Beginner’s Guide to Understanding WordPress File Structure & Database
WordPress file structure: WordPress currently powers over 30% of the top 10 million websites on the internet. It’s been named the fastest growing content management system for 8 consecutive years. The platform is popular because it enables users to build a website quickly on their own. But WordPress is more than just a website building platform. It’s a community spanning across the globe that is growing stronger every year. If you are a budding member of this WordPress community, this post is for you. Just as a child learns alphabets before learning how to read sentences and how to write, understanding the WordPress file structure is a stepping stone towards learning more about WordPress. So here’s a guide to WordPress structure and database.
WordPress File Structure
After WordPress installs on your website, two things happen. One, a bunch of files are installed into your site and two; a database is created. And in order to understand the basic WordPress file structure, we must understand these files and the database.
What are WordPress Files and Database?
To understand the WordPress file structure, let’s take a look at the files of WordPress. Files of WordPress can be thought of as follows: codes, uploads, and configurations.
1> Code –
Codes to WordPress is what bricks are to a building. They are used to build a WordPress site. Codes can be divided into three parts – Core, Plugins, and Themes. Core, Plugins and Themes work in tandem to create your site.
The core is the heart of WordPress. The CMS’ most important files are stored here. WordPress has 3 Core files – wp-admin, wp-content, wp-includes. Any modification in the core could break your site.
Plugins and themes help design your WordPress site in any way you desire. When you install a plugin it is stored in a file called Plugins. And themes are stored in a file called Themes.
2> Uploads –
When you write a post with images, it becomes a part of WordPress. The images are uploaded and stored as a file, and the file is called Uploads.
3> Configuration –
This includes configuration files like wp-config that helps connect the files to the database.
But what exactly is a database? The database is like a cupboard where things are stored. In this case, everything from posts to comments on your WordPress site is stored in the mysql database.
More on the database in the next half of the post. Let’s first discuss WordPress directory structure.
WordPress consists of a bunch of files, and the main ones are wp-admin, wp-content, wp-includes, and wp-config. Going ahead, we’ll learn what the files are and where can they be found which will give us an idea of WordPress file structure.
To access these files, you will have to visit your web host account. Log in to your web host and go to a page called cPanel. There, you should be able to find an option for File Manager. Select that, and a page will open that would look something like this:
This is a typical file manager page. On the left-hand side, there are a bunch of folders. The wp-admin, wp-content, wp-includes, and wp-config files can be found in a folder called public_html. (In the picture below, you can see wp-admin, wp-content, wp-includes, and wp-config right under public_html).
Core WordPress Files:
The wp-admin folder contains administrative files that power the WordPress dashboard. The first thing that you see after logging into your WordPress site is the WordPress dashboard. It looks like this:
When you are trying to log in to the dashboard, WordPress checks whether the credentials that you have provided are correct, or whether you are an admin or a simple contributor with limited access to the site. The files in the wp-admin folder enable WordPress to carry out these functions. The files also enable a bunch of other functions like loading of the dashboard, making a connection to the database, etc.
Files in the wp-includes are responsible for how WordPress looks. This folder is large in size, and most of the WordPress core files are stored here. The text that we see on WordPress, the font of the text – all these are enabled by the files in the wp-includes folder. The files also contain rules, hierarchies, and action command for some of the WordPress features.
The wp-content folder is where themes, plugins and other uploads are stored. Whenever you install a theme, it’s stored in the Themes folder; plugins are installed in the Plugins folder and the images that you upload are stored in the Uploads folder.
– Plugin Folder
Understanding how things work in wp-content will help us further understand the WordPress file structure. Let’s install a WordPress plugin on my site. I have quite a number of plugins on my site. As you can see (image below) on the right-hand side, there are plugins like Better WP Security, BJ Lazy Load, BlogVault Real Time Backup, etc.
I installed and activated a new plugin called Instagram Slider Widget on my WordPress site.
The plugin now appears in the Plugin folder of the database which you can see in the screenshot below.
– Upload Folder
Everytime you upload a picture on your WordPress site, it goes into the Upload folder. To demonstrate, I’ve uploaded an image on my site. I’ve named the image, MalCare.
After uploading the image, when I visit the File Manager page again, I can see the image, along with its variations (WordPress generates different sizes on its own) in the wp-content folder.
wp-admin, wp-content, and wp-includes folders are often targeted by hackers. They hide malware in these folders mainly because most website owners don’t often visit the File Manager or look into these folders. Hackers can keep utilizing a website as long as the website owner is unaware of the hack. Once a site owner finds out that their site has been hacked, they’ll clean it which will block the hacker’s access to the site. Fear of being found out too soon prompts hackers to hide their bad codes in places where people are unlikely to look into.
The wp-config file acts as a mediator between WordPress and the database. It’s an extremely important file and should not be modified. Modifications can break the connection between the database and WordPress. If wp-config is unable to connect your WordPress site with the database, your site will appear blank. Anyone visiting your site will see a message saying ‘error establishing a database connection.’
.htaccess is present in the public_html folder, and you’d notice that it has no extension like .html or .txt. or php to this file. Using .htaccess you can make several changes to your WordPress site. It can help you password protect files and directory; it can prevent certain IP addresses from accessing your site, it can even help redirect visitors from one page to another, among other things.
Sometimes .htaccess is hidden and may not appear in the public_html folder. When that’s the case, what you need to do is go back to the cPanel, and click on File Manager. A popup will appear where you’ll have to select ‘Show Hidden Files.’
With this, we come to the end of the WordPress file structure. Going ahead we’ll discuss WordPress database as it tends to work very closely with the WordPress files and directories.
A database is like a storage cupboard with many shelves. It stores files in a structured manner. By default, the database has eleven tables. The tables can be thought of storage spaces inside a cupboard. The tables will expand as you begin using the WordPress website, adding more posts, attracting comments to the site. Database tables have a default prefix wp_ which can be changed at will. These tables can be optimized and repaired, and they can also be exported or backed up using a backup plugin like BlogVault. Each table has its own function, and we are going to discuss these functions below. But first, let’s see how you can access the database.
To access your database, you will have to visit your web host account. Log in to your web host and go to a page called cPanel. There, you should be able to find an option for phpMyAdmin. Select that, and a page will open that would look something like this:
Now let’s take a look at what each of these tables contains:
Table 1: wp_commentmeta
wp_commentmeta stores metadata for comments left on your WordPress site. Information on things like whether a comment is approved, or pending or trashed are stored in this table.
Table 2: wp_comments
wp_comments stores information surrounding comments left on your account. It includes unique number assigned to each comment, email addresses, IP Addresses and URL for the comment author, pingback or trackback, replies to comments, time and date of the comment, among other things.
wp_links takes care of blogrolls (a list of hyperlinks to other blogs or websites) that was fashionable in the past. WordPress websites had blogroll by default in the past, but since version 3.5 there have been no blogrolls. The table remains in the database for backward compatibility, i.e. if someone is still using older versions of WordPress that has blogrolls, this particular table will help taking care of the blogroll feature.
Table 4: wp_options
In your WordPress dashboard, there is an option called Setting. wp_options stores data related to that Settings feature. If you select Setting from your WordPress dashboard, you’ll see options that enable you to change site title, tagline, site address (URL), etc. This information is stored in the wp_options table. Let’s see the wp_options table on my website.
I visited the Setting option from my WordPress dashboard. As you can see in the picture above, my Site Title is ‘My Blog’, and the Tagline is ‘Just another WordPress site’. I found that the same information is stored in my wp_options table. Look at the picture below.
Table 5: wp_postmeta
wp_postmeta stores metadata (like Post ID, meta ID, among other things) for posts and pages. Identification numbers allotted to each post helps to store them in a structured manner. The IDs also makes it easier to find posts and web pages when they are needed.
Table 6: wp_posts
wp_posts stores information from posts, pages, and the navigation menu. How is it different from wp_postmeta? In wp_postmeta, you’ll find unique identification number allotted to posts and pages whereas in wp_posts consists of information like post name, author name, post date among other things. Let’s see how the information of a post is stored in this table.
I published a post called ‘Structure of a WordPress Site’ on my website.
As soon as my post was published, information of the post appears on the wp_posts table.
Table 7: wp_terms
wp_terms stores three things: categories for tags of posts, categories of posts and link categories. To understand what these things are, let’s take a look at the pictures below:
Tags of posts
In the three pictures above, we have:
- WP Security Audit Log (tag)
- Review (post categories)
- Uncategorized (post categories)
- Blogroll (link categories)
These tags, post categories, and link categories are present in the wp_terms table of my database.
Table 8: wp_term_relationships
wp_term_relationships stores relationship data for categories and tags from the wp_terms table. What does that mean? Let’s say there is a post on your website named A. It belongs to the category 9. This table helps determine that post A belongs to 9 categories and not some other category.
Table 9: wp_term_taxonomy
wp_term_taxonomy stores descriptions of the taxonomy (tag, link, or category) for the entries in the wp_terms table. This table helps differentiate between tags, or links or categories.
Table 10: wp_usermeta
wp_usermeta stores metadata of a WordPress user. For instance, your user ID is 1, and your fellow admin’s user ID is 2. This particular information is stored in the wp_usermeta table.
Table 11: wp_users
wp_users stores data for WordPress users. How is it different to wp_usermeta? Well, the wp_usermeta table stored unique identification number of users but the wp_users table stores other user information like the Username, User Login Name, Email address, etc.
To give you an idea, I created a new user on my WordPress website.
I looked up my wp_users table and saw information of the new user had been stored in there.
With that, we have covered the basics of the database and WordPress file structure.
If you have any questions around WordPress file structure or WordPress database or WordPress security (as that is what we specialize in) please do write to us. And thanks for reading.
Sufia is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Sufia distils the wisdom gained from building plugins to solve security issues that admins face.