As businesses rely heavily on content-driven websites, blogs, and eCommerce platforms, recruiters must identify WordPress professionals who can build, customize, and maintain scalable, secure, and high-performing websites. With expertise in themes, plugins, CMS configuration, and performance optimization, WordPress specialists power a large portion of the modern web.
This resource, "100+ WordPress Interview Questions and Answers," is tailored for recruiters to simplify the evaluation process. It covers a wide range of topics—from WordPress fundamentals to advanced customization and optimization, including themes, plugins, REST APIs, and security best practices.
Whether you're hiring WordPress Developers, CMS Specialists, Web Designers, or Content Platform Engineers, this guide enables you to assess a candidate’s:
For a streamlined assessment process, consider platforms like WeCP, which allow you to:
Save time, enhance your hiring process, and confidently hire WordPress professionals who can build secure, scalable, and content-rich websites from day one.
WordPress is an open-source Content Management System (CMS) that allows individuals and businesses to create, manage, and publish websites without needing advanced programming skills. It is built using PHP and uses MySQL or MariaDB as its database. WordPress powers over 40% of all websites on the internet, making it the most popular CMS globally.
Main features of WordPress include:
In short, WordPress provides flexibility, scalability, and ease of use for beginners while remaining powerful enough for enterprise-level websites.
Although both share the same core engine, WordPress.com and WordPress.org are two different platforms offering different levels of control, hosting, and customization.
Key difference:
WordPress.com is like renting a fully managed house, while WordPress.org is like owning the home—you have full control but must maintain everything yourself.
A WordPress theme is a collection of templates, style sheets, and layout files that define the visual appearance and design of a website. Themes control how your site looks—colors, typography, layouts, headers, footers, sidebars, and overall presentation.
Themes can be:
Themes often include:
In essence, themes define the visual identity of a WordPress site without affecting the underlying functionality.
Plugins are add-on software modules that extend or enhance the functionality of a WordPress website. While themes handle appearance, plugins handle features and behavior.
Plugins can help you add:
There are 60,000+ free plugins in the WordPress Plugin Repository plus thousands of premium and custom plugins.
Plugins work by hooking into WordPress's core functionality, using the action and filter hook system to expand what the platform can do.
The WordPress Dashboard is the main administrative interface where site owners and editors manage everything related to the website. It appears after logging in via /wp-admin.
Key areas inside the dashboard:
The Dashboard provides quick access to updates, analytics (if enabled), recent activity, and shortcuts for managing content. It’s the control center for the entire website.
Theme installation can be done in three ways:
This is the easiest and most common method.
.zip file of the themeUsed rarely, for advanced users.
/wp-content/themes/Once activated, you can customize it using Appearance → Customize.
Plugin installation also has three main methods:
.zip file/wp-content/plugins/After activation, plugins may add new menu items, settings, or widgets.
Posts and pages are the two primary content types in WordPress, but they serve different purposes.
Conclusion:
Posts are dynamic and time-based; pages are static and evergreen.
A widget is a small functional block designed to add content or features to widget-ready areas such as sidebars, footers, headers, or other theme-defined areas.
Examples of common widgets:
Widgets are managed via Appearance → Widgets, or in modern themes via Customizer or Block Editor widget areas.
Widgets enhance functionality without requiring coding.
Categories are hierarchical taxonomies used to group related posts together. They help organize content and make navigation easier for users.
Key features of categories:
yourwebsite.com/category/technologyCategories represent broad topics, while tags represent specific keywords.
Tags in WordPress are non-hierarchical taxonomies used to help organize and describe the specific details of a post. While categories group broad topics, tags identify smaller, focused keywords related to the content.
Key characteristics of tags:
site.com/tag/wordpress-tutorials/Example:
A blog post titled “How to Install WordPress” might use tags like installation, setup, hosting, or WordPress basics.
In summary, tags act like keywords that help refine how content is grouped and discovered.
The WordPress Media Library is a built-in repository where all uploaded media files are stored and managed. This includes:
Main features of the Media Library:
Media Library items are stored physically in the /wp-content/uploads/ folder, organized by year and month.
In short, the Media Library centralizes all media management tasks within WordPress.
A permalink (permanent link) is the full URL of a post, page, category, or tag archive. It is called “permanent” because it is intended to remain unchanged so users and search engines can reliably reference content.
Example of a good permalink:https://example.com/how-to-start-a-blog/
Example of a poor permalink:https://example.com/?p=187
Benefits of clean permalinks:
WordPress allows you to configure permalink structure at:
Settings → Permalinks
Common formats include:
Permalinks play a key role in website usability and search ranking.
The site title and tagline define your website’s identity and appear in key places like browser tabs, search results, and site headers (depending on theme).
To change them:
These settings help create a strong brand identity and improve site SEO.
To create a navigation menu:
You can also create dropdown menus by dragging items slightly to the right beneath parent items.
Menus help users navigate your site effectively and improve the overall user experience.
Gutenberg, officially called the WordPress Block Editor, is the modern content editor introduced in WordPress 5.0. It replaces the Classic Editor with a block-based system, allowing you to build layouts visually.
Key features of Gutenberg:
The block editor gives users greater control over layout, spacing, and multimedia content. It is more flexible, modern, and intuitive compared to the traditional editor.
The Classic Editor is the older, traditional text-based editor used before WordPress 5.0. It resembles a simple word processor with a toolbar and a content box.
Characteristics of the Classic Editor:
While still available via the “Classic Editor Plugin,” it is considered outdated compared to Gutenberg. Many long-time WordPress users and theme developers, however, still prefer it for its simplicity and stability.
To create a new post:
This makes posting content easy and flexible for bloggers and editors.
There are three main ways to control comments:
These settings give you full control over how users can interact with content.
The Reading Settings screen controls how your website’s content is displayed to visitors. It is found at:
Settings → Reading
Key options include:
Overall, the Reading Settings screen determines how content is delivered to users and search engines.
The Discussion Settings screen controls how comments and interactions behave across your entire WordPress site. It defines the global rules for handling comments, notifications, and user communication.
Found at: Settings → Discussion
Main options include:
Overall, this screen controls how users engage through comments, helping you manage discussion quality and reduce spam.
A featured image is the primary image representing a post or page. It acts as a visual thumbnail and is commonly used in:
Featured images improve visual appeal, catch reader attention, and strengthen brand consistency.
Key points:
In summary, featured images provide a visual identity for content and enhance user engagement.
WordPress can show either your latest posts or a static page as the homepage. To create a static homepage:
Use:
Static homepages are ideal for business sites, portfolios, landing pages, or any non-blog layout.
A shortcode is a small, bracketed code snippet that performs a dynamic function inside posts, pages, or widgets. It looks like this:
[shortcode]
Or with parameters:
[gallery ids="10,12,14"]
WordPress processes shortcodes to insert complex functionality without requiring coding.
Examples of common shortcodes:
[gallery] – Display image collections[audio] – Embed audio[video] – Show videos[caption] – Add captions to images[contact-form-7] – Insert forms (plugin-based)Benefits:
Shortcodes are especially useful for embedding functionality inside content areas.
There are several methods to change the admin password:
/wp-login.phpwp_users tableMD5() functionChoose this method if you’re locked out of the site.
A user role defines the permissions and capabilities assigned to each user. It determines what a user can and cannot do on a site.
Capabilities include:
WordPress has six default roles:
User roles help maintain a secure and organized workflow, especially in multi-author or team environments.
Intended for: site owners, technical managers, developers.
Intended for: content managers, editorial staff, team leads.
Key difference:
The Editor handles content, while the Administrator handles both content and system-wide operations.
The Trash feature acts as a safety net for deleted items. When you delete a post, page, comment, or media file, it is moved to Trash instead of being permanently deleted immediately.
Benefits:
How it works:
Trash is similar to the recycle bin on a computer and enhances data protection.
WordPress allows easy updates through the dashboard.
OR
Go to:
WordPress allows enabling auto-updates:
Used when updates fail:
/wp-content/plugins/ or /wp-content/themes/Why updates matter:
Always back up your site before updates.
A child theme is a theme that inherits the functionality, design, and structure of a parent theme but allows you to safely customize it without modifying the parent theme’s files.
Benefits of using a child theme:
A child theme typically contains:
style.css (with theme header information)functions.php to enqueue parent/child stylesChild themes are essential for developers who want to customize themes professionally and safely.
The Appearance → Customize section, also known as the WordPress Customizer, is a live-preview customization tool that allows users to change how their site looks while seeing updates in real time before publishing.
Key features of the Customizer:
The Customizer gives users a safe and user-friendly place to personalize their site’s design before applying changes live.
A slug is the user-friendly, SEO-friendly portion of a URL that identifies a particular post, page, category, or tag.
Example URL:https://example.com/best-wordpress-tips/
Here, best-wordpress-tips is the slug.
Characteristics of slugs:
Slugs improve readability, SEO, and the overall professionalism of your URLs.
WordPress makes YouTube embedding extremely simple through auto-embed features.
<iframe> codeWordPress’s oEmbed support makes embedding simple, responsive, and compatible with most themes.
The default content type in WordPress is the Post.
WordPress has two primary built-in content types:
When you install WordPress, the system assumes you’ll be writing blog posts, so the post is the default type. Plugins can also introduce custom content types, such as:
But “Post” remains the core default type.
A favicon (short for “favorite icon”) is the small icon displayed in browser tabs, bookmarks, and mobile shortcuts. It helps users quickly identify your site and strengthens your brand identity.
How to add a favicon:
Some themes let you upload icons from their own settings panel.
Favicons are essential for branding and professionalism across browsers and devices.
A custom menu location is a specific area within a WordPress theme where a navigation menu can be assigned. Themes define these locations so users can decide where their menus appear.
Common menu locations include:
Themes may offer one or multiple menu locations.
You can assign menus to locations under:
Appearance → Menus → Manage Locations
Developers can also register new menu locations using the register_nav_menus() function. Custom menu locations make navigation flexible and customizable across various sections of your site.
Scheduling allows you to publish content automatically at a future date and time.
Scheduling is ideal for:
WordPress automatically publishes your post at the exact chosen time.
WordPress supports over 100 languages. To change your site’s language:
WordPress will download the language pack automatically.
Useful for multilingual teams.
Some plugins (like WPML or Polylang) allow running the site in multiple languages simultaneously.
Posts in WordPress can have different visibility settings:
Used for regular website content.
Used for:
Visibility settings are found in the post editor under Document → Visibility.
There are several ways to reset a WordPress password depending on access level.
/wp-login.phpThis is the most common method.
(If you are already logged in)
Use this when locked out and email is not working.
wp_users tableIf code editing is possible:
functions.phpThese methods ensure you can always regain access to your WordPress admin account securely.
The WordPress template hierarchy is the structured system WordPress uses to determine which PHP template file should be used to display a specific type of page or content. It acts like a decision tree where WordPress searches for the most specific template file available and falls back to more general ones if necessary.
How the hierarchy works:
Examples:
Order of lookup:
single-{post_type}-{slug}.phpsingle-{post_type}.phpsingle.phpindex.phppage-{slug}.phppage-{ID}.phppage.phpindex.phpcategory-{slug}.phpcategory-{ID}.phpcategory.phparchive.phpindex.phpfront-page.phphome.phpindex.phpThis hierarchy gives developers powerful control over customizing content layouts by creating specific templates without touching core files.
wp-config.php is one of the most important core configuration files in WordPress. It acts as the connection bridge between WordPress and the database, and it stores important site-level settings.
Key purposes of wp-config.php:
It defines:
Example:
define('DB_NAME', 'mydatabase');
define('DB_USER', 'myuser');
define('DB_PASSWORD', 'mypassword');
define('DB_HOST', 'localhost');
These enhance security by encrypting user cookies.
$table_prefix = 'wp_';
4. Debugging Settings
define('WP_DEBUG', true);
Enables WordPress Multisite if required.
You can increase PHP memory, modify autosaves, or change cache settings.
You can disable file editing:
define('DISALLOW_FILE_EDIT', true);
wp-config.php is never cached and is loaded early in the boot process, making it the central configuration point for your WordPress installation.
functions.php is a theme-specific file used to add or modify functionality. It works like a plugin and is loaded when the theme is activated.
Key purposes:
Example:
add_theme_support('post-thumbnails');
Important notes:
Proper enqueuing ensures CSS and JS files are loaded safely without conflicts, duplicates, or breaking dependencies.
Use wp_enqueue_scripts action hook inside functions.php.
function my_theme_styles() {
wp_enqueue_style('main-style', get_stylesheet_uri());
}
add_action('wp_enqueue_scripts', 'my_theme_styles');
Example: Enqueue JS
function my_theme_scripts() {
wp_enqueue_script('custom-js', get_template_directory_uri() . '/assets/js/custom.js', array('jquery'), '1.0', true);
}
add_action('wp_enqueue_scripts', 'my_theme_scripts');
Important parameters:
Why proper enqueuing matters:
Never hardcode <script> or <link> tags directly in templates — always enqueue.
Custom Post Types (CPTs) allow you to add new content types beyond WordPress’s defaults (Posts and Pages). They help you structure content more effectively.
Examples of CPTs:
function create_movie_cpt() {
register_post_type('movie', array(
'label' => 'Movies',
'public' => true,
'supports' => array('title', 'editor', 'thumbnail'),
'has_archive' => true,
));
}
add_action('init', 'create_movie_cpt');
Benefits:
CPTs turn WordPress into a full-featured CMS suitable for any type of structured content.
Custom taxonomies are used to group and categorize custom post types (CPTs) or default posts in more specific ways.
WordPress has two built-in taxonomies:
Custom taxonomies allow you to create new grouping systems.
Examples:
function create_movie_taxonomy() {
register_taxonomy('genre', 'movie', array(
'label' => 'Genres',
'hierarchical' => true,
));
}
add_action('init', 'create_movie_taxonomy');
Advantages:
Custom taxonomies allow developers to create complex content structures.
WordPress allows you to register and display menus programmatically.
function my_custom_menus() {
register_nav_menus(array(
'header-menu' => __('Header Menu'),
));
}
add_action('init', 'my_custom_menus');
Step 2: Display Menu in Theme (header.php)
wp_nav_menu(array(
'theme_location' => 'header-menu',
'container' => 'nav',
'menu_class' => 'main-menu',
));
This creates a fully dynamic menu that can be managed from the WordPress admin panel.
Why use code?
Hooks are powerful tools that allow developers to modify or extend WordPress functionality without editing core files.
There are two types of hooks:
Hooks make WordPress extremely customizable and flexible.
Example of adding an action:
add_action('wp_footer', 'my_custom_message');
function my_custom_message() {
echo 'Thank you for visiting!';
}
Example of using a filter:
add_filter('the_title', 'modify_title');
function modify_title($title) {
return '👉 ' . $title;
}
Hooks are the backbone of WordPress plugin and theme development.
FeatureActionsFiltersPurposeExecute custom codeModify existing dataReturn ValueDo not return anythingMust return dataUse CaseAdding functionalityChanging content/dataExampleAdding a footer messageEditing post titles
Triggered at a specific execution point.
Example:
add_action('init', 'register_custom_post_type');
Used to change or filter data.
Example:
add_filter('the_content', 'append_text');
In summary:
Actions do something, filters change something.
The Loop is WordPress’s primary mechanism for outputting posts or pages. It retrieves content from the database and displays it according to the current query.
Example of a basic Loop:
if ( have_posts() ) :
while ( have_posts() ) : the_post();
the_title();
the_content();
endwhile;
else :
echo "No posts found.";
endif;
What the Loop does:
Why the Loop is important:
The Loop is the heart of WordPress template rendering.
WP_Query is a powerful WordPress class that allows developers to retrieve posts or custom content based on specific criteria. It is used to create custom queries rather than relying solely on the default WordPress Loop.
It enables querying posts by:
$args = array(
'post_type' => 'post',
'posts_per_page' => 5
);
$query = new WP_Query($args);
if ($query->have_posts()) :
while ($query->have_posts()) : $query->the_post();
the_title();
the_excerpt();
endwhile;
wp_reset_postdata();
endif;
It is the backbone of dynamic content retrieval in theme and plugin development.
Creating a child theme manually allows you to customize a theme safely without losing your changes during updates.
In:/wp-content/themes/
Create a folder named:yourtheme-child
Add this header at the top:
/*
Theme Name: Your Theme Child
Template: yourtheme
*/
Template: must match the parent theme’s folder name.
Add:
<?php
function child_theme_styles() {
wp_enqueue_style('parent-style', get_template_directory_uri() . '/style.css');
}
add_action('wp_enqueue_scripts', 'child_theme_styles');
(Modern themes use wp_enqueue_style for proper loading.)
Copy files from parent theme to child theme to override:
Example:
header.php to child themeChild themes allow customization without touching parent theme files.
A page template is a specialized file in a theme that defines a custom layout or structure for individual pages. It lets developers create unique designs for special pages (contact page, landing page, gallery page, etc.).
page-custom.php<?php
/*
Template Name: Custom Layout Page
*/
Page templates give developers full control over the design and layout.
Template tags are built-in WordPress functions used inside theme files to retrieve and display dynamic content.
Examples include:
the_title() – Displays post titlethe_content() – Displays post contentthe_excerpt() – Displays summarythe_post_thumbnail() – Displays featured imagewp_head() – Loads scripts/styles in <head>wp_footer() – Loads footer scriptswp_nav_menu() – Displays navigation menusTemplate tags are essential tools for any WordPress theme developer.
Overriding plugin functionality must be done carefully. There are a few safe methods:
Some plugins (WooCommerce, bbPress, EDD) allow overriding templates.
Steps:
/wp-content/plugins/woocommerce/templates/yourtheme-child/woocommerce/...Most plugins offer hooks.
Example:
add_filter('plugin_output', 'my_custom_output');
function my_custom_output($content) {
return 'Updated: ' . $content;
}
Method 3: Deregister and Replace Plugin Scripts
function replace_plugin_script() {
wp_dequeue_script('plugin-script');
wp_enqueue_script('custom-script', get_stylesheet_directory_uri() . '/custom.js');
}
add_action('wp_enqueue_scripts', 'replace_plugin_script', 20);
Some functions are declared as:
if (!function_exists('plugin_function')) { }
You can redefine them in your child theme’s functions.php.
The WordPress REST API is a powerful interface that allows external applications and developers to interact with WordPress using HTTP requests, typically returning JSON data.
It provides endpoints like:
/wp-json/wp/v2/posts/wp-json/wp/v2/pages/wp-json/wp/v2/usersfetch('https://example.com/wp-json/wp/v2/posts')
.then(res => res.json())
.then(data => console.log(data));
The REST API makes WordPress a full content management backend for modern applications.
A nonce (Number Used Once) is a security token used to protect WordPress URLs and forms from malicious attacks like:
Nonces validate that the request was made on purpose by an authenticated user.
wp_nonce_field('save_data', 'custom_nonce');
Verify nonce:
if (!wp_verify_nonce($_POST['custom_nonce'], 'save_data')) {
die('Security check failed');
}
WordPress nonces are temporary tokens (12–24 hours) and are not true cryptographic nonces, but extremely effective for security.
Securing wp-config.php is critical because it contains:
WordPress checks one level above root:
/public_html
wp-config.php → move to /home/user/wp-config.php
Add:
<files wp-config.php>
order allow,deny
deny from all
</files>
On Linux:
chmod 400 wp-config.php
4. Disable File Editing
define('DISALLOW_FILE_EDIT', true);
Avoid default usernames like root.
Many hosting panels allow blocking direct access.
Properly securing wp-config.php drastically reduces hacking risks.
The database prefix is added before every WordPress table name. Default prefix is:
wp_
Examples:
wp_postswp_userswp_optionssite1_postssite2_postsRequires updating:
wp-config.phpoptions and usermetaThe prefix is a small but important layer of database security.
.htaccess is a server configuration file used primarily on Apache servers. In WordPress, it controls many features including:
WordPress automatically writes rewrite rules to .htaccess for clean URLs.
Example:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /index.php [L]
Example:
Options -Indexes
<FilesMatch "\.(jpg|png|css|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
Some hosts allow edit via .htaccess.
.htaccess is a crucial file that optimizes URL structure, improves security, and enhances performance.
Permalinks often break due to issues with .htaccess, server configuration, plugins, or incorrect rewrite rules. Common symptoms include 404 errors on posts/pages.
This forces WordPress to regenerate rewrite rules.
Ensure .htaccess exists in the root directory.
Default WordPress .htaccess:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
If missing:
.htaccesschmod 644)Ensure mod_rewrite is enabled:
sudo a2enmod rewrite
sudo service apache2 restart
Add rewrite rules in site config:
location / {
try_files $uri $uri/ /index.php?$args;
}
Some plugins alter permalinks.
If CPT slugs return 404:
flush_rewrite_rules();
Place temporarily in functions.php.
Folder requires:
/ root directory → 755.htaccess → 644Fixing permalinks often requires correcting rewrite rules, checking file permissions, and resolving plugin conflicts.
WordPress Multisite is a feature that allows you to run multiple WordPress sites from a single installation. It is ideal for organizations managing many websites under one system.
site1.example.com)example.com/site1/)Add this to wp-config.php:
define('WP_ALLOW_MULTISITE', true);
The setup wizard guides you through necessary steps.
Multisite is powerful but requires strong hosting and maintenance practices.
Transients are temporary cached data stored in the database to improve performance. They allow you to store data with an expiration time.
They consist of:
set_transient('weather_data', $data, 12 * HOUR_IN_SECONDS);
Fetching a transient
$data = get_transient('weather_data');
Deleting a transient
delete_transient('weather_data');
If object caching is enabled (Memcached/Redis), transients become even faster.
Both functions retrieve stored settings, but they serve very different purposes.
Example:
$admin_email = get_option('admin_email');
Example:
$logo = get_theme_mod('custom_logo');
Featureget_option()get_theme_mod()ScopeSite-wideTheme-specificStorage Locationwp_options tabletheme_mods_optionUsed ByPlugins, WordPress coreTheme CustomizerPortabilityRemains after theme switchOften resets with theme
Summary:
Use get_option() for global settings.
Use get_theme_mod() for theme customization settings.
Manual migration involves moving both the files and the database.
Using FTP/cPanel:
/public_html/ or site folderwp-config.phpUpload all downloaded files into the new root directory.
Update:
DB_NAME
DB_USER
DB_PASSWORD
DB_HOST
If domain changes:
Update site URL:
UPDATE wp_options SET option_value='https://newsite.com' WHERE option_name='siteurl';
UPDATE wp_options SET option_value='https://newsite.com' WHERE option_name='home';
Go to Settings → Permalinks → Save Changes
Use a search-replace tool for migrated domains.
Manual migration provides full control without relying on plugins.
WP Cron is WordPress’s pseudo-cron system used to schedule automated tasks.
It is not a true server cron—it only runs when someone visits the site.
wp_schedule_event(time(), 'hourly', 'my_hourly_task');
Hook definition:
add_action('my_hourly_task', 'run_my_task');
function run_my_task() {
// code here
}
define('DISABLE_WP_CRON', true);
Then run real server cron for accuracy.
A plugin conflict occurs when two or more plugins (or a theme + plugin) interfere with each other, causing:
If issue disappears → it's plugin-related.
This identifies the conflicting plugin.
If issue persists → plugin conflict
If issue disappears → theme conflict
Look for JS errors caused by scripts.
In wp-config.php:
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
Check /wp-content/debug.log.
Sometimes two plugins load the same script in different versions.
Plugins may not support your PHP version.
Debugging plugin conflicts ensures a stable and compatible WordPress environment.
Improving WordPress speed involves optimizing hosting, caching, code, images, and database.
Key performance strategies:
Prefer:
Use:
Plugins:
Compress using:
Reduce file sizes and loads.
Distribute content globally.
Disable unnecessary plugins.
Use plugins or SQL commands to remove:
Load images/videos when visible.
Avoid heavy builders if possible.
Boosts performance significantly.
A well-optimized WordPress site loads fast, ranks better, and improves user experience.
Image optimization reduces file size without compromising visible quality. It improves:
Tools:
Use:
Upload appropriate dimensions.
WordPress has native lazy loading for images (loading="lazy").
Faster delivery worldwide.
WordPress automatically adds:
srcset=""
sizes=""
Good image optimization dramatically reduces page size and improves performance.
Backups protect your site from data loss due to hacking, corruption, or accidental changes.
A complete backup includes:
wp-content, themes, plugins, uploads)Plugins like:
Features:
Using cPanel or FTP:
Files:
/public_html/ folderDatabase:
Managed hosting companies often offer:
Such as:
WordPress uses revisions and autosaves to help you recover content, but they serve different purposes.
Revisions are permanent historical snapshots of your post or page content.
Key characteristics:
wp_posts table with post_type = revision).Use case:
Undoing mistakes, comparing old versions, restoring content deleted earlier.
Autosaves are automatically saved temporary drafts.
Key characteristics:
Use case:
Preventing content loss during writing.
FeatureRevisionsAutosaveTriggerManual save/updateAuto every 60 secondsQuantityUnlimited (unless limited)Only 1 per userPurposeVersion historyCrash protectionPermanent?YesNo
Both features improve content reliability but operate differently.
XML-RPC allows remote publishing and app-based connections but is often disabled for security reasons because it has been targeted for DDoS and brute-force attacks.
Add this to functions.php:
add_filter('xmlrpc_enabled', '__return_false');
Method 2: Block via .htaccess (Apache Servers)
<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>
Plugins like:
If you only want Jetpack or apps:
Use whitelist rules instead of full blocking.
Disabling XML-RPC enhances site security unless needed for specific integrations.
WordPress uses a role-based access control system.
Roles are groups that define what a user can or cannot do.
Default roles:
Each role is essentially a collection of capabilities.
Capabilities are individual permissions or actions a user can perform.
Examples:
edit_postspublish_postsmanage_optionsupload_filesdelete_usersmoderate_commentsEditor Role includes:
edit_others_postsdelete_postsmoderate_commentsAuthor Role includes:
publish_postsedit_postsedit_others_posts.ConceptMeaningRolesCollections of capabilitiesCapabilitiesSpecific actions a user can perform
This system allows flexible and secure user management.
A meta box is a modular area in the WordPress editor screen that allows users to input additional information for a post, page, or custom post type.
You see meta boxes on the editing screen such as:
add_action('add_meta_boxes', 'add_movie_info_box');
function add_movie_info_box() {
add_meta_box('movie_info', 'Movie Info', 'movie_info_callback', 'movie');
}
Meta boxes allow enhanced content management and custom data entry.
Custom fields (post meta) are key-value pairs attached to posts, pages, or custom post types. They store additional structured data that is not part of the main content.
Stored in:wp_postmeta table
Via WordPress editor:
Or via code:
update_post_meta($post_id, 'price', '199');
Retrieve value:
get_post_meta($post_id, 'price', true);
Custom fields are essential for building dynamic, structured CMS functionality.
Changing the WordPress login logo helps with branding.
function custom_login_logo() {
echo '
<style type="text/css">
#login h1 a {
background-image: url(' . get_stylesheet_directory_uri() . '/images/logo.png);
height: 80px;
width: 200px;
background-size: contain;
}
</style>';
}
add_action('login_head', 'custom_login_logo');
Plugins like:
Allow visual customization without coding.
Full customization for advanced users.
Branding the login screen creates a more professional client experience.
WordPress uses a combination of:
User submits username & password.
Password stored in DB as a hashed value using PHPass or modern hashing (wp_hash_password).
WordPress verifies using wp_check_password().
Two main cookies:
These cookies store:
Before accessing admin or content, WordPress verifies:
current_user_can('capability_name');
WordPress maintains multiple sessions (per device login).
Users can be logged out remotely.
Protect actions like:
Authentication in WordPress is secure, token-based, and extensible through filters and hooks.
A widget area (sidebar) is a section where widgets can be added. To register one:
function my_widget_area() {
register_sidebar(array(
'name' => 'Main Sidebar',
'id' => 'main_sidebar',
'before_widget' => '<div class="widget">',
'after_widget' => '</div>',
'before_title' => '<h3>',
'after_title' => '</h3>',
));
}
add_action('widgets_init', 'my_widget_area');
Add in sidebar.php:
if (is_active_sidebar('main_sidebar')) {
dynamic_sidebar('main_sidebar');
}
Widget areas allow theme developers to create flexible content blocks in sidebars, footers, headers, or custom template locations.
wp_head() is a crucial template tag placed inside the <head> section of a theme, usually in header.php.
It allows WordPress, themes, and plugins to insert important elements into the document <head>.
<head>
<?php wp_head(); ?>
</head>
If wp_head() is missing:
It is essential for proper WordPress theme operation.
wp_footer() is another essential template tag placed inside the theme’s footer, right before the </body> tag.
It allows WordPress, themes, and plugins to load important scripts and code at the end of the page.
<?php wp_footer(); ?>
</body>
</html>
Without it, many plugins and features will not function as expected.
WordPress core architecture is designed on a modular, extensible, hook-driven system that separates responsibilities cleanly and allows full customization without modifying core files.
Located mostly in /wp-includes/ and /wp-admin/.
Major components:
WP_Query)wpdb)Themes control presentation, not logic. They are responsible for:
Themes interact with core using template tags and hooks.
Plugins extend functionality using:
Plugins integrate cleanly without altering core.
WordPress stores data in standard tables:
wp_posts, wp_users, wp_optionswp_postmeta, wp_terms, wp_term_taxonomyUses a clean CRUD approach via the $wpdb class.
At the heart of customization:
This system allows developers to attach or override logic anywhere.
Uses Rewrite API and WP_Query to route URLs to the proper content.
Provides a modern interface for external applications to interact with WordPress programmatically.
WordPress is built to be flexible while maintaining strong backward compatibility and extensibility.
