Correct nginx virtual host for wordpress that’s installed on non-root directory?

Correct nginx virtual host for wordpress that's installed on non-root directory? Техника
Correct nginx virtual host for wordpress that's installed on non-root directory?

In this article, we look at the benefits and limitations of installing WordPress in a subdirectory, how to install and manage subdirectory installs, and how to move WordPress core out of and into a subdirectory for an existing site.

One of the common criticisms PHP developers level at WordPress is that it installs all its core files directly in the web root directory. Modern PHP frameworks like Laravel install their required files as separate dependencies in a vendor directory, each residing in its own specific subdirectory. Not only that, but unlike WordPress, Laravel keeps almost all the PHP files out of a publicly accessible directory, which is very nice for security. This makes for a cleaner, more secure folder structure in the application’s web root.

These modern PHP application directory structures make a default WordPress install look decidedly unprofessional. While it’s not possible to move all the PHP files out of the public web root in a WordPress install, you can customize your installation to mimic this dependency-based development concept by installing WordPress in a subdirectory.

  1. The Benefits of Installing WordPress Core in a Subdirectory
  2. How to Tell if WordPress Core is Installed in a Subdirectory
  3. How to Install WordPress Core in a Subdirectory
  4. The Official WordPress Documented Methods
  5. Manually Configure a Subdirectory Install
  6. Using WP-CLI to Install WordPress in a Subdirectory
  7. Using Composer to Install WordPress in a Subdirectory
  8. Considering the WordPress File and Folder Structure
  9. Moving the WordPress Config File
  10. Moving the WordPress Content Folder
  11. Converting a Root Install to a Subdirectory Install
  12. Step 1: Prepare Your Site
  13. Step 2: Update the Database
  14. Step 3: Moving WordPress Files Into the Subdirectory
  15. Converting a Subdirectory Install to a Root Install
  16. Step 1: Prepare Your Site
  17. Step 2: Update the WordPress Database
  18. Step 3: Moving WordPress Out of the Subdirectory
  19. Wrapping Up
  20. Get Content Delivered Straight to Your Inbox
  21. What the 403 Forbidden Error Is (And What Causes It)
  22. What is .htaccess?
  23. Skip the Permission Settings Stress
  24. How to Fix the 403 Forbidden Error in WordPress (5 Methods)
  25. 1. Change Your File Permissions
  26. 2. Deactivate Your Plugins
  27. 3. Delete and Restore the  File
  28. 4. Deactivate Your CDN
  29. 5. Check Your Hotlink Protection
  30. Additional WordPress Resources
  31. Bye, WordPress 403 Error
  32. What is the Root Directory?
  33. Why do People need to Access the WordPress Root Directory Files?
  34. How To Find the Root Directory of Hi-Tech Work Website
  35. How to Upload File to Website Root Directory WordPress
  36. How To Upload the File to the Root of Primary Domain
  37. Use FTP Localhost To Upload Files To The WordPress Root Directory
  38. Use cPanel to Upload Files to the WordPress Root Directory
  39. Use Third Party Plugins to Upload & Delete to Your WordPress Directory
  40. How to Connect FileZilla to WordPress
  41. How To Get The Best Customized WordPress Directory Service Using By Hiring Fiver Sellers
  42. FAQ’s
  43. Q1: Is Public_html the root directory?
  44. Q2: How do you get to the root directory?
  45. Q3: What is a website root directory?
  46. Q4: How to Move WordPress from a Subfolder to the Root Directory?
  47. Final Verdict
  48. Understanding WordPress file and directory structure
  49. WordPress root directory
  50. WordPress core files and folders
  51. wp-admin folder
  52. wp-includes folder
  53. WordPress core files
  54. index.php
  55. WordPress configuration files 
  56. wp-config.php
  57. .htaccess
  58. wp-content folder 
  59. Themes
  60. wp-uploads
  61. Understanding WordPress database tables
  62. How to access the WordPress files, directories, and database
  63. cPanel 
  64. FTP/SFTP 
  65. SSH
  66. Plugins
  67. Why you should learn about WordPress file and directory structure
  68. How to protect WordPress files, folders, and database from malware
  69. Conclusion
  70. FAQs

The Benefits of Installing WordPress Core in a Subdirectory

The direct benefit of moving WordPress core files into a subdirectory is a cleaner and more professional-looking directory structure in your web root. Some folks think that switching to a subdirectory install improves security through obscurity. This is only really applicable if you move your wp-config.php file outside of the publicly accessible web root directory, whether you use a subdirectory install or not.

However, in the modern world of automated scanning bots, moving your WordPress core files to a subdirectory might help decrease the chances of malicious bots detecting vulnerabilities when scanning your site. For example, in a typical WordPress install, all your core files are in the public web root, which is accessible from your apex domain (e.g., So all a scanner needs to do is scan your domain name, check for a common WordPress file like, and it will know you have a WordPress install. If you move the core files to a subdirectory, it makes it harder (but not impossible) for attackers to identify that you’re running WordPress.

A cleaner directory structure and an increase in security are sound reasons to move an install into a subdirectory, but there are some things you’ll need to know to accomplish this. You won’t be able to just move the WordPress install to a subdirectory and expect everything to work.

How to Tell if WordPress Core is Installed in a Subdirectory

With a WordPress install you’ve completed yourself, you’ll likely know if it’s installed in the web root (i.e., a root install) or a subdirectory. However, you might be in a situation where you inherit a site, or use a hosting provider’s one-click installer, or it’s been a really long time since the initial setup.

To determine if your WordPress install is in the web root or a subdirectory, head to your WordPress dashboard and navigate to the Settings > General screen. There you will see the “WordPress Address (URL)” setting and “Site Address (URL)” settings:

Standard WordPress install settings.

How to Install WordPress Core in a Subdirectory

There are a few different ways you can install the WordPress core files in a subdirectory.

The Official WordPress Documented Methods

The methods to move WordPress into a subdirectory are detailed in the support documentation. These options are available to you after you’ve already installed WordPress.

The two options are:

Neither of these options really help with the increase in security we discussed earlier. The first option moves the site files to a subdirectory and uses rewrite rules in a custom .htaccess file to rewrite requests to the subdirectory. Any bots scanning your URL will still be able to determine that it’s using WordPress.

The second option is even less related to security, and more useful if you have a custom site setup. This is often used where you want to use WordPress to power a blog at a subdirectory of your URL (e.g., and you’ll use something else to power your top-level URL.

That being said, both methods move your WordPress install to a subdirectory, so your web root at least looks tidier.

What would be nice is that first option, but without any URL rewriting for better security.

Manually Configure a Subdirectory Install

If you recall the earlier description of how the files in a WordPress installation “require” each other, you might have also noticed that in the wp-blog-header.php file, the ABSPATH constant is defined. This constant points to the location where the WordPress core files are installed, no matter where that might be on the file system.

This means that with a little bit of knowledge and some tinkering, we can move all the WordPress core files into a subdirectory, and make a few small changes to let WordPress know where everything is. The process looks like this:

  1. Follow the default WordPress install process.
  2. Once WordPress is installed, create a subdirectory and move all the files from the web root to that subdirectory. To help with “hiding” the core files, you should give the subdirectory an uncommon name, but for our example, we’ll create a subdirectory called wp, and move all the files to the wp subdirectory.
  3. Then, copy (not move) the index.php file from the subdirectory back into the web root directory.
  4. In that newly copied file, update the line that requires the wp-blog-header.php file, to point to the new subdirectory, and save that file: require __DIR__ . '/wp/wp-blog-header.php';
  5. The last step is to update the siteurl value in your WordPress options table—
    using something like the SQL Buddy plugin or phpMyAdmin—to point to the new subdirectory install, for example,

You’ll note we said “copy (not move)” in step 3. This is important because WordPress needs an index.php file in the install directory (in this case the subdirectory), or it will cause PHP warnings to display on your site or fill up your debug.log file.

While this gives you a small increase in security, we’ll dive into other changes later on to further improve security.

Using WP-CLI to Install WordPress in a Subdirectory


# Installation:

## Download the script to your home directory
# Make sure it has execute permissions (`chmod +x`).
# Install the script in one of the folders in your PATH. (`mv /usr/local/bin/wp-install-core-sub-dir`)


# $ mkdir mysite
# $ cd mysite
# $ wp-install-core-sub-dir {sub-directory} {db_name} {db_user} {db_pass} {site_url} "{site_title}" {admin_user} {admin_pass} {admin_email}


SITE_TITLE=${6-'WordPress Site in a Subdirectory'}
SITE_EMAIL=${9-'[email protected]'}

# create the dir for the core files
mkdir $CORE_DIR

# download WordPress files
wp core download

# create the wp-config.php file
wp config create --dbname=$DB_NAME --dbuser=$DB_USER --dbpass=$DB_PASS

# create the database
wp db create

# install WordPress (less than 5 mins)
wp core install --url=$SITE_URL --title="$SITE_TITLE" --admin_user=$SITE_USER --admin_password=$SITE_PASS --admin_email=$SITE_EMAIL

# Copy (not move) index.php file to root
cd ../
cp "$CORE_DIR/index.php" ./index.php

# Edit index.php to point to correct path of wp-blog-header.php
perl -p -i -e "s/\/wp-blog-header/\/$CORE_DIR\/wp-blog-header/g" index.php

# Update the siteurl in the database with sub directory path
wp option update siteurl $(wp option get siteurl)/$CORE_DIR

# Uncomment the below line if you want the config in root
#cp "$CORE_DIR/wp-config.php" ./wp-config.php

echo 'Install finished!'

You can also view this script on Github.

Using Composer to Install WordPress in a Subdirectory

A popular way to manage WordPress projects is to use Git for source control, and Composer to install WordPress core, the theme, and any plugins as dependencies in the composer.json file of your project.

When you’re ready to deploy your site, you trigger an automated deployment process, which runs composer install to install all your required dependencies.

If you use the johnpbloch/wordpress package, it will install the wordpress-core package in a subdirectory called wordpress by default. You can change this by supplying a custom wordpress-install-dir directory in the extra section of your composer.json. You can then make use of the Composer post-install-cmd event to run the necessary subdirectory changes you need.

    "name": "polevaultweb/wp-composer-core-sub-dir",
    "description": "Installing WordPress in a subdirectory with Composer",
    "require": {
        "johnpbloch/wordpress": "^5.8"
    "extra": {
        "wordpress-install-dir": "wp"
    "scripts": {
        "post-install-cmd": [
            "cp wp/index.php ./index.php",
            "sed -i \"s/\\/wp-blog-header/\\/wp\\/wp-blog-header/g\" index.php"

As you can see, this replicates the subdirectory process we’ve already outlined earlier. Once the composer install has been completed, WordPress will be installed in the wp subdirectory, the index.php file will be copied to the web root, and edited to update the path to wp-blog-header.php

It is worth noting that the post-install-cmd event only fires after the install command has been executed with a lock file present. It won’t trigger the subdirectory the first time you run composer install locally, as the lock file is only generated after the first time composer install is run.

Unlike the Bash script above, this does not create the wp-config.php file or run the WordPress installation to create the database tables. You can do these manually in your browser, using WP-CLI commands in the post-install-cmd event, or using post deploy scripts if your hosting provider supports them.

Considering the WordPress File and Folder Structure

As mentioned earlier, moving the core files to a subdirectory allows for a small security improvement, but it’s still possible to determine if your site is running WordPress. This might be a good time to think about any other changes we could make to improve our directory structure and increase security.

Our recommendation is to configure your top-level or root directory structure to look something like this:


We’ve already shown you how to move the WordPress core files into a subdirectory (in this case wp) so let’s see what else we can change, and why.

Moving the WordPress Config File

The wp-config.php file contains your database credentials, and often any other important API or third-party access keys, but did you know that it’s possible to move this file to a different location from the rest of your WordPress core files?


Moving this file to somewhere other than the web root or the subdirectory install is generally considered a much safer choice. The reason for this is that in some cases, problems with the web server could cause it to stop processing PHP files correctly. Common causes for this include a lack of available memory, or a web server misconfiguration. Whatever the cause, if this happens, visitors to the site might be able to view the contents of PHP files including the database credentials in your wp-config.php file.
In fact, many would argue that it should be placed even higher up in the directory tree than the root directory.

/* That's all, stop editing! Happy publishing. */
require_once __DIR__ . '/../conf/wp-config.php';

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

WordPress will automatically look for the wp-config.php in the parent folder to where the core files are. By creating our custom wp-config.php file in the web root, we keep the wp folder that contains the core files clean of any custom files. The “true” wp-config.php file is moved to a location that’s not publicly accessible, but where WordPress can still require it, and your database (and other) credentials are safer.

Moving the WordPress Content Folder

With our WordPress core files in a subdirectory, we could consider moving the wp-content directory too. Themes, plugins, and file uploads should (in most cases) be separate from the core files. This is especially useful if you use version control software like Git to manage your project source code.

WordPress allows us to accomplish this, by setting some WordPress-specific constants, in the wp-config.php file in our wp subdirectory.

define( 'WP_CONTENT_DIR', dirname( dirname(__FILE__) ) . '/content' );
define( 'WP_CONTENT_URL', 'https://' . $_SERVER['HTTP_HOST'] . '/content' );

This configuration tells WordPress to expect to find the content directory in a directory called content in the web root. It’s inspired by Mark Jaquith’s WordPress skeleton, with minor tweaks to match our directory structure. As Mark points out in the GitHub readme, it’s cleaner and the content directory is no longer in the scope of the wp directory.

If you make this change on an already existing site, you will need to move the contents of your wp-content directory (plugins, themes, uploads, etc.) to the new content directory. You will also need to run a Find & Replace on all your data. The goal is to update URLs for your media and asset files to point them to the new content URL, as well as ensuring any saved file paths are now pointing to the new content path.

If any external sites are linking to any of your media or assets, you’ll want to set up a path redirect, so that those links don’t throw 404 errors. This can be achieved by setting a path redirect using regex with a matching string of ^/wp-content/(.*) and setting the redirecting string to /content/$1. We recommend setting up this redirect at the web server level for best performance. If using SpinupWP, this can be done via the Path Redirects screen:

Setting up a path redirect on SpinupWP.

If you’re unable to set up a redirect at the web server level, the Redirection plugin is the next best thing.

Converting a Root Install to a Subdirectory Install

Installing the WordPress core files when starting a new site is straightforward enough, but converting an existing root install to a subdirectory install requires some care. It’s not simply a case of creating a subdirectory in your web root and moving all the WordPress files there. You also need to take into account any URLs or paths stored in the database that points to your root install directory. We cover the details of this in our WordPress Core Installed in a Subdirectory help doc, but let’s look at a simple example.

I’ve set up a local site, https://hellfishmedia.test, as a WordPress root install.

Root directory install.

I’ve also created a very basic page to serve as the site home page, which includes an image in the page content, and a link to a Contact page.

Hellfish Media Home Page.

Step 1: Prepare Your Site

Maintenance message.

Step 2: Update the Database

For our example, we’ll be moving WordPress into a new /wp subdirectory, so you need to update the database to reflect that change – but only for URLs that need it.

You only need to worry about references to image files and assets contained in theme or plugin folders. All of those are located under /wp-content by default, or a custom content path, if you’ve configured one. As such, you can use the content path to target URLs and file paths you need to change. If you’ve configured a different location for your content as we described earlier, you might need to tweak this to match.

Дополнительно:  Сильно тормозит ноутбук с Windows 10: что делать

This is possible using any decent find and replace tool, including the WP-CLI search-replace command, Better Search Replace, or WP Migrate DB. For our purposes we’ll be using WP Migrate DB Pro‘s Find & Replace tool.

In our example site, we’ll want to find //hellfishmedia.test/wp-content and replace it with //hellfishmedia.test/wp/wp-content, and find /home/iain/development/websites/hellfishmedia/wp-content and replace it with /home/iain/development/websites/hellfishmedia/wp/wp-content to update URLs and file paths respectively. For the sake of the test, we’re also replacing the site title. Here’s what this will look like in WP Migrate DB Pro:

Custom find & replace with the specified changes.

What’s great about the WP Migrate DB Pro Find & Replace tool is that you can preview the changes before you run them.

Custom find & replace preview.

You can also inspect what updates the plugin will make on a per-table basis.

Once you run the find and replace, and take a look at any page content, you’ll see that while links to the Contact page don’t include the subdirectory, the embedded image does:

Showing the updated content URLs in the code editor.

Updating WordPress address.

Step 3: Moving WordPress Files Into the Subdirectory

  1. Create the wp subdirectory in the web root.
  2. Move everything from the web root into the wp directory.
  3. Copy (not move) the index.php file and the .htaccess file from /wp back into the web root directory.

You can do this via your local file manager, or via an FTP client if it’s a remote server.

Alternatively, if you prefer the terminal, the commands would look like this:

cd ~/development/websites/hellfishmedia
mkdir wp
mv * .* wp/
cp wp/index.php .
cp wp/.htaccess .

This will cause the maintenance page to display an error.

Warning: require(/home/iain/development/websites/hellfishmedia/wp-blog-header.php): Failed to open stream: No such file or directory in /home/iain/development/websites/hellfishmedia/index.php on line 17

Fatal error: Uncaught Error: Failed opening required '/home/iain/development/websites/hellfishmedia/wp-blog-header.php' (include_path='.:/usr/share/php') in /home/iain/development/websites/hellfishmedia/index.php:17 Stack trace: #0 {main} thrown in /home/iain/development/websites/hellfishmedia/index.php on line 17

The last step is to update the require expression in the index.php file in the web root with the path to the new subdirectory, as we showed you right at the beginning of this guide. Edit the file in your code editor, and update the line to look like this:

require __DIR__ . '/wp/wp-blog-header.php';

Alternatively, if you prefer to run a terminal command, you can use the same perl command that our WP-CLI script used earlier:

perl -p -i -e "s/\/wp-blog-header/\/wp\/wp-blog-header/g" index.php

Your root install should now be fully converted to a subdirectory install. You should take this opportunity to check all your content, make sure everything appears to be working, and that images display as you’d expect.

It’s also a good idea to log into your dashboard and navigate to Settings > Permalinks to save and flush your permalinks.

One last thing to note is that the example site we set up here doesn’t have a lot of plugins or a custom theme. These aspects could add additional complexities when converting between root and subdirectory installs. For this reason, we recommend making sure you’ve thoroughly tested the site after converting it from one install type to another.

Converting a Subdirectory Install to a Root Install

If you’ve completely converted to running all your WordPress sites as subdirectory installs, you might come across a situation where you need to work with a live client site that is a root install. If you use a tool like WP Migrate DB Pro, it’s not possible to migrate from a subdirectory install to a root install. This means you might need to first convert a local dev or staging site to a root install before migrating it to the live site. Converting a subdirectory install to a root install is almost always easier than the reverse because the URLs and paths are already using the subdirectory path you’re converting from. To do this, you’ll need to update both the database and the file structure, ideally with a minimal amount of downtime.

I’ve set up a local site, https://hellfishmedia.test, with WordPress installed in a subdirectory named wp.

WordPress subdirectory install.

I’ve also created a very basic page to serve as the site home page, which includes an image in the page content, and a link to a Contact page.

Hellfish Media Home Page.

Step 1: Prepare Your Site

// The URL where the WordPress application files are accessible
define( 'WP_SITEURL', 'https://hellfishmedia.test/wp' );
// URL where the front end is accessible
define( 'WP_HOME', 'https://hellfishmedia.test' );

Maintenance message.

The next step is to update the database.

Step 2: Update the WordPress Database

Now you can update the database to remove any references to the subdirectory. This is possible using any decent find and replace tool, including the WP-CLI search-replace command, Better Search Replace, or WP Migrate DB. For our purposes, we’ll be using the WP Migrate DB Pro Find & Replace tool.

To start, we search for the source site URL, including the subdirectory (//hellfishmedia.test/wp) and replace it with the URL excluding the subdirectory (//hellfishmedia.test). We also want to update any physical paths from /home/iain/development/websites/hellfishmedia/wp to /home/iain/development/websites/hellfishmedia. We’re also updating the site title for demonstration purposes:

Custom find & replace with the specified changes.

As we mentioned earlier, WP Migrate DB Pro’s Find & Replace tool lets you preview changes before you run them.

Find & replace preview.

Find & replace differences.

You might not notice any changes after you run the find and replace. The front end will still show the maintenance page, while the back end will still work because of the hardcoded constants.

Editing the home page.

To fix this, there’s one last step we have to do.

Step 3: Moving WordPress Out of the Subdirectory

Your last step is to manually move all the files in the subdirectory into the public web root directory of your site.

You drag and drop the files in your local file manager or use an FTP client if you’re working on a remote server. However, be sure to select the option to overwrite the index.php file:

Moving the files in the file manager.

Once you’ve copied over the files, you can delete the wp subdirectory.

You can also do this on the command line, but if your site is on a remote server you need to SSH into the server first. In this case, I’m working with my local hellfishmedia directory that we ran the find and replace on earlier.

cd ~/development/websites/hellfishmedia
rm index.php
cp -R wp/. .
rm -rf wp

The last piece is to remove the WP_SITEURL and WP_HOME constants from your wp-config.php and then test your site.

It’s also a good idea to log into your WordPress dashboard and navigate to Settings > Permalinks. Here, click the Save Changes button to make sure you flush the permalinks and that your URLs still work.

Wrapping Up

Hopefully, we’ve given you enough information to consider switching your root installs to subdirectory installs, as well as the tools to do so. If you’re looking for a modern, Composer-based option, you could consider using a similar structure as our SpinupWP spinupwp-composer-site package, which takes the idea of installing WordPress as a dependency to a whole new level.

Do you run your WordPress installs in a subdirectory? What workflows do you use to manage your WordPress directory structure? Do you think WP Migrate DB Pro should do more to make the migration process between the root and subdirectory more straightforward? Let us know your thoughts in the comments section below!

Being barred from your own site can be very frustrating, especially when you have no idea what is causing the problem. The 403 Forbidden error typically occurs when you’re trying to log in to WordPress or visit a specific page on your site.

Fortunately, there are a few simple fixes for this common WordPress error. Depending on your hosting plan, you may even be able to resolve the issue with help from your web host.

In this post, we’ll take a closer look at the 403 Forbidden error and its main causes. We’ll then show you five ways to fix it. Let’s get started!

Get Content Delivered Straight to Your Inbox

Subscribe to our blog and receive great content just like this delivered straight to your inbox.

What the 403 Forbidden Error Is (And What Causes It)

The 403 Forbidden error is one of several HTTP status codes used by servers to communicate with your browser. When the 403 status code shows up on your screen, it means that your server thinks you do not have the required permission to access that particular page.

  • “403 Forbidden – Access to this resource on the server is denied.”
  • “Forbidden – You don’t have permission to access [directory name] on this server.”
  • “You are not authorized to view this page.”
  • “It appears you don’t have permission to access this page.”
  • “403. That’s an error. Your client does not have permission to get URL [address] from this server.”

There are several possible causes of this 403 Forbidden error. The most likely one is an incorrect file permission on your server. However, this error can also be triggered by a faulty plugin or a corrupt file:

What is .htaccess?

“.htaccess” is a configuration file used by the Apache web server software. The .htaccess file contains directives (instructions) that tell Apache how to behave for a particular website or directory.

In most cases, you should be able to resolve the issue on your own. However, you might also need to get in touch with your hosting provider to access or change some settings on your site.

Skip the Permission Settings Stress

Avoid WordPress troubleshooting when you sign up for DreamPress. Our friendly experts are available 24/7 to help solve website problems — big or small.

Correct nginx virtual host for wordpress that's installed on non-root directory?

How to Fix the 403 Forbidden Error in WordPress (5 Methods)

Now, let’s go through a few ways you can fix the 403 Forbidden error in WordPress. First, we recommend that you make a backup of your site just in case something goes wrong and you need to restore it to an earlier version.

1. Change Your File Permissions

Every WordPress file on your site’s server has its own permissions. These settings control who can access and modify its contents. If these files have incorrect permissions, your server will stop you from accessing them.

If you want to check your file permissions, you can simply contact your hosting provider, and a technical expert should be able to take care of it. You can also do this yourself by connecting to your site with a Secure File Transfer Protocol (SFTP) client such as .

Alternatively, you can also access your site through the file manager in your hosting account. If you have a DreamHost account, you can navigate to  >  in the sidebar. Then, find your domain and select .

Accessing your domain in your DreamHost account.

On the next page, click on the  button in the  section.

Accessing your file manager via your DreamHost account.

You’re now in the file manager. Next, open the folder labeled with your domain name to access your site’s directory.

Inside your root directory, select the folder that contains all of your WordPress files. If you’re using FileZilla, this is the  folder. Then, right-click on it and choose .

Changing the file permissions using FileZilla

In the popup window, locate the  field and enter “755” or “750” in the value box. Then select the Recurse into subdirectories and Apply to directories only options, and click on

Changing the file permissions for the directories.

So far, you’ve applied the correct file permissions for your directories. You’ll now do the same thing for your files.

To start, right-click on your folder and select . This time, you’ll need to type “644” in the  field. Then choose Recurse into subdirectories, select Apply to files only, and click on

Changing the file permissions in FileZilla.

In your root directory, find the  file, right-click on it, and select . Next, set the numeric value to “440”, and click on

Changing the permissions for the wp-config.php file in FileZilla.

Now, every one of your WordPress files and folders should have the correct permissions. Once you’ve completed the above steps, go back to your site and try to reproduce the 403 Forbidden error. If your site is working fine, you don’t need to do anything else.

However, don’t worry if you’re still facing the same problem. There are still a few more fixes to try, and some of them are very simple.

2. Deactivate Your Plugins

As we mentioned earlier, the 403 Forbidden error can also be caused by a faulty plugin. To find out if this is the case, you’ll need to deactivate your plugins and then reactivate them one by one.

To start, connect to your site via FileZilla or the file manager in your hosting account. Then, in your site’s root directory, open the  folder and locate the  folder. Then right-click on the  folder and select .

How to rename the plugins folder in your site’s root directory.

Next, give the folder a new name, for example, “plugins_test. This will automatically deactivate all of your plugins.

If you can access your site after renaming the folder, then the 403 Forbidden error was caused by a glitchy plugin. Your next step is to find out which one it is.

First, return to your site’s root directory and rename the  folder back to “plugins”. Then navigate to the  page in your WordPress dashboard and activate the plugins one at a time. Keep doing this until you are able to reproduce the error. Once you’ve identified the faulty plugin, you can either remove it or contact its developer for support.

3. Delete and Restore the  File

A corrupt .htaccess file can also trigger the 403 Forbidden error. This file is located in your site’s root directory and enables WordPress to interact with your server.

Inside your site’s root directory, locate the  file, right-click on it, and choose .

Locating and deleting the .htaccess file in your site’s root directory.

To do this, navigate to  in your WordPress dashboard and select . Then click on the  button at the bottom of the page, and a new  file will be generated. You can look for the file in your site’s directory to ensure that it has been restored.

4. Deactivate Your CDN

If you’re still getting the 403 Forbidden error after completing the above steps, you may have a problem with your Content Delivery Network (CDN). This is a network of servers located in different parts of the world, with each server hosting a copy of your website. Many hosting plans come with a CDN to help boost your site’s performance.

To see if your CDN is the cause of the error, you’ll need to temporarily disable it. You can do this by logging into your hosting account and locating your CDN settings. If you’re unable to access your CDN, we recommend getting in touch with your hosting provider.

Finally, you might want to check your site’s . Hotlinking is when someone embeds media files on their site by linking them directly from another site. Some individuals may do this to use another site owner’s bandwidth (rather than their own), which is effectively theft.

Some hosts and CDN providers offer hotlink protection. However, if this is not set up properly, it can trigger a 403 Forbidden error on your site. Therefore, you may want to contact your web host about this issue. While you may want to look into this yourself, it’s best to get help from a technical expert to ensure that your hotlink protection is configured correctly.

Additional WordPress Resources

If you’re new to WordPress, you’re bound to run into some technical issues while setting up your site. To help you fix some of the most common WordPress errors, we’ve put together several how-to guides:

Bye, WordPress 403 Error

The 403 Forbidden error appears when your server denies you permission to access a page on your site. This is mainly caused by a faulty security plugin, a corrupt  file, or incorrect file permissions on your server.

In this post, we looked at five main ways you can fix the 403 Forbidden error using an SFTP client like  or the file manager in your hosting account:

  1. Change your file permissions.
  2. Deactivate your plugins.
  3. Delete and restore the  file.
  4. Deactivate your CDN.
  5. Check your hotlink protection.

If you want to receive expert help when encountering WordPress errors, you may want to consider a managed WordPress hosting plan. Our DreamPress plans come with 24/7 technical support for WordPress site owners, so you can spend less time troubleshooting and focus your efforts on growing your business.

Don’t worry if you don’t know how to find the root directory of the WordPress website. We will guide you throughout the finding and uploading file process.

Дополнительно:  Не работает Print Screen в Windows 10 – что делать?

While working on your websites, you may encounter the need to access what is referred to as the Root Directory, root folder, document root, or some other alternative.

Upload file to the root directory of your website” or “Upload file to the public_htmlfolder.

Well, both these terms have the same meaning and refer to doing the same thing.

Editor’s Note: This finding WordPress root directory article was updated on September 12, 2022, to update formatting, SEO alt text images, outbound & inbound links, and mention updated & relevant information.

What is the Root Directory?

Root Directory means the folder which contains all the files of software (like a window, C-drive is the root drive of the window).

Public_html, if you working on a server (hosting) then the root directory refers to a public_html folder (we can say, it’s a C-drive of the Cpanel, where all installed files of the WordPress are stored).

It does not matter which taxonomy “Upload file to the root directory of your website” or “Upload file to the public_html folder” you are using to upload a file.

In a computer file system that is organized as a pyramid or tree, the root directory is the directory that includes all other directories. (Unlike a real tree, a hierarchy file system has only one root!) In UNIX-based as well as in other Operating Systems, the root directory has no name. It is simply characterized by the special character that separates directories in a file system.

If you need to upload files to the server, then you have to find the WordPress directory first and that’s what we are exactly going to do in this article.

Why do People need to Access the WordPress Root Directory Files?

Moving the WordPress directory files is a challenging task for beginners, and you might find hustle at first. Not making changes to your files without prior coding information is recommended. Otherwise, you’ll have no other option to get back up.

If your site looks go out of order and at the same time, WordPress developer didn’t find. The instant solution is to implement a quick fix by modifying a simple code of core WordPress files. Therefore, you must know where to find these files to solve the problem within a few minutes.

The coddler time can sneak up on you without warning – so when you run into an issue, the site asks to enable the debug mode. In this case, you can let the respective themes & plugins support team know what type of error you are getting.

Most of the time, people know how to modify a wp-config.php file. In this case, you can do it by yourself in no time. This trick saves time and get a quick solution.

The primary purpose of this article is to explore the way to:

  1. How to find the root directory of a WordPress website.
  2. How To upload the file to the public_html folder.

So, let’s start.

Correct nginx virtual host for wordpress that's installed on non-root directory?
WordPress root directory

How To Find the Root Directory of Hi-Tech Work Website

  • Login to your Cpanel and open your File_Manager.
find root directory of wordpress website in cpanel
find the root directory

Note: is my primary domain, so the root directory of is “public_html” by default.

As I told you, all the new domains or subdomains, you will add in the Cpanel, will be added, under the public_html folder.

  • Have a look at the below screenshot.
find root directory of addon domain

Find the root directory of the addon domain

Note: You can also install WordPress into the Subdirectory WordPressduring installation.

If you are not sure about the root directory of the addon domain then you can also check it by:

  • Login to your Cpanel dashboard and click on “Addon.
addon domain option in cpanel
addon domain option

Note: Addon domain is an additional domain that you host on the same server.

  •  Here you can see all addon domains and their root directory except your Primary domain.
addon domain root directory find in cpanel

Addon domain root directory finds in Cpanel

Addon domain root directory you can also edit the path or redirect website A to website B if you want.


In this way, you can find the WordPress directory of the website.

So, let’s move to our next step.

Correct nginx virtual host for wordpress that's installed on non-root directory?

How to Upload File to Website Root Directory WordPress

There are a lot of methods to upload the file to the root directory, for example by using the FTP account, From Cpanel, or From inside WordPress.

  1. When users have to Upload an XML sitemap file to WordPress
  2. Users have to Upload the Robots.txt File to WordPress
  3. When users have to verify a website with an HTML file Upload method
  4. Or have to verify third-party services like Zoho Mail, mailer lite, MailChimp, etc.

How To Upload the File to the Root of Primary Domain

  • Select the root directory and click on upload.
upload file to root folder
upload file to the root folder

When you click on upload a new window will open with the upload option.

  • Select the file that you want to upload and hit the submit button.
select upload file to upload in cpanel
select upload file

It’s done. your file is in the root folder. If you are using WordPress then you can use a plugin called File Manager. But sometimes these plugin files do not work because your web hosting server is not allowed to upload plugin files due to security reasons. Here’s how to make it work.

  • Install and activate the File Manager Plugin on WordPress.
  • Click on File Manager, Select the root directory and upload the file.
upload file using plugin

upload file using the plugin

If you don’t have access to Cpanel and this method does not work then you can use the FTP Account Method. To get the login detail of the FTP account, contact your hosting provider. We also discussed a method to upload files to the WordPress directory using FTP.

Use FTP Localhost To Upload Files To The WordPress Root Directory

There are others methods of how to upload files to WordPress. In this section, I will guide you to upload files using FTP localhost. Using the FTP protocol you can easily manage, upload, download, and delete or edit any file in your WordPress directory. We are using this Protocol because FTP enables files to download or upload between computers.

Use cPanel to Upload Files to the WordPress Root Directory

cPanel is the most common way to access your WordPress directory files. Normally, it is accessed from the Control Panel of the Web Hosting Provider. Through it, you manage your WordPress site easily.

  • Firstly, you need to log into your cPanel account.
  • You can do it by typing in the following URL in the address bar:
  • Yes, of course, you should use your actual domain in place of ‘’
  • Once you have done this, you will see a login prompt. All you need to do is enter your username and password.
  • After successfully logging in, click on ‘File Manager.
  • From here, you’ll be able to access all the WordPress files associated with your website, whether they were installed or used.

There are files in the public_html folder associated with every WordPress root directory. In addition, you will gain access to the WordPress core files, such as wp config.php, and the core features of your installed Themes and Plugins. Typically from this location, people increase their PHP Memory Limit and make significant changes to the WordPress site.

It’s important to understand that themes and plugins of WordPress files are stored in the ‘wp-content’ folder located under the ‘public_html’ folder. Those of you who are coding geeks can simply customize the functionality by modifying the code.

Use Third Party Plugins to Upload & Delete to Your WordPress Directory

Installation of third-party plugins is necessary if any method doesn’t work. For this, you must download and activate the plugins according to your work requirement. After installation, you’ll be able to upload, delete and make any changes to the WordPress directory files. To get help and understand the detail of work, you can play with different plugins such as file manager and advanced file manager.

Correct nginx virtual host for wordpress that's installed on non-root directory?
How to Connect FileZilla to WordPress

How to Connect FileZilla to WordPress

Connecting your FileZilla to WordPress can be easily done in a FEW STEPS and You’d be done to get on the next step. This was the easiest way found on the internet. Rather than reading all those long-ass articles. Here’s Your Solution!

How To Get The Best Customized WordPress Directory Service Using By Hiring Fiver Sellers

  • Visit the official fiver website
  • Type customized WordPress and click on the search icon.
  • The seller’s profile will appear on the screen from where you pick the top 5 level seller or may choose according to your requirements.
  • Select a package and send a request to hire them.
  • Once the seller replies, communicate with him/her and tell them what customization you want to get the WordPress directory.
  • Check out the completed file that the seller has given you. If it requires any editing, edit it to make your work the best.


Q1: Is Public_html the root directory?

Ans: Yes, the public_html folder is the webroot for your primary domain name. This webroot means that public_html is where you put all website files that should appear when a visitor enters your primary domain name (the one you specified when you signed up for hosting).

Q2: How do you get to the root directory?

  • Type “cd/” at the DOS prompt
  • Then tap enter to switch DOS to the root directory of the current drive.
  • Now, enter the drive letter followed by a colon and press “Enter” to switch to the root directory of another drive if desired.”

Q3: What is a website root directory?

Ans: The root directory is also known as the document, web, and site root directory. It is the publicly accessible base folder of a website. This folder contains the index file (index.php, Html, and more), often named www or wwwroot.

Q4: How to Move WordPress from a Subfolder to the Root Directory?

  • Before making any site changes, make sure you have a backup file. Therefore, make a backup of your account.
  • Prepare yourself to install WordPress for moving into the root directory.
  • Login t your WordPress dashboard and change the site address.
  • Now move your WordPress from a subfolder to your main folder and remove the site file from the builder.
  • Log in to your site’s new WordPress admin dashboard and finish the URL details. Before moving ahead, check the link structure that must be the same as your new URL.

If you don’t know how to move the wp root directory from a subfolder, I recommend hiring a seller from a freelancing platform such as Upwork and fiver to get the work done on time.

Final Verdict

The article will guide you through all the information about finding the WordPress directory of a website and how to upload and edit files to the WordPress directory of a website. In conclusion, the root directory means containing all the software files like a window, and the C-drive which is the root drive of the window. And many methods are available to upload the file to the WordPress directory by using the FTP account and more. I hope this article will be helpful for you to find and upload root directories.

Let’s say my main domain is I install SSL on the domain and I can successfully access domain. My preferred version is using www, so all requests will be redirected to .

This is I’ve done so far and it works well when accessing root domain.

    # redirect HTTP to HTTPS
    server {
      listen 80;
      rewrite ^ https://$server_name$request_uri? permanent;

    # SSL conf
    server {
      root /var/www/;
      index index.html index.htm index.php;

      access_log /var/log/nginx/;
      error_log /var/log/nginx/;

      listen 443 ssl spdy;

      ssl_certificate /etc/ssl/;
      ssl_certificate_key /etc/ssl/;

      # Redirect non-www to www
      if ($host = '' ) {
         rewrite ^/(.*)$$1 permanent;

      location / {
        try_files $uri $uri/ /index.php?$args;

      location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

      location ~ /\.ht {
         deny all;

Please suggest me the correct virtual host.

Note: I know it’s easy to install wordpress on root directory and change homepage from wordpress settings into . I don’t want do that because I have flash on my root domain. I will keep my wordpress on that directory.

asked Mar 8, 2015 at 1:32

user3195859's user avatar

First, you are making the non-www to www redirect in a too complicated way. You should do it like this:

server {
    listen 443 ssl spdy;

    ssl_certificate /etc/ssl/;
    ssl_certificate_key /etc/ssl/;

    return 301$request_uri;

And then the actual issue you are having, this configuration should fix it:

server {
    root /var/www/;
    index index.html index.htm index.php;

    access_log /var/log/nginx/;
    error_log /var/log/nginx/;

    listen 443 ssl spdy;

    ssl_certificate /etc/ssl/;
    ssl_certificate_key /etc/ssl/;

    location /blog {
        try_files $uri $uri/ /blog/index.php?$args;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

    location ~ /\.ht {
        deny all;

So, here we change the redirect to work on the /blog URI. Furthermore, you need to change WordPress root URL setting to, otherwise WordPress is unable to correctly identify the locations inside WP installation.

answered Mar 8, 2015 at 21:47

Tero Kilkanen's user avatar

Tero Kilkanen

3 gold badges40 silver badges62 bronze badges

I have a website that address is and also a WordPress that is I would change the WordPress root directory in the nginx.

here is my config:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /var/www/html;
    index index.php index.html index.htm;

    server_name localhost;

    location / {
        try_files $uri $uri/ /index.php?q=$uri$args;

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;

    location /blog/ {
        root /var/www/blog;

I getting the below error when I open

404 Not Found

asked May 31, 2019 at 14:12

Mostafa Soufi's user avatar

try this and it will fix your problem

location /blog {
        root /var/www;
        index index.php index.html;
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/run/php/php7.2-fpm.sock;
                fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name;
                proxy_intercept_errors on;
                fastcgi_index index.php;
                fastcgi_intercept_errors on;
                include fastcgi_params;


answered Jun 3, 2019 at 18:13

Arash Shams's user avatar

sudo mv /var/www/blog /var/www/html/blog

Keep your directory structure simple. Don’t move things outside the defined document root unless you have an actual good technical reason to do so, because it makes configuring the web server a nightmare.

answered May 31, 2019 at 14:40

Michael Hampton's user avatar

Michael Hampton

43 gold badges503 silver badges966 bronze badges

answered Jun 2, 2019 at 20:42

Tero Kilkanen's user avatar

Tero Kilkanen

3 gold badges40 silver badges62 bronze badges

However, it can be useful to know the nuts and bolts of your site. This is especially true when you are experiencing an unexpected issue, and all the help talks about modifying a particular WordPress file or resetting a value in the database. 

Perhaps you’re not experiencing an issue but are reading up about backups or security. Terms like core files and database, or wp-config.php and wp-uploads, are mentioned frequently in context. 

It is immensely helpful to understand these terms to gain a nuanced understanding of the topic and thus make the best decisions possible for your site.

If you have ever had questions like: 

  • What are core files? 
  • Where are plugins and themes stored? 
  • What does the database contain? 
  • Why is the wp-uploads folder a security concern? 
  • What are WordPress file and folder structures?

You’re in the right place. In this article, we will take you behind the scenes of your site, so that you can confidently say you understand WordPress file and folder structure.

Often, we want to make changes to our website, and how-to articles instruct us to go poking around in our site code. If this wasn’t bad enough, using an FTP client or File Manager to have a look at your site files and folders can all seem quite bewildering. 

Each site folder and file seems important, and it often is! The dire warnings that say the smallest error could result in a site crash aren’t far off the mark. 

That being said, knowledge is power. Understanding WordPress file and directory structure will go a long way in instilling confidence in your ability to make changes to your website, or indeed troubleshoot small problems. In all cases, we strongly recommend you always backup your site before tinkering with it. 

Understanding WordPress file and directory structure

WordPress file and folder structure is the engine of your site. The files contain code that powers your site. Since most of it is invisible—as it should be—it can be a little confusing to understand and is akin to looking under the hood of a car. 

Дополнительно:  Сменить пароль пользователя linux из под root

WordPress root directory

To use WordPress, you must first install it on your server. Most web hosts will do this for you automatically when you first create a web host account. Alternatively, you can download WordPress, and upload it to the server yourself. 

An installation means that a fresh installation of all the basic WordPress files are put onto your server. This is the foundation of your site.

Public_html folder in WordPress file structure

WordPress core files and folders

wp-admin folder

WP-admin folder
  • css
  • images 
  • includes 
  • maint 
  • network 
  • user

There are lots of files too, the important ones being: 

  • admin.php – core file that manages the wp-admin dashboard
  • index.php – loads pages in response to visitor requests
  • install.php – installs WordPress
  • plugins.php – controls all the plugins, active or inactive
  • themes.php – controls all the installed themes
  • users.php – manages users and their permissions

wp-includes folder

wp-includes contains all the core software for your WordPress site. You’ll see this referred to in a variety of ways: packages, code libraries, and WordPress source code. The nomenclature isn’t important here, but the code is critical. 

WP-includes folder

Therefore, it is inadvisable to modify anything in the wp-includes directory ever, because it can and will break your site. Plus, there is no good reason to do so. Rarely will you come across a tutorial that advises you to alter any of the code contained in the wp-includes folder. 

The one possible exception to this rule is the functions.php file. The functions.php file contains all the code for all the functions on your site. It is a special case because it works in tandem with the functions.php file that exists in your active theme as well. Typically, things like Google Analytics code and other tracker code are added to the theme’s functions.php file, but are liable to get lost if the theme is changed. That’s why you may come across advice to add the tracking code to the core functions.php file instead. However, we recommend against changing anything in the core files. You can always copy code from an old theme to a new theme easily, without endangering your entire site.

We strongly recommend against making changes to WordPress core files and folders, because they control your site. Even small errors can lead to your site crashing completely. If at all you absolutely must make changes, please make sure to take a full site backup just before. In any event, every time WordPress is updated, these files are overwritten, and any changes you do make will be lost.  

WordPress core files

In the root folder, you will also see several files. While all of them are important, some of them are worth noting. 


An index.php file is responsible for showing your site in response to a visitor request. It initialises and loads the right core files when a page is requested. This concept is better understood by seeing what happens when there isn’t an index file. 

The index file is a directory-level file and will be visible in most folders and sub-folders. For instance, it also exists in the wp-content folder. If that file was missing, the contents of the folder would be visible. As it stands, a blank white screen is shown instead. 

Apart from the one in the root folder, the index.php file is often a blank file with a single-line comment: “Silence is golden.”

WordPress configuration files 

There is a special subset of core files known as configuration files. Configuration files are the only core files that you can reasonably expect to edit. That is not to say that they aren’t equally important as the other core files, however, there is certain site functionality that you can only toggle from within a configuration file. 


The wp-config file is used to store database connection info, security keys and salts, and the database prefix. It is often targeted by hackers for this reason, as the database credentials are stored in cleartext, as are the security keys and salts. 

wp-config.php file

The wp-config file also contains the built-in WordPress debugging feature. By default, the debugging feature is disabled. Once enabled from the wp-config file, it will show all errors, warnings, and notices. This is different from typical behaviour which may only show critical errors or fatal errors. 

In a lot of security articles, you will see advice to move the wp-config file to another location, out of the root. But this is of limited value, because every WordPress site has a wp-config file somewhere in the installation, and a determined hacker with requisite access will find it eventually. A better way to secure your WordPress site is to install a security plugin; preferably one with a good firewall.


.htaccess file

Both the .htaccess and the wp-config files are generated on WordPress installation, and thus would not be visible in a downloaded installation package. Even once installed, the .htaccess file is hidden. To be able to see it, enable the option to view hidden files on your FTP client.

The .htaccess file is a configuration file specifically for Apache web servers. Some web hosts use nginx instead of Apache servers, so there will be no .htaccess file for your site altogether. 

wp-content folder 

Plugin and theme files and folders are, as the names suggest, installed with plugins and themes. For instance, if you install a contact form plugin, the code for that plugin will be in these files. Similarly, with the theme; the code for displaying images and fonts are in these files. 

All plugins and themes are generally found in the wp-content folder, unless in special circumstances. For example, a firewall plugin would be located at the root level, so it loads before the rest of the site. This concept is known as load order, which is often seen in relation to WordPress security. 

wp-content folder

Each plugin or theme will mostly have its own folder with the files it needs to function correctly. In fact, plugin and theme installation files can be uploaded via FTP directly to the wp-content folder and then unzipped there. 


Plugins have enormous variety, so rarely conform to a template. Themes, on the other hand, usually affect the same elements of a site, so they can look quite similar at a code level. 

For instance, every theme has a functions.php file. We briefly referred to this while speaking about the functions.php file in the wp-includes folder. The theme functions.php file contains all the code needed to execute the theme. It also often has the extra code needed to run analytics and trackers on your site. When changing over to a new theme, you need to backup the functions.php file to make sure that you don’t lose any of that customisation. 

theme folder

Interestingly, although a WordPress site will work without a single plugin—albeit be very boring—it cannot function without a theme. The active theme is indicated in a required field in the database and has to be available for the site to load at all.


The wp-uploads folder is where the files that visitors upload to the site are stored. It correlates directly to everything visible in the site’s media library. The files are stored in yearly and then monthly folders for retrieval. 

The wp-uploads folder is universally accessible by default, so it often poses a security risk. This is why the folder shouldn’t have any executable files ever. 

It is important to remember that we are talking about the boilerplate installation of WordPress. Since customisation of plugins, themes, and of WordPress itself can vary significantly from site to site, this is by no means an exhaustive list. The WordPress codex has a full list of WordPress files that come with the basic installation. 

You may or may not see some of the files in the folders as described above, depending on how the installation is configured. Alternatively, you may not see the .htaccess file in your FTP client, because it is a hidden file. You will need to enable that setting to see it.

Understanding WordPress database tables

Note: this is often the reason why advice on how to backup your WordPress site often suggests you backup only the database, assuming you can download everything else. This is not good practice, as you should always backup your entire site. 

Each site has a single associated database, and each database consists of multiple tables. The core WordPress tables are: 

  • wp_options
  • wp_users 
  • wp_usermeta 
  • wp_posts 
  • wp_postmeta 
  • wp_terms 
  • wp_term_relationships 
  • wp_term_taxonomy 
  • wp_comments 
  • wp_commentmeta 
  • wp_links

These tables are installed with WordPress. Over the course of time, as the site grows and plugins are added, the database grows with more tables and therefore more data. 

We have a full article with more information on how the WordPress database functions.

How to access the WordPress files, directories, and database

Your WordPress site is stored on a web host server, which is essentially a remote computer. To access the WordPress file structure and database, you need to connect to this computer. There are several ways to do this though. Each method has its pros and cons, so it is worth reading about all the methods and deciding which one works best for you.  



Under the Files section, you will find an icon for File Manager.

File manager

File Manager is a bit like your computer’s file explorer. You will see WordPress folders and files in a similar interface. To edit any of the files, you need to download them, edit them on your local machine, and then reupload them to the correct folder, after deleting the existing file. 

Public_html folder in file manager
Database access on Cpanel

Under the Databases tab or from the left side panel, find the database that is associated with your site if there is more than one database. 

Database tables

Clicking on your database will open it to display all the tables within. Further, clicking on a table name will display the rows and values. 

Correct nginx virtual host for wordpress that's installed on non-root directory?

Some web hosts don’t provide cPanel, and may have an alternative control panel software like Plesk or Webmin. Others may not have any options at all, in which case you would need to use FTP to access your site files.


File Transfer Protocol or FTP is an alternative to HTTP. We are all familiar with HTTP, which is a protocol used to transfer information over the internet. They work in different ways and are used interchangeably to access data on a server. 

FTP is different from HTTP in one key way, which is that it requires authentication. That means you have to provide login credentials to be able to access the server. 

To use FTP or SFTP, which is more secure, you need to download and install a client, like FileZilla. For the purposes of this article though, we are going to use Cyberduck. 

First, locate your FTP credentials on your web host dashboard. 

FTP Credentials

Next, create a new connection on the FTP client, and plug in the credentials. 

FTP client connection

Once the connection has been established, you can view the WordPress files and folders on the server. 

WordPress files and folders through FTP/SFTP
Cloudways Adminer

On the other hand, Dreamhost does, and you can find a Manage link on the website panel.

Correct nginx virtual host for wordpress that's installed on non-root directory?


Short for ‘secure shell’, SSH is a way to connect securely to a remote computer over potentially insecure networks. In the case of WordPress, you can use it to access files on your site server from anywhere else. 

SSH uses a command-line interface to interact with and control the site files and folders instead of a browser. Like with FTP, you may need a client to use SSH, although most systems have the ability built-in. We used the Terminal on macOS to open a connection to our web server. 

Connecting to server through SSH

With SSH, you need to have some familiarity with the command-line interface or be prepared to look through a ton of documentation. This list of commands can help you get started, although it is not comprehensive. 

List of commands

Note: Using the command-line interface, you can also leverage WP-CLI commands. WP-CLI is a tool to interact specifically with WordPress site files and its database, and thus has commands that are specific to WordPress.


If you want to avoid cPanel and FTP altogether, you can also install a plugin to view and interact with WordPress files and folders. 

We tried out WP File Manager, and it was a breeze to use. Find the plugin from the plugins directory, install it, and you’re done. 

File manager plugin
WP file manager

One word of caution here is that searching for ‘file manager’ plugins also lists results for media library file managers. Those plugins serve an entirely different purpose. 

Similarly, you can install a plugin to view the site database as well.

Database my admin
Database my admin dashboard

The interface is very basic though, and it helps to have a little understanding of SQL to navigate more effectively. 

Database management tool

It was very similar to accessing the database directly. The plugin appears as a shortcut in the Tools menu. 

Correct nginx virtual host for wordpress that's installed on non-root directory?

Why you should learn about WordPress file and directory structure

Your site is working, and working well at that. So why should you spend time learning about WordPress file structure? Apart from the simple reason of understanding how your site works, there are several good reasons:  

  • Solve minor issues on your own steam, like disabling a plugin or theme that is acting up.
  • In case you face a major issue, it is important to be able to distinguish between good and bad advice. There is a ton of poor, although well-meaning advice, especially with respect to WordPress security. A little knowledge can help you ask the right questions when needed, and discard poor advice immediately. 
  • Understanding the file structure of your site makes you a power user. You may be able to accomplish a great deal more than previously. It is a stepping stone to learning WordPress development as well, should you be so inclined. For instance, suppose you need to add redirects to your site, you can do so by modifying the .htaccess file without needing developer intervention.
  • It will also prevent you from deleting or changing critical files or database values, knowing that this will cause your site to crash. 
  • Setting file permissions will become easier once you know the interplay between different files, and which users need access to them. At first glance, the strongest permissions and tightest security rules seem like the best option. This is not true at all. Remember that files need to communicate with each other, and therefore need appropriate permissions to do so.

If you are reading this article to figure out which files to backup, then the answer is everything. Always take complete backups, and restore partially as and when required.

How to protect WordPress files, folders, and database from malware

  • Install MalCare, a top-notch security plugin with an integrated firewall
  • Invest in site backups 
  • Keep WordPress, plugins, and themes updated as far as possible
  • Use strong passwords, and a password manager to remember them
  • Implement a good user policy
  • Never use nulled software

We have compiled all our security expertise into actionable advice that you can use to protect your site in minutes.


Now that you have a working knowledge of your site, it is sensible to take a backup every time you want to change something. This is your safety net in case anything goes awry and you have to restore in a hurry. BlogVault has the best WordPress backups and comes with a whole host of other great features to manage your site effectively. 


What is WordPress file structure? 

WordPress file structure is the site’s organisational system. WordPress sites use files that contain code to run and interact with a database, which stores data.

How are WordPress files organised? 

What should be in the wp-includes folder? 

The wp-includes folder contains WordPress core packages and code that are installed with WordPress. The wp-includes folder and its constituent files remain constant. If you suspect there are changes, you can download a fresh installation of WordPress and compare those files with what is on your site. 

Where are WordPress files located?

WordPress files are installed in a root directory on your site server. The root directory is often named public_html or public. All WordPress files are stored within the root directory in a hierarchical system of files and folders.

Оцените статью
Master Hi-technology
Добавить комментарий