Understanding WordPress core files

WordPress core files

all the files in root directory.


  • wp-config.php is loaded for every page view (except cached files) before any content is output.
  • It contains sensitive information like database name, db username, db password, and db host.
  • For security enhancement, you can move this file out of WordPress root directory. e.g.,
if your WordPress files are located at:
then you can move the wp-config.php to


if your site root is /public_html
then you can move wp-config.php to

Note: the screenshot shows that the WordPress loads wp-config file
from /public_html/wp-config.php
or /wp-config.php
  • Debugging can be turned on and off by editing this file.
 * This will log all errors notices and warnings to a file called debug.log in
 * wp-content only when WP_DEBUG is true.
 * if Apache does not have write permission,
 * you may need to create the file first and set the appropriate permissions (i.e. use 666).
define( 'WP_DEBUG', true ); // Or false
if ( WP_DEBUG ) {
    define( 'WP_DEBUG_LOG', true );
    define( 'WP_DEBUG_DISPLAY', false );
    @ini_set( 'display_errors', 0 );
  • Saving database queries for analyzing on page templates.
// in wp-config.php file
define( 'SAVEQUERIES', true );
// in any page template e.g., index.php (in your (child)theme)
// at the very top!

global $wpdb;
echo "<pre>";
print_r( $wpdb->queries );
echo "</pre>";

// this will print the SQL command running to get the content for that page.
  • Removing post revisions or creating fewer revisions for a post.
// no revision for any posts.
define( 'WP_POST_REVISIONS', false );
// only last 5 post revisions (which you can restore from).
define( 'WP_POST_REVISIONS', 5 );

wp-config.php reference: WordPress wp-config.php


Location: wp-includes/functions.php

  • Contains core WordPress API functions used by core itself, plugins, and themes.
  • Some examples:
current_time(); // get current time
maybe_serialize(); // this function serializes serialized data as well
maybe_unserialize(); // unserialize the serialized data
is_serialized(); // check if the data was serialized
wp_get_http_headers(); // retrieve HTTP headers from url
add_query_arg(); // add query strings to a url
get_num_queries(); // returns number of database queries running in a page
/* if you var_dump( get_num_queries() ) in your theme's functions.php file,
 * you will get different number when you visit different pages. e.g,
 * visit home page, then single page, then category page and other.

wp_is_writable(); // check if the directory is writable or not
wp_upload_dir(); // helpful when creating file upload functionality 

Reference: Visit Official Site


Location: wp-includes/option.php

  • Contains Options API functions.
  • Some examples:
get_option(); // retrieve an option value
 * update option value which was already created.
 * serialization is not needed, happens automatically
 * (resources can not be serialized or added as an option)
 * if option doesn't exist, it'll be created
 * it will compare old and new option value, if same it will not 
 * update the option.

Reference: Visit Official Site


Location: wp-includes/formatting.php

  • Contains core WordPress functions for formatting output.
  • Some examples:
wpautop(); // convert double i.e., <br><br> tags into <p> tags
is_email(); // validate an email address
sanitize_email(); // strips out not allowed characters from an email
esc_url(); //  checks and cleans a url
esc_url_raw(); // perform esc_url() for database usage

Reference: Visit Official Site


Location: wp-includes/pluggable.php

  • These functions are meant to be overridden via plugin.
  • These functions are loaded only if the function is undefined even after loading all the plugins.
// for safety it's best to wrap pluggable function in function_exists()
// because two plugins can override same function.
if( ! function_exists( 'pluggable_fxn_name' ){
    // define and override logic here.

Reference: Visit Official Site


  • Contains plugin API functions.


  • Contains user API functions.


  • Contains functions used in the process of post creation.


  • Contains taxonomy API function.


  • Contains deprecated functions.
  • It is very important as a WordPress developer to check this file whenever a new version of WordPress is released. Its also best practice to use the new function in place of deprecated function as soon as possible.

wp-includes/ contains all the files that you can go through in case you want to learn more about WordPress core files.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.