The WordPress Root Directory
When you open your WordPress installation in VS Code, this is what you see:
public/
├── wp-admin/
├── wp-includes/
├── wp-content/
├── index.php
├── wp-config.php
├── wp-login.php
├── wp-cron.php
├── wp-signup.php
├── wp-activate.php
├── wp-comments-post.php
├── wp-trackback.php
├── xmlrpc.php
├── .htaccess
└── wp-blog-header.php
There are 3 main folders and several root-level files. Let us go through each one.
The 3 Main Folders
1. wp-admin/
This folder contains the entire WordPress admin panel — every screen you see after logging into /wp-admin. Dashboard, post editor, plugin manager, settings pages — all of it lives here.
wp-admin/
├── includes/ ← Admin helper functions
├── js/ ← Admin JavaScript files
├── css/ ← Admin stylesheets
├── images/ ← Admin UI images
├── index.php ← Dashboard home
├── post.php ← Post editor
├── plugins.php ← Plugins list page
├── themes.php ← Themes page
├── users.php ← Users page
├── options-general.php ← General settings
└── admin.php ← Admin bootstrap file
Rule: Never modify anything inside wp-admin/. Ever.
2. wp-includes/
This is the WordPress core library. Every core function, class, and utility lives here. When you call get_posts(), wp_mail(), WP_Query, wpdb — all of those are defined somewhere inside this folder.
wp-includes/
├── class-wp-query.php ← WP_Query class
├── class-wpdb.php ← $wpdb database class
├── class-wp-user.php ← WP_User class
├── class-wp-post.php ← WP_Post class
├── functions.php ← Core functions
├── pluggable.php ← Overridable core functions
├── post.php ← Post related functions
├── user.php ← User related functions
├── query.php ← Query handling
├── template.php ← Template functions
├── theme.php ← Theme functions
├── widgets.php ← Widget system
├── rest-api/ ← REST API classes
├── blocks/ ← Gutenberg blocks
└── js/ ← Core JavaScript (jQuery etc.)
Rule: Never modify anything inside wp-includes/. Ever.
You can read these files to understand how things work internally, but never edit them.
3. wp-content/
This is your entire workspace as a developer. Every line of custom code you write lives here.
wp-content/
├── themes/
│ ├── twentytwentyfour/ ← Default theme
│ ├── twentytwentythree/ ← Previous default theme
│ └── streamvault/ ← Your custom theme (we will create this)
│
├── plugins/
│ ├── hello.php ← Hello Dolly (default plugin, useless)
│ ├── akismet/ ← Akismet spam protection (default)
│ └── streamvault-watchlist/ ← Your custom plugin (we will create this)
│
├── uploads/
│ └── 2024/
│ ├── 01/ ← January uploads
│ ├── 02/ ← February uploads
│ └── ... ← Organized by year/month automatically
│
├── languages/ ← Translation files (.po, .mo)
└── index.php ← Silent file (prevents directory listing)
Root Level Files — The Important Ones
wp-config.php
This is the most important file in a WordPress installation. It contains:
- Database connection credentials
- Security keys and salts
- Database table prefix
- Debug mode settings
- Absolute path definitions
<?php
define('DB_NAME', 'streamvault');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
$table_prefix = 'wp_';
define('WP_DEBUG', false);
if (!defined('ABSPATH')) {
define('ABSPATH', __DIR__ . '/');
}
require_once ABSPATH . 'wp-settings.php';
We will cover wp-config.php in detail in Module 1.6.
index.php
The entry point for the entire WordPress application. Every single request goes through this file first.
<?php
define('WP_USE_THEMES', true);
require __DIR__ . '/wp-blog-header.php';
That is literally the entire file. It just sets a constant and loads wp-blog-header.php, which then boots the entire WordPress application.
wp-login.php
Handles the entire login, logout, registration, and password reset flow. When you visit /wp-login.php or /wp-admin, this file runs.
You will sometimes need to reference this file when building custom login redirects, but you never modify it.
wp-cron.php
WordPress's built-in task scheduler. Every time a visitor loads your site, WordPress checks if any scheduled tasks need to run (sending emails, checking for updates, clearing caches, etc.).
This is called "pseudo-cron" because it relies on site traffic to trigger — unlike a real server cron job.
.htaccess
This is an Apache server configuration file. WordPress uses it for pretty permalinks — converting ugly URLs like /?p=123 into clean URLs like /movies/inception.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
WordPress manages this file automatically when you change permalink settings. You generally do not touch it manually.
xmlrpc.php
An older remote publishing interface for WordPress. It allows external applications to communicate with your WordPress site. It is mostly considered a security risk today and is often disabled. You will not use it in this course.
The wp-content Folder In Detail
Since this is where all your work happens, let us go deeper.
themes/ folder
Each theme is a separate folder inside themes/. The folder name is the theme's slug.
themes/
└── streamvault/
├── style.css ← Required — theme metadata + styles
├── index.php ← Required — main fallback template
├── functions.php ← Theme setup, hooks, enqueue assets
├── header.php ← Header partial
├── footer.php ← Footer partial
├── sidebar.php ← Sidebar partial
├── single.php ← Single post template
├── page.php ← Static page template
├── archive.php ← Archive pages
├── search.php ← Search results
├── 404.php ← Not found page
├── screenshot.png ← Theme preview image (880x660px)
└── assets/
├── css/
├── js/
└── images/
A theme only needs two files to be valid — style.css and index.php. Everything else is optional but recommended.
plugins/ folder
Each plugin is either a single PHP file or a folder containing multiple files.
plugins/
├── hello.php ← Single file plugin (simple)
└── streamvault-watchlist/ ← Folder based plugin (proper)
├── streamvault-watchlist.php ← Main plugin file
├── includes/
│ ├── class-watchlist.php
│ └── class-ajax-handler.php
├── admin/
│ ├── css/
│ └── js/
└── public/
├── css/
└── js/
uploads/ folder
Every image, video, PDF, or file you upload through the WordPress media library goes here. WordPress organizes them by year and month automatically.
uploads/
└── 2024/
├── 01/
│ ├── movie-poster.jpg
│ ├── movie-poster-300x450.jpg ← Auto-generated thumbnail
│ └── movie-poster-150x150.jpg ← Auto-generated thumbnail
└── 02/
└── banner-image.png
When you upload an image, WordPress automatically generates multiple sizes (thumbnail, medium, large) based on your settings under Settings → Media.
The Golden Rule — What You Touch vs What You Don't
wp-admin/ ← NEVER touch
wp-includes/ ← NEVER touch
wp-config.php ← Only touch for configuration
.htaccess ← WordPress manages this, rarely touch manually
index.php ← NEVER touch
wp-content/
├── themes/ ← YOUR WORK (custom theme)
├── plugins/ ← YOUR WORK (custom plugins)
└── uploads/ ← Managed by WordPress, do not manually edit
Everything you build — every line of PHP, CSS, JavaScript — goes inside wp-content/themes/ or wp-content/plugins/. That is your entire sandbox as a WordPress developer.
ABSPATH — An Important Constant
You will see this constant throughout WordPress code:
defined('ABSPATH') || exit;
ABSPATH is defined in wp-config.php and holds the absolute server path to your WordPress root:
/Users/gagan/Local Sites/streamvault/app/public/
The line defined('ABSPATH') || exit; is a security check. It means — if this file is being accessed directly through a browser URL (not through WordPress), exit immediately. You will write this at the top of every theme and plugin file you create.
Summary
- WordPress has 3 main folders —
wp-admin,wp-includes, andwp-content. - You never touch
wp-adminorwp-includes— these are core files. - Your entire work as a developer happens inside
wp-content/themes/andwp-content/plugins/. wp-config.phpholds database credentials, security keys, and environment settings.index.phpis the application entry point — every request goes through it.uploads/is where media files are stored, organized by year and month automatically.- Always start every custom PHP file with
defined('ABSPATH') || exit;for security.
No comments:
Post a Comment