WordPress のファイル構造とデータベースを理解するための初心者向けガイド

通常、WordPress のファイル構造について気にする必要はありません。 . WordPress には優れた wp-admin インターフェースがあり、エンジンが内部でどのように機能するかを知らなくても、サイトの運営に集中できます。

ただし、サイトの要点を知っておくと役立つ場合があります。これは、予期しない問題が発生した場合に特に当てはまります。 、およびすべてのヘルプは、特定の WordPress ファイルの変更またはデータベース内の値のリセットについて説明しています。

問題が発生していなくても、バックアップやセキュリティについて調べている可能性があります。コア ファイルとデータベース、または wp-config.php と wp-uploads などの用語は、コンテキストで頻繁に言及されます。

これらの用語を理解することは、トピックを微妙に理解し、サイトにとって最善の決定を下すために非常に役立ちます。 .

次のような質問があった場合:

• コア ファイルとは?
• プラグインとテーマはどこに保存されますか?
• データベースには何が含まれていますか?
• wp-uploads フォルダがセキュリティ上の問題になるのはなぜですか?
• WordPress のファイルとフォルダーの構造は?

あなたは正しい場所にいます。この記事では、WordPress のファイルとフォルダーの構造を理解していると自信を持って言えるように、サイトの舞台裏を紹介します。

TL;DR WordPress サイトには、ファイルとデータベースの 2 つの部分があります。これらはどちらも、サイトの機能にとって重要です。それらがどのように機能するかを理解すると、パワー ユーザーになり、問題のトラブルシューティングを行い、サイトに関する適切な決定を下すことができます。最善の決定の 1 つは、WordPress サイトを保護することです。優れたセキュリティ プラグインをインストールし、バックアップに投資してください。

多くの場合、私たちは自分の Web サイトに変更を加えたいと考えており、ハウツー記事でサイトのコードをいじってみることを勧められています。 FTP クライアントやファイル マネージャーを使用してサイトのファイルやフォルダーを確認することは、非常に当惑するように思えるかもしれません。

各サイト フォルダとファイルは重要に思えますが、多くの場合重要です! 最小のエラーがサイトのクラッシュにつながる可能性があるという悲惨な警告は、それほど的外れではありません。

そうは言っても、知識は力です。 WordPress のファイルとディレクトリ構造を理解することは、Web サイトを変更したり、実際に小さな問題をトラブルシューティングしたりする能力に自信を持たせるのに大いに役立ちます。いずれの場合も、サイトをいじる前に、常にサイトをバックアップすることを強くお勧めします。

WordPress のファイルとディレクトリ構造について

WordPress のファイルとフォルダーの構造は、サイトのエンジンです。ファイルには、サイトを強化するコードが含まれています。そのほとんどは目に見えないため (当然のことですが)、理解するのが少し混乱する可能性があり、車のボンネットの下を見るようなものです。

WordPress ルート ディレクトリ

WordPress を使用するには、まずサーバーにインストールする必要があります。ほとんどのウェブ ホストは、最初にウェブ ホスト アカウントを作成するときに自動的にこれを行います。または、WordPress をダウンロードして、自分でサーバーにアップロードすることもできます。

インストールとは、すべての基本的な WordPress ファイルの新規インストールがサーバーに配置されることを意味します。これがサイトの基盤です。

ほとんどの場合、WordPress のインストールは public_html に入ります。 または 公開 フォルダ。このフォルダーは、WordPress ルート ディレクトリ、または単にルートと呼ばれ、WordPress のコア ファイルとフォルダーを見つける場所です。フォルダーはまったく別の名前にすることもできますが、ほとんどの場合は public_html フォルダーになります。移行やバックアップなどのいくつかのサイト管理タスクにとって重要な場所であるため、どのフォルダーがルートであるかを知っておくことは価値があります。

The WordPress root directory contains the following files and folders:

• wp-admin
• wp-content
• wp-includes
• .htaccess
• index.php
• license.txt
• readme.html
• wp-activate.php
• wp-blog-header.php
• wp-comments-post.php
• wp-config-sample.php
• wp-cron.php
• wp-links-opml.php
• wp-load.php
• wp-login.php
• wp-mail.php
• wp-settings.php
• wp-signup.php
• wp-trackback.php
• xmlrpc.php
• wp-feed.php

WordPress core files and folders

WordPress Core files and folders are those installed during the WordPress installation. These files power everything from the login page and the admin dashboard, to the database connection and managing users. There are 2 core WordPress folders:wp-admin and wp-includes , and several core files.

wp-admin フォルダ

As the name suggests, this folder manages the entire experience of your WordPress wp-admin dashboard. There are seven folders in the wp-admin folder as follows:

• css
• images
• includes
• js
• maint
• network
• user

There are lots of files too, the important ones being:

• admin.php – core file that manages the wp-admin dashboard
• index.php – loads pages in response to visitor requests
• install.php – installs WordPress
• plugins.php – controls all the plugins, active or inactive
• themes.php – controls all the installed themes
• users.php – manages users and their permissions

Most of the files are fairly self-explanatory as to their function. Essentially, all the WordPress folders and files within the wp-admin folder centre around the admin.php file , which controls the dashboard and all the functionality within it.

wp-includes フォルダ

wp-includes contains all the core software for your WordPress site . You’ll see this referred to in a variety of ways:packages, code libraries, and WordPress source code. The nomenclature isn’t important here, but the code is critical.

Therefore, it is inadvisable to modify anything in the wp-includes directory ever, because it can and will break your site. Plus, there is no good reason to do so. Rarely will you come across a tutorial that advises you to alter any of the code contained in the wp-includes folder.

The one possible exception to this rule is the functions.php ファイル。 The functions.php file contains all the code for all the functions on your site. It is a special case because it works in tandem with the functions.php file that exists in your active theme as well. Typically, things like Google Analytics code and other tracker code are added to the theme’s functions.php file, but are liable to get lost if the theme is changed. That’s why you may come across advice to add the tracking code to the core functions.php file instead. However, we recommend against changing anything in the core files. You can always copy code from an old theme to a new theme easily, without endangering your entire site.

We strongly recommend against making changes to WordPress core files and folders, because they control your site. Even small errors can lead to your site crashing completely. If at all you absolutely must make changes, please make sure to take a full site backup just before. In any event, every time WordPress is updated, these files are overwritten, and any changes you do make will be lost.

WordPress core files

In the root folder, you will also see several files. While all of them are important, some of them are worth noting.

index.php

An index.php file is responsible for showing your site in response to a visitor request. It initialises and loads the right core files when a page is requested. This concept is better understood by seeing what happens when there isn’t an index file.

If your root folder didn’t have an index file, when someone tries to visit your site, the contents of the root folder will be displayed on the browser. Apart from the terrible unintended user experience, this is also a security issue.

The index file is a directory-level file and will be visible in most folders and sub-folders. For instance, it also exists in the wp-content folder. If that file was missing, the contents of the folder would be visible. As it stands, a blank white screen is shown instead.

Apart from the one in the root folder, the index.php file is often a blank file with a single-line comment:“Silence is golden.”

WordPress configuration files

There is a special subset of core files known as configuration files. Configuration files are the only core files that you can reasonably expect to edit. That is not to say that they aren’t equally important as the other core files, however, there is certain site functionality that you can only toggle from within a configuration file.

Ideally, you should use a plugin wherever possible to make these changes. For instance, it is vastly better and easier to use a plugin to implement geo-blocking, rather than modifying the .htaccess file. However, if you are creating a multisite, then you would need to add code to the configuration files manually during the network setup.

wp-config.php

The wp-config file is used to store database connection info, security keys and salts, and the database prefix . It is often targeted by hackers for this reason, as the database credentials are stored in cleartext, as are the security keys and salts.

Security keys and salts are an encryption mechanism used by WordPress to authenticate logged-in users securely. We have a step-by-step guide on how to change your security keys and salts, in case you think that a user account has been compromised.

The wp-config file also contains the built-in WordPress debugging feature . By default, the debugging feature is disabled. Once enabled from the wp-config file, it will show all errors, warnings, and notices. This is different from typical behaviour which may only show critical errors or fatal errors.

In a lot of security articles, you will see advice to move the wp-config file to another location, out of the root. But this is of limited value, because every WordPress site has a wp-config file somewhere in the installation, and a determined hacker with requisite access will find it eventually. A better way to secure your WordPress site is to install a security plugin; preferably one with a good firewall.

.htaccess

The .htaccess file is another important configuration file that is used to manage site links. Things like permalink structure, URL redirects, IP address blocking , and so on are managed by the .htaccess file. For instance, if you ever want to implement geoblocking manually, you will need to modify the .htaccess file, although we definitely don’t recommend it. In addition to links, the .htaccess file can also be used to password-protect your site.

Both the .htaccess and the wp-config files are generated on WordPress installation, and thus would not be visible in a downloaded installation package. Even once installed, the .htaccess file is hidden. To be able to see it, enable the option to view hidden files on your FTP client.

The .htaccess file is a configuration file specifically for Apache web servers. Some web hosts use nginx instead of Apache servers, so there will be no .htaccess file for your site altogether.

wp-content folder

Plugin and theme files and folders are, as the names suggest, installed with plugins and themes. For instance, if you install a contact form plugin, the code for that plugin will be in these files. Similarly, with the theme; the code for displaying images and fonts are in these files.

All plugins and themes are generally found in the wp-content folder, unless in special circumstances. For example, a firewall plugin would be located at the root level, so it loads before the rest of the site. This concept is known as load order, which is often seen in relation to WordPress security.

Each plugin or theme will mostly have its own folder with the files it needs to function correctly. In fact, plugin and theme installation files can be uploaded via FTP directly to the wp-content folder and then unzipped there.

Themes

Plugins have enormous variety, so rarely conform to a template. Themes, on the other hand, usually affect the same elements of a site, so they can look quite similar at a code level.

For instance, every theme has a functions.php file . We briefly referred to this while speaking about the functions.php file in the wp-includes folder. The theme functions.php file contains all the code needed to execute the theme. It also often has the extra code needed to run analytics and trackers on your site. When changing over to a new theme, you need to backup the functions.php file to make sure that you don’t lose any of that customisation.

Interestingly, although a WordPress site will work without a single plugin—albeit be very boring—it cannot function without a theme. The active theme is indicated in a required field in the database and has to be available for the site to load at all.

wp-uploads

The wp-uploads folder is where the files that visitors upload to the site are stored. It correlates directly to everything visible in the site’s media library. The files are stored in yearly and then monthly folders for retrieval.

The wp-uploads folder is universally accessible by default, so it often poses a security risk. This is why the folder shouldn’t have any executable files ever.

It is important to remember that we are talking about the boilerplate installation of WordPress. Since customisation of plugins, themes, and of WordPress itself can vary significantly from site to site, this is by no means an exhaustive list. The WordPress codex has a full list of WordPress files that come with the basic installation.

You may or may not see some of the files in the folders as described above, depending on how the installation is configured. Alternatively, you may not see the .htaccess file in your FTP client, because it is a hidden file. You will need to enable that setting to see it.

Understanding WordPress database tables

A database is a system used to store, organize, and retrieve data to run your website. Along with the files, it forms the other crucial part of your site. The WordPress database is used to store user-generated content like posts, pages, comments, etc. in tables.

Note:this is often the reason why advice on how to backup your WordPress site often suggests you backup only the database, assuming you can download everything else. This is not good practice, as you should always backup your entire site.

WordPress uses a MySQL database to store site information in tables, SQL commands to manipulate the data within, and the programming language PHP to communicate between the files and database. Therefore, when you install WordPress for the first time, during the installation you will need to create a MySQL user for the database. And, as we will see later, you can use an interface like phpMyAdmin or Adminer to access your site’s database.

Each site has a single associated database, and each database consists of multiple tables. The core WordPress tables are:

• wp_options
• wp_users
• wp_usermeta
• wp_posts
• wp_postmeta
• wp_terms
• wp_term_relationships
• wp_term_taxonomy
• wp_comments
• wp_commentmeta
• wp_links

These tables are installed with WordPress. Over the course of time, as the site grows and plugins are added, the database grows with more tables and therefore more data.

The important thing to remember is that the tables often work in tandem with each other. That means data can be drawn from different tables. For instance, comments on posts are stored in the wp_comments table, but wp_commentmeta also is important for retrieval. This is especially true for WooCommerce sites, where order and product data is stored across multiple tables.

We have a full article with more information on how the WordPress database functions.

How to access the WordPress files, directories, and database

Your WordPress site is stored on a web host server, which is essentially a remote computer. To access the WordPress file structure and database, you need to connect to this computer. There are several ways to do this though. Each method has its pros and cons, so it is worth reading about all the methods and deciding which one works best for you.

cPanel

The most common method talked about in WordPress tutorials is to use cPanel. cPanel is a control panel software offered by most web hosts. It has a variety of tools for different tasks. The ones that we are most interested in for the purposes of viewing WordPress files and the database are the File Manager and phpMyAdmin それぞれ。

To access cPanel on your site, enter yourdomain.com in the URL bar, followed by /cpanel. Login with cPanel credentials, which are different from your wp-admin ones.

Under the Files section, you will find an icon for File Manager.

File Manager is a bit like your computer’s file explorer. You will see WordPress folders and files in a similar interface. To edit any of the files, you need to download them, edit them on your local machine, and then reupload them to the correct folder, after deleting the existing file.

To access the database, look for the phpMyAdmin icon under the Databases section on cPanel.

phpMyAdmin is separate from cPanel, so the icon is merely a shortcut to access it. If you aren’t logged in automatically, you can find the database login credentials in the wp-config.php file.

Under the Databases tab or from the left side panel, find the database that is associated with your site if there is more than one database.

Clicking on your database will open it to display all the tables within. Further, clicking on a table name will display the rows and values.

Some web hosts don’t provide cPanel, and may have an alternative control panel software like Plesk or Webmin. Others may not have any options at all, in which case you would need to use FTP to access your site files.

FTP/SFTP

File Transfer Protocol or FTP is an alternative to HTTP. We are all familiar with HTTP, which is a protocol used to transfer information over the internet. They work in different ways and are used interchangeably to access data on a server.

FTP is different from HTTP in one key way, which is that it requires authentication. That means you have to provide login credentials to be able to access the server.

To use FTP or SFTP, which is more secure, you need to download and install a client, like FileZilla. For the purposes of this article though, we are going to use Cyberduck.

First, locate your FTP credentials on your web host dashboard.

Next, create a new connection on the FTP client, and plug in the credentials.

Once the connection has been established, you can view the WordPress files and folders on the server.

If your web host doesn’t have cPanel access, they may not use phpMyAdmin either. However, most web hosts do provide a link to the website database from the dashboard.

In this example, Cloudways has a button to Launch Database Manager from the website dashboard. Cloudways uses Adminer instead of phpMyAdmin.

On the other hand, Dreamhost does, and you can find a Manage link on the website panel.

SSH

Short for ‘secure shell’, SSH is a way to connect securely to a remote computer over potentially insecure networks. In the case of WordPress, you can use it to access files on your site server from anywhere else.

SSH uses a command-line interface to interact with and control the site files and folders instead of a browser. Like with FTP, you may need a client to use SSH, although most systems have the ability built-in. We used the Terminal on macOS to open a connection to our web server.

Similar to FTP again, you will need credentials to log in:server address, username, and password. You may or may not need the port number. To connect to your server with SSH, type in ssh username@serveraddress. You will be prompted for a password, and once that is in, you will be able to interact with your site files.

With SSH, you need to have some familiarity with the command-line interface or be prepared to look through a ton of documentation. This list of commands can help you get started, although it is not comprehensive.

Note:Using the command-line interface, you can also leverage WP-CLI commands. WP-CLI is a tool to interact specifically with WordPress site files and its database, and thus has commands that are specific to WordPress.

Plugins

If you want to avoid cPanel and FTP altogether, you can also install a plugin to view and interact with WordPress files and folders.

The advantage of using a plugin is that you can see the files directly on your wp-admin dashboard, without needing to log in separately. The disadvantage is that if your site crashes for any reason and you want to fix an errant plugin or theme, you won’t be able to use these plugins to do so. However, it is still a viable alternative in most cases.

We tried out WP File Manager, and it was a breeze to use. Find the plugin from the plugins directory, install it, and you’re done.

The dashboard clearly shows all the files of your site, right from wp-admin.

One word of caution here is that searching for ‘file manager’ plugins also lists results for media library file managers. Those plugins serve an entirely different purpose.

Similarly, you can install a plugin to view the site database as well.

We tried Database Admin and saw that we could select our site database without logging in.

The interface is very basic though, and it helps to have a little understanding of SQL to navigate more effectively.

We also tried WP Adminer as an alternative.

It was very similar to accessing the database directly. The plugin appears as a shortcut in the Tools menu.

Why you should learn about WordPress file and directory structure

Your site is working, and working well at that. So why should you spend time learning about WordPress file structure? Apart from the simple reason of understanding how your site works, there are several good reasons:

• Solve minor issues on your own steam, like disabling a plugin or theme that is acting up.
• In case you face a major issue, it is important to be able to distinguish between good and bad advice . There is a ton of poor, although well-meaning advice, especially with respect to WordPress security. A little knowledge can help you ask the right questions when needed, and discard poor advice immediately.
• Understanding the file structure of your site makes you a power user . You may be able to accomplish a great deal more than previously. It is a stepping stone to learning WordPress development as well, should you be so inclined. For instance, suppose you need to add redirects to your site, you can do so by modifying the .htaccess file without needing developer intervention.
• It will also prevent you from deleting or changing critical files or database values, knowing that this will cause your site to crash.
• Setting file permissions will become easier once you know the interplay between different files, and which users need access to them. At first glance, the strongest permissions and tightest security rules seem like the best option. This is not true at all. Remember that files need to communicate with each other, and therefore need appropriate permissions to do so.

If you are reading this article to figure out which files to backup, then the answer is everything. Always take complete backups, and restore partially as and when required.

How to protect WordPress files, folders, and database from malware

Now that you have a good understanding of WordPress structure, both inside and out, you can take steps to protect it from hackers. In WordPress security, prevention is always better than cure, and doing the following will keep out the majority of malware attacks.

• Install MalCare, a top-notch security plugin with an integrated firewall
• Invest in site backups
• Keep WordPress, plugins, and themes updated as far as possible
• Use strong passwords, and a password manager to remember them
• Implement a good user policy
• Never use nulled software

We have compiled all our security expertise into actionable advice that you can use to protect your site in minutes.

結論

Now that you have a working knowledge of your site, it is sensible to take a backup every time you want to change something. This is your safety net in case anything goes awry and you have to restore in a hurry. BlogVault has the best WordPress backups and comes with a whole host of other great features to manage your site effectively.

よくある質問

What is WordPress file structure?

WordPress file structure is the site’s organisational system. WordPress sites use files that contain code to run and interact with a database, which stores data.

How are WordPress files organised?

WordPress files are organised in a hierarchical folder structure. The WordPress installation is in a root directory, generally public_html or public, and everything else comes within it. There are 3 core folders in the WordPress root directory:wp-content, wp-includes, and wp-admin.

What should be in the wp-includes folder?

The wp-includes folder contains WordPress core packages and code that are installed with WordPress. The wp-includes folder and its constituent files remain constant. If you suspect there are changes, you can download a fresh installation of WordPress and compare those files with what is on your site.

Where are WordPress files located?

WordPress files are installed in a root directory on your site server. The root directory is often named public_html or public. All WordPress files are stored within the root directory in a hierarchical system of files and folders.