Computer >> Máy Tính >  >> Lập trình >> HTML

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Trong các trường hợp bình thường, thực sự không cần phải lo lắng về cấu trúc tệp WordPress . WordPress có giao diện wp-admin tuyệt vời cho phép bạn tập trung vào việc chạy trang web của mình mà không cần biết động cơ hoạt động như thế nào.

Tuy nhiên, có thể hữu ích khi biết các sơ đồ và bu lông của trang web của bạn. Điều này đặc biệt đúng khi bạn gặp sự cố không mong muốn và tất cả trợ giúp nói về việc sửa đổi một tệp WordPress cụ thể hoặc đặt lại một giá trị trong cơ sở dữ liệu.

Có lẽ bạn không gặp sự cố nhưng đang đọc về các bản sao lưu hoặc bảo mật. Các thuật ngữ như tệp lõi và cơ sở dữ liệu, hoặc wp-config.php và wp-uploads, được đề cập thường xuyên trong ngữ cảnh.

Sẽ vô cùng hữu ích khi hiểu các thuật ngữ này để có được sự hiểu biết sâu sắc về chủ đề và do đó đưa ra quyết định tốt nhất có thể cho trang web của bạn .

Nếu bạn đã từng có những câu hỏi như:

  • Tệp cốt lõi là gì?
  • Các plugin và chủ đề được lưu trữ ở đâu?
  • Cơ sở dữ liệu chứa những gì?
  • Tại sao thư mục wp-uploads lại là mối quan tâm về bảo mật?
  • Cấu trúc thư mục và tệp WordPress là gì?

Bạn đang ở đúng nơi. Trong bài viết này, chúng tôi sẽ giới thiệu cho bạn thông tin hậu trường về trang web của bạn, để bạn có thể tự tin nói rằng mình hiểu cấu trúc tệp và thư mục WordPress.

TL; DR Một trang WordPress có hai phần:tệp và cơ sở dữ liệu. Cả hai điều này đều rất quan trọng đối với hoạt động của trang web của bạn. Nếu bạn hiểu cách chúng hoạt động, bạn sẽ trở thành người dùng thành thạo và do đó có thể khắc phục sự cố và đưa ra quyết định tốt cho trang web của mình. Một trong những quyết định tốt nhất bạn có thể thực hiện là bảo vệ trang web WordPress của mình. Cài đặt một plugin bảo mật tốt và đầu tư vào các bản sao lưu.

Thông thường, chúng tôi muốn thực hiện các thay đổi đối với trang web của mình và các bài viết về cách thực hiện hướng dẫn chúng tôi xem xét mã trang web của mình. Nếu điều này vẫn chưa đủ tệ, thì việc sử dụng ứng dụng khách FTP hoặc Trình quản lý tệp để xem các tệp và thư mục trang web của bạn có thể khiến bạn khá bối rối.

Mỗi thư mục và tệp trang web có vẻ quan trọng và thường là như vậy! Các cảnh báo nghiêm trọng nói rằng lỗi nhỏ nhất có thể dẫn đến sự cố trang web không còn bao xa nữa.

Điều đó đang được nói, kiến ​​thức là sức mạnh. Việc hiểu cấu trúc thư mục và tệp WordPress sẽ giúp bạn tự tin vào khả năng thực hiện các thay đổi đối với trang web của mình hoặc thực sự khắc phục các sự cố nhỏ. Trong mọi trường hợp, chúng tôi thực sự khuyên bạn nên luôn sao lưu trang web của mình trước khi mày mò.

Hiểu cấu trúc thư mục và tệp WordPress

Cấu trúc tệp và thư mục WordPress là công cụ của trang web của bạn. Các tệp chứa mã hỗ trợ trang web của bạn. Vì hầu hết nó là vô hình - như lẽ phải - nó có thể hơi khó hiểu để hiểu và giống như nhìn dưới mui xe ô tô.

Thư mục gốc WordPress

Để sử dụng WordPress, trước tiên bạn phải cài đặt nó trên máy chủ của mình. Hầu hết các máy chủ web sẽ tự động thực hiện việc này cho bạn khi bạn tạo tài khoản máy chủ web lần đầu tiên. Ngoài ra, bạn có thể tải xuống WordPress và tự tải nó lên máy chủ.

Cài đặt có nghĩa là một cài đặt mới của tất cả các tệp WordPress cơ bản được đưa vào máy chủ của bạn. Đây là nền tảng của trang web của bạn.

Thông thường nhất, cài đặt WordPress sẽ chuyển sang public_html hoặc công khai thư mục. Thư mục này được gọi là thư mục gốc của WordPress, hay đơn giản là thư mục gốc, và là nơi bạn sẽ tìm thấy các tệp và thư mục cốt lõi của WordPress. Thư mục hoàn toàn có thể được gọi là một cái gì đó khác, nhưng thường thì nó sẽ là thư mục public_html. Cần biết thư mục nào là thư mục gốc, vì nó là vị trí quan trọng cho một số tác vụ quản trị trang web, như di chuyển hoặc sao lưu.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

The WordPress root directory contains the following files and folders:

  • wp-admin
  • wp-content
  • wp-includes
  • .htaccess
  • index.php
  • license.txt
  • readme.html
  • wp-active.php
  • wp-blog-header.php
  • wp-comments-post.php
  • wp-config-sample.php
  • wp-cron.php
  • wp-links-opml.php
  • wp-load.php
  • wp-login.php
  • wp-mail.php
  • wp-settings.php
  • wp-signup.php
  • wp-trackback.php
  • xmlrpc.php
  • wp-feed.php

WordPress core files and folders

WordPress Core files and folders are those installed during the WordPress installation. These files power everything from the login page and the admin dashboard, to the database connection and managing users. There are 2 core WordPress folders:wp-admin and wp-includes , and several core files.

wp-admin thư mục

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

As the name suggests, this folder manages the entire experience of your WordPress wp-admin dashboard. There are seven folders in the wp-admin folder as follows:

  • css
  • images
  • includes
  • js
  • maint
  • network
  • user

There are lots of files too, the important ones being:

  • admin.php – core file that manages the wp-admin dashboard
  • index.php – loads pages in response to visitor requests
  • install.php – installs WordPress
  • plugins.php – controls all the plugins, active or inactive
  • themes.php – controls all the installed themes
  • users.php – manages users and their permissions

Most of the files are fairly self-explanatory as to their function. Essentially, all the WordPress folders and files within the wp-admin folder centre around the admin.php file , which controls the dashboard and all the functionality within it.

wp-includes thư mục

wp-includes contains all the core software for your WordPress site . You’ll see this referred to in a variety of ways:packages, code libraries, and WordPress source code. The nomenclature isn’t important here, but the code is critical.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Therefore, it is inadvisable to modify anything in the wp-includes directory ever, because it can and will break your site. Plus, there is no good reason to do so. Rarely will you come across a tutorial that advises you to alter any of the code contained in the wp-includes folder.

The one possible exception to this rule is the functions.php tập tin. The functions.php file contains all the code for all the functions on your site. It is a special case because it works in tandem with the functions.php file that exists in your active theme as well. Typically, things like Google Analytics code and other tracker code are added to the theme’s functions.php file, but are liable to get lost if the theme is changed. That’s why you may come across advice to add the tracking code to the core functions.php file instead. However, we recommend against changing anything in the core files. You can always copy code from an old theme to a new theme easily, without endangering your entire site.

We strongly recommend against making changes to WordPress core files and folders, because they control your site. Even small errors can lead to your site crashing completely. If at all you absolutely must make changes, please make sure to take a full site backup just before. In any event, every time WordPress is updated, these files are overwritten, and any changes you do make will be lost.

WordPress core files

In the root folder, you will also see several files. While all of them are important, some of them are worth noting.

index.php

An index.php file is responsible for showing your site in response to a visitor request. It initialises and loads the right core files when a page is requested. This concept is better understood by seeing what happens when there isn’t an index file.

If your root folder didn’t have an index file, when someone tries to visit your site, the contents of the root folder will be displayed on the browser. Apart from the terrible unintended user experience, this is also a security issue.

The index file is a directory-level file and will be visible in most folders and sub-folders. For instance, it also exists in the wp-content folder. If that file was missing, the contents of the folder would be visible. As it stands, a blank white screen is shown instead.

Apart from the one in the root folder, the index.php file is often a blank file with a single-line comment:“Silence is golden.”

WordPress configuration files

There is a special subset of core files known as configuration files. Configuration files are the only core files that you can reasonably expect to edit. That is not to say that they aren’t equally important as the other core files, however, there is certain site functionality that you can only toggle from within a configuration file.

Ideally, you should use a plugin wherever possible to make these changes. For instance, it is vastly better and easier to use a plugin to implement geo-blocking, rather than modifying the .htaccess file. However, if you are creating a multisite, then you would need to add code to the configuration files manually during the network setup.

wp-config.php

The wp-config file is used to store database connection info, security keys and salts, and the database prefix . It is often targeted by hackers for this reason, as the database credentials are stored in cleartext, as are the security keys and salts.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Security keys and salts are an encryption mechanism used by WordPress to authenticate logged-in users securely. We have a step-by-step guide on how to change your security keys and salts, in case you think that a user account has been compromised.

The wp-config file also contains the built-in WordPress debugging feature . By default, the debugging feature is disabled. Once enabled from the wp-config file, it will show all errors, warnings, and notices. This is different from typical behaviour which may only show critical errors or fatal errors.

In a lot of security articles, you will see advice to move the wp-config file to another location, out of the root. But this is of limited value, because every WordPress site has a wp-config file somewhere in the installation, and a determined hacker with requisite access will find it eventually. A better way to secure your WordPress site is to install a security plugin; preferably one with a good firewall.

.htaccess

The .htaccess file is another important configuration file that is used to manage site links. Things like permalink structure, URL redirects, IP address blocking , and so on are managed by the .htaccess file. For instance, if you ever want to implement geoblocking manually, you will need to modify the .htaccess file, although we definitely don’t recommend it. In addition to links, the .htaccess file can also be used to password-protect your site.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Both the .htaccess and the wp-config files are generated on WordPress installation, and thus would not be visible in a downloaded installation package. Even once installed, the .htaccess file is hidden. To be able to see it, enable the option to view hidden files on your FTP client.

The .htaccess file is a configuration file specifically for Apache web servers. Some web hosts use nginx instead of Apache servers, so there will be no .htaccess file for your site altogether.

wp-content folder

Plugin and theme files and folders are, as the names suggest, installed with plugins and themes. For instance, if you install a contact form plugin, the code for that plugin will be in these files. Similarly, with the theme; the code for displaying images and fonts are in these files.

All plugins and themes are generally found in the wp-content folder, unless in special circumstances. For example, a firewall plugin would be located at the root level, so it loads before the rest of the site. This concept is known as load order, which is often seen in relation to WordPress security.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Each plugin or theme will mostly have its own folder with the files it needs to function correctly. In fact, plugin and theme installation files can be uploaded via FTP directly to the wp-content folder and then unzipped there.

Themes

Plugins have enormous variety, so rarely conform to a template. Themes, on the other hand, usually affect the same elements of a site, so they can look quite similar at a code level.

For instance, every theme has a functions.php file . We briefly referred to this while speaking about the functions.php file in the wp-includes folder. The theme functions.php file contains all the code needed to execute the theme. It also often has the extra code needed to run analytics and trackers on your site. When changing over to a new theme, you need to backup the functions.php file to make sure that you don’t lose any of that customisation.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Interestingly, although a WordPress site will work without a single plugin—albeit be very boring—it cannot function without a theme. The active theme is indicated in a required field in the database and has to be available for the site to load at all.

wp-uploads

The wp-uploads folder is where the files that visitors upload to the site are stored. It correlates directly to everything visible in the site’s media library. The files are stored in yearly and then monthly folders for retrieval.

The wp-uploads folder is universally accessible by default, so it often poses a security risk. This is why the folder shouldn’t have any executable files ever.

It is important to remember that we are talking about the boilerplate installation of WordPress. Since customisation of plugins, themes, and of WordPress itself can vary significantly from site to site, this is by no means an exhaustive list. The WordPress codex has a full list of WordPress files that come with the basic installation.

You may or may not see some of the files in the folders as described above, depending on how the installation is configured. Alternatively, you may not see the .htaccess file in your FTP client, because it is a hidden file. You will need to enable that setting to see it.

Understanding WordPress database tables

A database is a system used to store, organize, and retrieve data to run your website. Along with the files, it forms the other crucial part of your site. The WordPress database is used to store user-generated content like posts, pages, comments, etc. in tables.

Note:this is often the reason why advice on how to backup your WordPress site often suggests you backup only the database, assuming you can download everything else. This is not good practice, as you should always backup your entire site.

WordPress uses a MySQL database to store site information in tables, SQL commands to manipulate the data within, and the programming language PHP to communicate between the files and database. Therefore, when you install WordPress for the first time, during the installation you will need to create a MySQL user for the database. And, as we will see later, you can use an interface like phpMyAdmin or Adminer to access your site’s database.

Each site has a single associated database, and each database consists of multiple tables. The core WordPress tables are:

  • wp_options
  • wp_users
  • wp_usermeta
  • wp_posts
  • wp_postmeta
  • wp_terms
  • wp_term_relationships
  • wp_term_taxonomy
  • wp_comments
  • wp_commentmeta
  • wp_links

These tables are installed with WordPress. Over the course of time, as the site grows and plugins are added, the database grows with more tables and therefore more data.

The important thing to remember is that the tables often work in tandem with each other. That means data can be drawn from different tables. For instance, comments on posts are stored in the wp_comments table, but wp_commentmeta also is important for retrieval. This is especially true for WooCommerce sites, where order and product data is stored across multiple tables.

We have a full article with more information on how the WordPress database functions.

How to access the WordPress files, directories, and database

Your WordPress site is stored on a web host server, which is essentially a remote computer. To access the WordPress file structure and database, you need to connect to this computer. There are several ways to do this though. Each method has its pros and cons, so it is worth reading about all the methods and deciding which one works best for you.

cPanel

The most common method talked about in WordPress tutorials is to use cPanel. cPanel is a control panel software offered by most web hosts. It has a variety of tools for different tasks. The ones that we are most interested in for the purposes of viewing WordPress files and the database are the File Manager and phpMyAdmin tương ứng.

To access cPanel on your site, enter yourdomain.com in the URL bar, followed by /cpanel. Login with cPanel credentials, which are different from your wp-admin ones.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Under the Files section, you will find an icon for File Manager.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

File Manager is a bit like your computer’s file explorer. You will see WordPress folders and files in a similar interface. To edit any of the files, you need to download them, edit them on your local machine, and then reupload them to the correct folder, after deleting the existing file.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

To access the database, look for the phpMyAdmin icon under the Databases section on cPanel.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

phpMyAdmin is separate from cPanel, so the icon is merely a shortcut to access it. If you aren’t logged in automatically, you can find the database login credentials in the wp-config.php file.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Under the Databases tab or from the left side panel, find the database that is associated with your site if there is more than one database.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Clicking on your database will open it to display all the tables within. Further, clicking on a table name will display the rows and values.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Some web hosts don’t provide cPanel, and may have an alternative control panel software like Plesk or Webmin. Others may not have any options at all, in which case you would need to use FTP to access your site files.

FTP/SFTP

File Transfer Protocol or FTP is an alternative to HTTP. We are all familiar with HTTP, which is a protocol used to transfer information over the internet. They work in different ways and are used interchangeably to access data on a server.

FTP is different from HTTP in one key way, which is that it requires authentication. That means you have to provide login credentials to be able to access the server.

To use FTP or SFTP, which is more secure, you need to download and install a client, like FileZilla. For the purposes of this article though, we are going to use Cyberduck.

First, locate your FTP credentials on your web host dashboard.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Next, create a new connection on the FTP client, and plug in the credentials.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Once the connection has been established, you can view the WordPress files and folders on the server.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

If your web host doesn’t have cPanel access, they may not use phpMyAdmin either. However, most web hosts do provide a link to the website database from the dashboard.

In this example, Cloudways has a button to Launch Database Manager from the website dashboard. Cloudways uses Adminer instead of phpMyAdmin.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

On the other hand, Dreamhost does, and you can find a Manage link on the website panel.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

SSH

Short for ‘secure shell’, SSH is a way to connect securely to a remote computer over potentially insecure networks. In the case of WordPress, you can use it to access files on your site server from anywhere else.

SSH uses a command-line interface to interact with and control the site files and folders instead of a browser. Like with FTP, you may need a client to use SSH, although most systems have the ability built-in. We used the Terminal on macOS to open a connection to our web server.

Similar to FTP again, you will need credentials to log in:server address, username, and password. You may or may not need the port number. To connect to your server with SSH, type in ssh username@serveraddress. You will be prompted for a password, and once that is in, you will be able to interact with your site files.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

With SSH, you need to have some familiarity with the command-line interface or be prepared to look through a ton of documentation. This list of commands can help you get started, although it is not comprehensive.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Note:Using the command-line interface, you can also leverage WP-CLI commands. WP-CLI is a tool to interact specifically with WordPress site files and its database, and thus has commands that are specific to WordPress.

Plugins

If you want to avoid cPanel and FTP altogether, you can also install a plugin to view and interact with WordPress files and folders.

The advantage of using a plugin is that you can see the files directly on your wp-admin dashboard, without needing to log in separately. The disadvantage is that if your site crashes for any reason and you want to fix an errant plugin or theme, you won’t be able to use these plugins to do so. However, it is still a viable alternative in most cases.

We tried out WP File Manager, and it was a breeze to use. Find the plugin from the plugins directory, install it, and you’re done.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

The dashboard clearly shows all the files of your site, right from wp-admin.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

One word of caution here is that searching for ‘file manager’ plugins also lists results for media library file managers. Those plugins serve an entirely different purpose.

Similarly, you can install a plugin to view the site database as well.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

We tried Database Admin and saw that we could select our site database without logging in.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

The interface is very basic though, and it helps to have a little understanding of SQL to navigate more effectively.

We also tried WP Adminer as an alternative.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

It was very similar to accessing the database directly. The plugin appears as a shortcut in the Tools menu.

Hướng dẫn cho người mới bắt đầu để hiểu cấu trúc tệp và cơ sở dữ liệu WordPress

Why you should learn about WordPress file and directory structure

Your site is working, and working well at that. So why should you spend time learning about WordPress file structure? Apart from the simple reason of understanding how your site works, there are several good reasons:

  • Solve minor issues on your own steam, like disabling a plugin or theme that is acting up.
  • In case you face a major issue, it is important to be able to distinguish between good and bad advice . There is a ton of poor, although well-meaning advice, especially with respect to WordPress security. A little knowledge can help you ask the right questions when needed, and discard poor advice immediately.
  • Understanding the file structure of your site makes you a power user . You may be able to accomplish a great deal more than previously. It is a stepping stone to learning WordPress development as well, should you be so inclined. For instance, suppose you need to add redirects to your site, you can do so by modifying the .htaccess file without needing developer intervention.
  • It will also prevent you from deleting or changing critical files or database values, knowing that this will cause your site to crash.
  • Setting file permissions will become easier once you know the interplay between different files, and which users need access to them. At first glance, the strongest permissions and tightest security rules seem like the best option. This is not true at all. Remember that files need to communicate with each other, and therefore need appropriate permissions to do so.

If you are reading this article to figure out which files to backup, then the answer is everything. Always take complete backups, and restore partially as and when required.

How to protect WordPress files, folders, and database from malware

Now that you have a good understanding of WordPress structure, both inside and out, you can take steps to protect it from hackers. In WordPress security, prevention is always better than cure, and doing the following will keep out the majority of malware attacks.

  • Install MalCare, a top-notch security plugin with an integrated firewall
  • Invest in site backups
  • Keep WordPress, plugins, and themes updated as far as possible
  • Use strong passwords, and a password manager to remember them
  • Implement a good user policy
  • Never use nulled software

We have compiled all our security expertise into actionable advice that you can use to protect your site in minutes.

Kết luận

Now that you have a working knowledge of your site, it is sensible to take a backup every time you want to change something. This is your safety net in case anything goes awry and you have to restore in a hurry. BlogVault has the best WordPress backups and comes with a whole host of other great features to manage your site effectively.

Câu hỏi thường gặp

What is WordPress file structure?

WordPress file structure is the site’s organisational system. WordPress sites use files that contain code to run and interact with a database, which stores data.

How are WordPress files organised?

WordPress files are organised in a hierarchical folder structure. The WordPress installation is in a root directory, generally public_html or public, and everything else comes within it. There are 3 core folders in the WordPress root directory:wp-content, wp-includes, and wp-admin.

What should be in the wp-includes folder?

The wp-includes folder contains WordPress core packages and code that are installed with WordPress. The wp-includes folder and its constituent files remain constant. If you suspect there are changes, you can download a fresh installation of WordPress and compare those files with what is on your site.

Where are WordPress files located?

WordPress files are installed in a root directory on your site server. The root directory is often named public_html or public. All WordPress files are stored within the root directory in a hierarchical system of files and folders.