Code Overview
Wordpress Directory & File Structure
wp-config.php
It contains database connection, username, password, database name, advance WordPress setting.
define('OPTION_NAME', 'value');
option name is the name of constant.
DB_CHARSET utf8 by default
DB_COLLATE sort order of character set
A secret key is a hashing salt, which makes your site harder to hack by adding a random element to the password you set.
Table prefix by default set to wp_ you can change it to
$table_prefix = 'lecter_';
WPLANG option set the default language.
WP_DEBUG define('WP_DEBUG', true);
Advance Option
define('WP_SITEURL', 'http://example.com/wordpress');
define('WP_HOME', 'http://example.com/wordpress');
above two option temporarily change the value. This is a useful technique if you build the website under temporary development URL.
Background Updates
Core Updates, Plugin Updates, Theme Updates, Translation file updates
to completely disable all update
define('AUTOMATIC_UPDATE_DISABLED', true)
define('WP_AUTO_UPDATE_CORE', true) major/ minor update
define('WP_AUTO_UPDATE_CORE', false) major/ minor update disabled
define('WP_AUTO_UPDATE_CORE', minor) minor update enabled
WP-CONFIG file also allows moving wp-content directory for this below 2 option required
define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT']. '/blog/wp-content');
define('WP_CONTENT_URL', 'http://www.domain.com/blog/wp-content');
same for plugin
define('WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'])
can also move upload directory
define('UPLOADS', 'blog/wp-content/my-files');
To set no of revision to you post WordPress has
a built‐in post revisions option called WP _ POST _ REVISIONS.
a built‐in post revisions option called WP _ POST _ REVISIONS.
define( 'WP_POST_REVISIONS', false );
define( 'WP_POST_REVISIONS', 5 );
define( 'WP_POST_REVISIONS', 5 );
global array that can be displayed on your page.
global $wpdb;
print_r( $wpdb->queries );
}
to create a php _ error.log file and upload it to your root WordPress directory. Then simply turn
on the log _ errors PHP option and point to your logging file:@ini_set( 'log_errors','On' );
@ini_set( 'display_errors','Off' );
@ini_set( 'error_log','/public_html/wordpress/php_error.log' );
“Allowed memory size of xxxxx bytes exhausted.” Increasing the memory limit fxes this problem.
The memory limit is set by defning the megabytes needed:define( 'WP_MEMORY_LIMIT', '64M' );Setting this option only works if your hosting company allows it.
The memory limit is set by defning the megabytes needed:define( 'WP_MEMORY_LIMIT', '64M' );Setting this option only works if your hosting company allows it.
This increases the memory only for WordPress and not other applications running on your server.
To increase the memory limit across all of your websites, set the php _ value memory _ limitvariable in your php.ini file.
To increase the memory limit across all of your websites, set the php _ value memory _ limitvariable in your php.ini file.
but can easily be set to display any language that has been translated. Setting the WPLANG option
triggers WordPress to load the specified language files:
define ( 'WPLANG', 'en-GB' );
define( 'FTP_PASS', 'password' );
define( 'FTP_HOST', 'ftp.example.com:21' );Just enter your FTP username, password, and host with port and you’re all set! WordPress will no
longer ask for your FTP information when using the automatic installer.
define( 'FS_CHMOD_DIR', 0755 );The numeric single digit values represent the User, Group, and World permissions set for files
and folders on your web server. To learn more about WordPress and file permissions visithttp://codex.wordpress.org/Changing_File_Permissions.
include the file wp‐content/advanced‐cache.php. To enable this option, use the following code:define( 'WP_CACHE', true );WordPress has numerous constant options that you can set. There is a PHP function to view all
constants currently set on your installation:print_r( @get_defined_constants() );An advanced option is forcing SSL on login to your WordPress site. This requires users to log in via
the HTTPS access link and encrypts all data being transferred to and from your website. To activate
SSL on login, add the FORCE _ SSL _ LOGIN option like so:define( 'FORCE_SSL_LOGIN', true );You can also force all admin pages to use SSL. This is activated with the FORCE _ SSL _ ADMINoption, like so:define( 'FORCE_SSL_ADMIN', true );
Emptying the trash bin will permanently delete any items in the trash. You can modify this interval
by setting the EMPTY _ TRASH _ DAYS option like so:
define( 'EMPTY_TRASH_DAYS', 7 );
There is also an option to disable WordPress cron. Cron is used to execute scheduled tasks in
WordPress. Some common schedule tasks include posting a scheduled post and checking for new
versions of WordPress, themes, and plugins. To disable WordPress cron, add this option to yourwp‐config.php file:define( 'DISABLE_WP_CRON', true );
WordPress. Some common schedule tasks include posting a scheduled post and checking for new
versions of WordPress, themes, and plugins. To disable WordPress cron, add this option to yourwp‐config.php file:define( 'DISABLE_WP_CRON', true );
feature of WordPress, simply add the WP _ ALLOW _ MULTISITE constant:define( 'WP_ALLOW_MULTISITE', true );
.htaccess
The .htaccess file is used primarily for creating pretty permalinks and keyword injected URLsfor your website. WordPress by default creates ugly query‐string formed URLs, usually with an ID
present, such as http://example.com/?p=45. These URLs are completely functional but aren’t very
friendly to search engines and site visitors. By enabling pretty permalinks, WordPress creates URLs
based on site content, such as post and page titles, category and tag names, and dates for archives.
Upon saving your changes, WordPress tries to create your default .htaccess file. If your root WordPress directory is writable by the server, the file is created automatically. If WordPress is unable to create the .htaccess file.
Configuration Control Through .htaccessThe .htaccess file is very powerful and can control more than just the URL structure. For instance,
you can control PHP configuration options using the .htaccess file. To increase the memory allotted to PHP use this command:php_value memory_limit 64MThis increases the memory limit in PHP to 64MB. You can also increase the max file size upload
and post size:php_value upload_max_filesize 20M
php_value post_max_size 20M
Remember that most ISPs assign client addresses dynamically so the IP address of the computer you
are using will change on occasion. If you get locked out, just update your .htaccess file with your
new IP address or delete the file altogether. This is not a good tip if you allow open registrations on
your website because you need to allow your users access to the wp‐admin directory.
You can also allow wildcard IP addresses. For example, 123.123.123.* would allow access to anyone
who matches the first three IP address octets, with the final digit being a wildcard. You can also
allow a range of IP addresses. For example, 123.123.123.110‐230 would allow anyone with an IP
address between 123.123.123.110 and 123.123.123.230.
seeing any error messages as WordPress core files are updated. To test this feature, simply create a
new .maintenance file and add the following line of code:
<?php $upgrading = time(); ?>
Add this file to your WordPress root directory and your website will instantly enter maintenance
mode. This locks down your website for all visitors and displays a generic maintenance message
“Briefly unavailable for scheduled maintenance. Check back in a minute.” The time() function can
be replaced with any UNIX‐formatted timestamp.
you can control PHP configuration options using the .htaccess file. To increase the memory allotted to PHP use this command:php_value memory_limit 64MThis increases the memory limit in PHP to 64MB. You can also increase the max file size upload
and post size:php_value upload_max_filesize 20M
php_value post_max_size 20M
Now the maximum file size you can post from a form and upload is set to 20MB. Most hosting
companies set these values to around 2MB by default so these are settings that will be used often
for larger file uploads.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to whitelist
allow from xxx.xxx.xxx.xxx
companies set these values to around 2MB by default so these are settings that will be used often
for larger file uploads.
The .htaccess file can also be used for security purposes. Using .htaccess allows you to restrict
access to your website by IP address, essentially locking it down from anonymous visitors. To lock
down your website by IP addresses, add the following code to your .htaccess file:
access to your website by IP address, essentially locking it down from anonymous visitors. To lock
down your website by IP addresses, add the following code to your .htaccess file:
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to whitelist
allow from xxx.xxx.xxx.xxx
Replace xxx.xxx.xxx.xxx with any IP address that you want to grant access to your website. You
can have multiple allow from lines so add as many IP addresses as you need. This allows access to
your website only if you are using an IP address defined here.
can have multiple allow from lines so add as many IP addresses as you need. This allows access to
your website only if you are using an IP address defined here.
are using will change on occasion. If you get locked out, just update your .htaccess file with your
new IP address or delete the file altogether. This is not a good tip if you allow open registrations on
your website because you need to allow your users access to the wp‐admin directory.
You can also allow wildcard IP addresses. For example, 123.123.123.* would allow access to anyone
who matches the first three IP address octets, with the final digit being a wildcard. You can also
allow a range of IP addresses. For example, 123.123.123.110‐230 would allow anyone with an IP
address between 123.123.123.110 and 123.123.123.230.
The .maintenance File
WordPress has a built‐in maintenance mode that can be enabled by the .maintenance file. The.maintenance file is used by WordPress during the auto‐update process. This prevents visitors fromseeing any error messages as WordPress core files are updated. To test this feature, simply create a
new .maintenance file and add the following line of code:
<?php $upgrading = time(); ?>
Add this file to your WordPress root directory and your website will instantly enter maintenance
mode. This locks down your website for all visitors and displays a generic maintenance message
“Briefly unavailable for scheduled maintenance. Check back in a minute.” The time() function can
be replaced with any UNIX‐formatted timestamp.
You can set a custom maintenance page by creating a maintenance.php file and placing it in yourwp‐content directory. WordPress uses this file to display during any forced maintenance periods
that you set. This allows you to create a custom maintenance notice to your website visitors.
This file is also used by the WordPress automatic update process. A .maintenance file is created
right before WordPress installs the new core files during an update. This ensures there are never any
error messages for your visitors during this process.
So what’s the point of this file? Actually, this is a very important file. The index.php file blocks
anyone from viewing a directory listing of your wp‐content folder. If the index.php file didn’t
exist, and your web server allowed directory listings, visiting http://example.com/wp‐content/would display all of the files and folders in that directory. This can help hackers gain access to key
files that might help exploit your website; for example, if a vulnerability were discovered in a plugin,
being able to view the list of directories in the WordPress plugin directory would quickly and easily
inform an attacker if your site was a viable target.
If you are manually updating WordPress, make sure you avoid overwriting your wp‐content directory
inside of a folder. Any files inside the /plugins directory are scanned by WordPress to determine if
the file is a properly formatted WordPress plugin. If the file is determined to be a plugin, it appears
under the Plugins ➢ Installed Plugins screen on your admin dashboard ready to be activated.
Your wp‐content directory might also include a /mu‐plugins directory. Must‐use (mu) plugins
are plugins that are automatically enabled in WordPress. Any plugins that exist in this folder
will be executed just like a standard activated plugin. The major difference is mu‐plugins
cannot exist in a subdirectory or they will be ignored. To learn more about mu‐plugins visithttp://codex.wordpress.org/Must_Use_Plugins.
Themes are stored in the wp‐content/themes directory. Each theme must exist in its own
subdirectory and must consist of the proper template files for WordPress to recognize it as a usable
theme. At a minimum, an index.php and a style.css file must exist in the theme directory, along
with proper tagging to display under the Appearance ➢ Themes screen on your admin dashboard.
WordPress stores uploaded media in the wp‐content/uploads folder. This directory does not
exist in a default installation of WordPress. The /uploads directory is created the f first time you
successfully upload a file to WordPress.
By default, WordPress stores uploads in a month‐ and year‐based folders. So your uploaded image
would be stored like so:
/wp-content/uploads/2015/06/image.png
Before you can upload any images or files in WordPress, you need to set the /wp‐content directory
to be writable. When you upload your first image, WordPress auto‐creates the /uploads directory, and any needed subdirectories. After you have successfully uploaded your first image, reset the/wp‐content permissions to not be writable, typically 755.
WordPress Multisite stores uploaded media in a different manner. Instead of one uploads directory,
Multisite creates a sites directory inside the standard uploads directory. Inside this folder are
multiple subdirectories named with a numerical ID. This ID is the blog ID the folder is attached to.
Every site in a Multisite network has a unique blog ID. Chapter 10 covers this in more detail. For
example, your second WordPress Multisite site upload directory would look like this:
/uploads/sites/2/files/
The W3 Total Cache plugin (https://wordpress.org/plugins/w3‐total‐cache/) creates a/wp‐content/cache directory to store all of the cached pages created for your website. A cached
page is simply a fully generated page on your website saved as a static HTML file. Instead of
generating the page each time a user clicks one of your links, the cache plugin serves up the
static HTML file to the visitor. This dramatically decreases WordPress load times and increases
performance.
The most popular image gallery plugin, NextGen Gallery (http://wordpress.org/extend/
plugins/nextgen‐gallery/), creates a /wp‐content/gallery directory to store all of the images
uploaded to your NextGen image galleries. Each gallery created is a subdirectory under /gallery.
This helps keep your gallery image files very organized and easy to work with.
The WP‐DB Backup plugin (http://wordpress.org/extend/plugins/wp‐db‐backup/) creates a/wp‐content/backup‐b158b folder (where b158b is a random string) to store local backups of your
database. When you select the Save to Server option, all database backup files will be stored in this
directory. It’s important to not delete your backups unless you are sure they are not needed anymore.
that you set. This allows you to create a custom maintenance notice to your website visitors.
This file is also used by the WordPress automatic update process. A .maintenance file is created
right before WordPress installs the new core files during an update. This ensures there are never any
error messages for your visitors during this process.
WP‐CONTENT USER PLAYGROUND
The wp‐content directory stores just about every file for customizing WordPress. This directory
stores your plugins, themes, uploaded media, and additional files to extend WordPress in any way
imaginable.
The wp‐content directory has a single PHP file, index.php. The contents of this file are shown
here:<?php
// Silence is golden.
stores your plugins, themes, uploaded media, and additional files to extend WordPress in any way
imaginable.
The wp‐content directory has a single PHP file, index.php. The contents of this file are shown
here:<?php
// Silence is golden.
So what’s the point of this file? Actually, this is a very important file. The index.php file blocks
anyone from viewing a directory listing of your wp‐content folder. If the index.php file didn’t
exist, and your web server allowed directory listings, visiting http://example.com/wp‐content/would display all of the files and folders in that directory. This can help hackers gain access to key
files that might help exploit your website; for example, if a vulnerability were discovered in a plugin,
being able to view the list of directories in the WordPress plugin directory would quickly and easily
inform an attacker if your site was a viable target.
If you are manually updating WordPress, make sure you avoid overwriting your wp‐content directory
Plugins
Plugins are stored in the wp‐content/plugins directory. A plugin can be a single file or multiple filesinside of a folder. Any files inside the /plugins directory are scanned by WordPress to determine if
the file is a properly formatted WordPress plugin. If the file is determined to be a plugin, it appears
under the Plugins ➢ Installed Plugins screen on your admin dashboard ready to be activated.
Your wp‐content directory might also include a /mu‐plugins directory. Must‐use (mu) plugins
are plugins that are automatically enabled in WordPress. Any plugins that exist in this folder
will be executed just like a standard activated plugin. The major difference is mu‐plugins
cannot exist in a subdirectory or they will be ignored. To learn more about mu‐plugins visithttp://codex.wordpress.org/Must_Use_Plugins.
Themes
Themes are stored in the wp‐content/themes directory. Each theme must exist in its ownsubdirectory and must consist of the proper template files for WordPress to recognize it as a usable
theme. At a minimum, an index.php and a style.css file must exist in the theme directory, along
with proper tagging to display under the Appearance ➢ Themes screen on your admin dashboard.
Uploads and Media Directory
WordPress stores uploaded media in the wp‐content/uploads folder. This directory does notexist in a default installation of WordPress. The /uploads directory is created the f first time you
successfully upload a file to WordPress.
By default, WordPress stores uploads in a month‐ and year‐based folders. So your uploaded image
would be stored like so:
/wp-content/uploads/2015/06/image.png
Before you can upload any images or files in WordPress, you need to set the /wp‐content directory
to be writable. When you upload your first image, WordPress auto‐creates the /uploads directory, and any needed subdirectories. After you have successfully uploaded your first image, reset the/wp‐content permissions to not be writable, typically 755.
WordPress Multisite stores uploaded media in a different manner. Instead of one uploads directory,
Multisite creates a sites directory inside the standard uploads directory. Inside this folder are
multiple subdirectories named with a numerical ID. This ID is the blog ID the folder is attached to.
Every site in a Multisite network has a unique blog ID. Chapter 10 covers this in more detail. For
example, your second WordPress Multisite site upload directory would look like this:
/uploads/sites/2/files/
Custom Directories
Some plugins that require a lot of custom files will store those files in a directory in yourwp‐content folders.The W3 Total Cache plugin (https://wordpress.org/plugins/w3‐total‐cache/) creates a/wp‐content/cache directory to store all of the cached pages created for your website. A cached
page is simply a fully generated page on your website saved as a static HTML file. Instead of
generating the page each time a user clicks one of your links, the cache plugin serves up the
static HTML file to the visitor. This dramatically decreases WordPress load times and increases
performance.
The most popular image gallery plugin, NextGen Gallery (http://wordpress.org/extend/
plugins/nextgen‐gallery/), creates a /wp‐content/gallery directory to store all of the images
uploaded to your NextGen image galleries. Each gallery created is a subdirectory under /gallery.
This helps keep your gallery image files very organized and easy to work with.
The WP‐DB Backup plugin (http://wordpress.org/extend/plugins/wp‐db‐backup/) creates a/wp‐content/backup‐b158b folder (where b158b is a random string) to store local backups of your
database. When you select the Save to Server option, all database backup files will be stored in this
directory. It’s important to not delete your backups unless you are sure they are not needed anymore.
Comments
Post a Comment