can easily install from your WordPress dashboard.

Posted inWordPress Management
Joel Farrugia
Joel Barbara

Joel is our technical writer responsible for writing the different kinds of content we need. With a background in tech and content, he has a passion for making technology accessible and understandable for everyone. You can reach Joel at joel@melapress.com.


Leave a Reply

Your email address will not be published. Required fields are marked *

Stay in the loop

Subscribe to the Melapress newsletter and receive curated WordPress management and security tips and content.

Newsletter icon

It’s free and you can unsubscribe whenever you want. Check our blog for a taste.

Envelope icon
Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2