The WordPress Folder Structure



The base folder

This is the WordPress installation directory and everything (apart from the WordPress database exists here). We’ll call it the “root directory”. In case of people running WordPress in shared hosting servers powered by cPanel, the root directory is most probably the contents of the “public_html” directory, if you’re running WordPress in your base domain (i.e. and not

The WordPress root directory contains exactly three folders: wp_content, wp_includes and wp_admin along with a bunch of other PHP files, the most significant one being “wp_config.php”. By modifying this file, we can add a bunch of core WordPress customization options that aren’t readily available in the WordPress administrator dashboard. For example, we can disable post revisions, set the site name used by WordPress (useful for domain changes), enable maintenance mode, etc. The wp-config.php file is a very important file and should not be tampered with. It contains crucial information such as the access credentials to your WordPress database. If someone can get to your database, he/she has complete control over your site.



This folder contains all the other PHP files and classes which is required for WordPress’ core operations. Again, you don’t want to edit any files in this directory.


This folder contains the various files of the WordPress dashboard. You know that all administrative or functions related to WordPress, such as writing posts, moderating comments, installing plugins and themes are done via the WordPress dashboard. Only registered users are allowed access here and the access is again limited based on the User’s role. An administrator is allows full access followed by the Editor, then the Contributor and finally the Subscriber.


The wp_content folder contains all user uploaded data and is again divided into three sub-folders:

  1. themes
  2. plugins
  3. uploads

The “themes” directory contains all the themes that are installed in your WordPress site. Every file that you download from has 2 themes installed – for WordPress 3.6.1, they are Twenty Twelve and Twenty Thirteen. You can install as many themes as you want, but can only activate one theme at a time (although there do exist some plugins that allow you to activate more). Also, the “themes” directory can never be empty, since WordPress needs at least one theme to work with!

Similarly, the “plugins” is used to store all the plugins installed in your WordPress site. Unlike the “themes” directory, this directory may be empty as you can perfectly run a WordPress site without using any plugins.

All the images (and other media files) that you’ve uploaded since the time you launched your site, along with all future uploads, will be stored in the “uploads” directory, categorized by year, month and day. This folder can be thought of as the database for all non-textual data – images, PDFs, videos, MP3s, etc. That’s why it’s a good security practice to restrict public access to these folders. This can be achieved by modifying the .htaccess file, present inside the wp_content directory.