WordPress core files are accessible to view, to open and to edit. Just because we can look at, open and edit those WP core files does not mean we should. In fact, we should never ever ever ever EVER edit those core files†. Never!
Well, there is one exception among the core files.
So what are WordPress core files?
When we download the WordPress software and decompress the package we see a list of files like the ones shown in this image:
WordPress core files are needed to make WordPress do as WordPress does: provide an easy, convenient way to create and manage content for viewing in web browsers.
We can safely delete readme.html and license.txt without harming WordPress.
The files xmlrpc.php, index.php and all the directories and all the files prefixed wp- are core files and directories.
The files under the directories
- wp-admin, and
are all core WP files.
The directory wp-content stores plugins, themes, caches, uploads and anything that is not core. Every image, PDF, document, other media file, plugin or theme we upload to WordPress is stored in wp-content. WP-Content is our do-what-you-will-with-the-files-in-here directory.
Why should core files never be edited?
When WordPress is updated the core files are replaced. Any edit made to a core file is wiped off the face of the Internet. Core file edits are only ever temporarily held until WordPress updates.
There are many action hooks and filters that can be used to plug code edits into WordPress. We can make WordPress do new tricks by plugging code into hooks and filters.
When we want to change how WP works, we can write a plugin to inject code into a WP hook or WP filter. That plugin can be made into a standalone file or the code for the plugin can be placed into an active theme’s functions.php file.
There’s an exception to every rule..
We can edit wp-config.php. This file is never overwritten by WordPress updates.
The default set of core files in the WordPress software package does not include wp-config.php. This file is created during WordPress installation. The template for this file is wp-config-sample.php. The sample file is used by WordPress to make wp-config.php.
WP-Config.php contains the database name, database username, database password and a few other settings important to a WordPress installation.
We can edit wp-config.php with valid code and functions without worry — the file will not be overwritten during a WordPress update.
† WordPress code can be forked into a new branch and some websites use old – unmaintained – versions of WordPress. If you plan to build your own CMS using customized WP core files as the base or if you maintain a version of WordPress that is no longer supported by the WP dev team then, in these circumstances, you can edit WP core files. When you use the vanilla WP core files and plan to update in-step with WordPress release cycles then you must never edit core files.