WordPress core files
wp-admin/*
wp-includes/*
+
all the files in root directory.
wp-config.php
- wp-config.php is loaded for every page view (except cached files) before any content is output.
- It contains sensitive information like database name, db username, db password, and db host.
- For security enhancement, you can move this file out of WordPress root directory. e.g.,
if your WordPress files are located at:
public_html/demo/wp-config.php
then you can move the wp-config.php to
public_html/wp-config.php
OR
if your site root is /public_html
then you can move wp-config.php to
/wp-config.php
Note: the screenshot shows that the WordPress loads wp-config file
from /public_html/wp-config.php
or /wp-config.php
- Debugging can be turned on and off by editing this file.
/**
* This will log all errors notices and warnings to a file called debug.log in
* wp-content only when WP_DEBUG is true.
* if Apache does not have write permission,
* you may need to create the file first and set the appropriate permissions (i.e. use 666).
*/
define( 'WP_DEBUG', true ); // Or false
if ( WP_DEBUG ) {
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );
@ini_set( 'display_errors', 0 );
}
- Saving database queries for analyzing on page templates.
// in wp-config.php file
define( 'SAVEQUERIES', true );
// in any page template e.g., index.php (in your (child)theme)
// at the very top!
global $wpdb;
echo "<pre>";
print_r( $wpdb->queries );
echo "</pre>";
// this will print the SQL command running to get the content for that page.
- Removing post revisions or creating fewer revisions for a post.
// no revision for any posts.
define( 'WP_POST_REVISIONS', false );
// only last 5 post revisions (which you can restore from).
define( 'WP_POST_REVISIONS', 5 );
wp-config.php reference: WordPress wp-config.php
functions.php
Location: wp-includes/functions.php
- Contains core WordPress API functions used by core itself, plugins, and themes.
- Some examples:
current_time(); // get current time
maybe_serialize(); // this function serializes serialized data as well
maybe_unserialize(); // unserialize the serialized data
is_serialized(); // check if the data was serialized
wp_get_http_headers(); // retrieve HTTP headers from url
add_query_arg(); // add query strings to a url
remove_query_arg();
get_num_queries(); // returns number of database queries running in a page
/* if you var_dump( get_num_queries() ) in your theme's functions.php file,
* you will get different number when you visit different pages. e.g,
* visit home page, then single page, then category page and other.
*/
wp_is_writable(); // check if the directory is writable or not
wp_upload_dir(); // helpful when creating file upload functionality
Reference: Visit Official Site
option.php
Location: wp-includes/option.php
- Contains Options API functions.
- Some examples:
get_option(); // retrieve an option value
update_option();
/*
* update option value which was already created.
*
* serialization is not needed, happens automatically
* (resources can not be serialized or added as an option)
*
* if option doesn't exist, it'll be created
*
* it will compare old and new option value, if same it will not
* update the option.
*/
add_option();
delete_option();
Reference: Visit Official Site
formatting.php
Location: wp-includes/formatting.php
- Contains core WordPress functions for formatting output.
- Some examples:
wpautop(); // convert double i.e., <br><br> tags into <p> tags
is_email(); // validate an email address
sanitize_email(); // strips out not allowed characters from an email
esc_url(); // checks and cleans a url
esc_url_raw(); // perform esc_url() for database usage
esc_html();
esc_attr();
sanitize_text_field();
sanitize_textarea_field();
Reference: Visit Official Site
pluggable.php
Location: wp-includes/pluggable.php
- These functions are meant to be overridden via plugin.
- These functions are loaded only if the function is undefined even after loading all the plugins.
// for safety it's best to wrap pluggable function in function_exists()
// because two plugins can override same function.
if( ! function_exists( 'pluggable_fxn_name' ){
// define and override logic here.
}
Reference: Visit Official Site
plugin.php
- Contains plugin API functions.
user.php
- Contains user API functions.
post.php
- Contains functions used in the process of post creation.
taxonomy.php
- Contains taxonomy API function.
deprecated.php
- Contains deprecated functions.
- It is very important as a WordPress developer to check this file whenever a new version of WordPress is released. Its also best practice to use the new function in place of deprecated function as soon as possible.
wp-includes/ contains all the files that you can go through in case you want to learn more about WordPress core files.