Complete List of Default WordPress Files
When cleaning up hacked sites and testing .htaccess tricks, it’s nice to have a list of WordPress directory and file names for checking patterns and finding strings directly via Search/Find. Especially when working remotely, having a complete list of WordPress files available online can help expedite the attack-recovery process.
The official Codex page lists some important files, but only for WP version 2.x and doesn’t seem to list files located in all sub-directories. Sure it’s not the most exciting topic in the world, but it’s always good practice to know thy files. You get to see the bigger picture and gain a better understanding of how much stuff actually is included in WordPress — especially if you start digging around in the /wp-includes/
directory.. bring a snack, knife, and some flint to improve your chances.
Menu
We’re looking at default download/unzip of WordPress version 3.3.2 — a complete list of all files in all directories in alphabetical order. Here’s the roadmap:
- directory structure (without files)
- WordPress root-level files
- files in the
/wp-admin/
directory - files in the
/wp-content/
directory - files in the
/wp-includes/
directory
Basic WordPress directory structure
/wordpress/
/wp-admin/
/css/
/images/
/includes/
/js/
/maint/
/network/
/user/
/wp-content/
/plugins/
/akismet/
/themes/
/twentyeleven/
/colors/
/images/
/inc/
/images/
/js/
/languages/
/twentyten/
/images/
/headers/
/languages/
/wp-includes/
/Text/
/css/
/images/
/crystal/
/smilies/
/wlw/
/js/
/crop/
/imgareaselect/
/jcrop/
/jquery/
/ui/
/plupload/
/scriptaculous/
/swfupload/
/plugins/
/thickbox/
/tinymce/
/langs/
/plugins/
/directionality/
/fullscreen/
/inlinepopups/
/skins/
/clearlooks2/
/img/
/media/
/css/
/js/
/paste/
/js/
/spellchecker/
/classes/
/utils/
/css/
/img/
/includes/
/tabfocus/
/wordpress/
/css/
/img/
/wpdialogs/
/js/
/wpeditimage/
/css/
/img/
/js/
/wpfullscreen/
/wpgallery/
/img/
/wplink/
/themes/
/advanced/
/img/
/js/
/skins/
/default/
/img/
/highcontrast/
/o2k7/
/img/
/wp_theme/
/img/
/utils/
/pomo/
/theme-compat/
Root-level WordPress files
/wordpress/
index.php
license.txt
readme.html
wp-activate.php
wp-app.php
wp-blog-header.php
wp-comments-post.php
wp-config-sample.php
wp-cron.php
wp-links-opml.php
wp-load.php
wp-login.php
wp-mail.php
wp-pass.php
wp-register.php
wp-settings.php
wp-signup.php
wp-trackback.php
xmlrpc.php
Files in the /wp-admin/ directory
/wp-admin/
about.php
admin-ajax.php
admin-footer.php
admin-functions.php
admin-header.php
admin-post.php
admin.php
async-upload.php
comment.php
credits.php
/css/
colors-classic.css
colors-classic.dev.css
colors-fresh.css
colors-fresh.dev.css
farbtastic.css
file-list.txt
ie-rtl.css
ie-rtl.dev.css
ie.css
ie.dev.css
install.css
install.dev.css
media-rtl.css
media-rtl.dev.css
media.css
media.dev.css
wp-admin-rtl.css
wp-admin-rtl.dev.css
wp-admin.css
wp-admin.dev.css
custom-background.php
custom-header.php
edit-comments.php
edit-form-advanced.php
edit-form-comment.php
edit-link-form.php
edit-tag-form.php
edit-tags.php
edit.php
export.php
freedoms.php
gears-manifest.php
/images/
align-center.png
align-left.png
align-none.png
align-right.png
archive-link.png
arrows-dark-vs.png
arrows-dark.png
arrows-vs.png
arrows.png
blue-grad.png
bubble_bg-rtl.gif
bubble_bg.gif
button-grad-active.png
button-grad.png
comment-grey-bubble.png
date-button.gif
ed-bg-vs.gif
ed-bg.gif
fade-butt.png
fav-arrow-rtl.gif
fav-arrow.gif
fav-vs.png
fav.png
generic.png
gray-grad.png
gray-star.png
icons32-vs.png
icons32.png
imgedit-icons.png
list.png
loading-publish.gif
loading.gif
logo-ghost.png
logo-login.png
logo.gif
marker.png
mask.png
media-button-image.gif
media-button-music.gif
media-button-other.gif
media-button-video.gif
media-button.png
menu-arrow-frame-rtl.png
menu-arrow-frame.png
menu-arrows.gif
menu-bits-rtl-vs.gif
menu-bits-rtl.gif
menu-bits-vs.gif
menu-bits.gif
menu-dark-rtl-vs.gif
menu-dark-rtl.gif
menu-dark-vs.gif
menu-dark.gif
menu-shadow-rtl.png
menu-shadow.png
menu-vs.png
menu.png
no.png
press-this.png
required.gif
resize-rtl.gif
resize.gif
screen-options-toggle-vs.gif
screen-options-toggle.gif
screenshots
se.png
sort.gif
star.png
toggle-arrow-rtl.gif
toggle-arrow.gif
upload-classic.png
upload-fresh.png
wheel.png
white-grad-active.png
white-grad.png
widgets-arrow-vs.gif
widgets-arrow.gif
wordpress-logo.png
wp-badge.png
wp-logo-vs.png
wp-logo.png
wpspin_dark.gif
wpspin_light.gif
xit.gif
yes.png
import.php
/includes/
admin.php
bookmark.php
class-ftp-pure.php
class-ftp-sockets.php
class-ftp.php
class-pclzip.php
class-wp-comments-list-table.php
class-wp-filesystem-base.php
class-wp-filesystem-direct.php
class-wp-filesystem-ftpext.php
class-wp-filesystem-ftpsockets.php
class-wp-filesystem-ssh2.php
class-wp-importer.php
class-wp-links-list-table.php
class-wp-list-table.php
class-wp-media-list-table.php
class-wp-ms-sites-list-table.php
class-wp-ms-themes-list-table.php
class-wp-ms-users-list-table.php
class-wp-plugin-install-list-table.php
class-wp-plugins-list-table.php
class-wp-posts-list-table.php
class-wp-terms-list-table.php
class-wp-theme-install-list-table.php
class-wp-themes-list-table.php
class-wp-upgrader.php
class-wp-users-list-table.php
comment.php
continents-cities.php
dashboard.php
deprecated.php
export.php
file.php
image-edit.php
image.php
import.php
list-table.php
manifest.php
media.php
menu.php
meta-boxes.php
misc.php
ms-deprecated.php
ms.php
nav-menu.php
plugin-install.php
plugin.php
post.php
schema.php
screen.php
taxonomy.php
template.php
theme-install.php
theme.php
update-core.php
update.php
upgrade.php
user.php
widgets.php
index-extra.php
index.php
install-helper.php
install.php
/js/
cat.dev.js
cat.js
categories.dev.js
categories.js
comment.dev.js
comment.js
common.dev.js
common.js
custom-background.dev.js
custom-background.js
custom-fields.dev.js
custom-fields.js
dashboard.dev.js
dashboard.js
edit-comments.dev.js
edit-comments.js
editor.dev.js
editor.js
farbtastic.js
gallery.dev.js
gallery.js
image-edit.dev.js
image-edit.js
inline-edit-post.dev.js
inline-edit-post.js
inline-edit-tax.dev.js
inline-edit-tax.js
link.dev.js
link.js
media-upload.dev.js
media-upload.js
media.dev.js
media.js
nav-menu.dev.js
nav-menu.js
password-strength-meter.dev.js
password-strength-meter.js
plugin-install.dev.js
plugin-install.js
post.dev.js
post.js
postbox.dev.js
postbox.js
revisions-js.php
set-post-thumbnail.dev.js
set-post-thumbnail.js
tags.dev.js
tags.js
theme-preview.dev.js
theme-preview.js
theme.dev.js
theme.js
user-profile.dev.js
user-profile.js
utils.dev.js
utils.js
widgets.dev.js
widgets.js
word-count.dev.js
word-count.js
wp-fullscreen.dev.js
wp-fullscreen.js
xfn.dev.js
xfn.js
link-add.php
link-manager.php
link-parse-opml.php
link.php
load-scripts.php
load-styles.php
/maint/
repair.php
media-new.php
media-upload.php
media.php
menu-header.php
menu.php
moderation.php
ms-admin.php
ms-delete-site.php
ms-edit.php
ms-options.php
ms-sites.php
ms-themes.php
ms-upgrade-network.php
ms-users.php
my-sites.php
nav-menus.php
/network/
admin.php
edit.php
index-extra.php
index.php
menu.php
plugin-editor.php
plugin-install.php
plugins.php
profile.php
settings.php
setup.php
site-info.php
site-new.php
site-settings.php
site-themes.php
site-users.php
sites.php
theme-editor.php
theme-install.php
themes.php
update-core.php
update.php
upgrade.php
user-edit.php
user-new.php
users.php
network.php
options-discussion.php
options-general.php
options-head.php
options-media.php
options-permalink.php
options-privacy.php
options-reading.php
options-writing.php
options.php
plugin-editor.php
plugin-install.php
plugins.php
post-new.php
post.php
press-this.php
profile.php
revision.php
setup-config.php
theme-editor.php
theme-install.php
themes.php
tools.php
update-core.php
update.php
upgrade-functions.php
upgrade.php
upload.php
/user/
admin.php
index-extra.php
index.php
menu.php
profile.php
user-edit.php
user-edit.php
user-new.php
users.php
widgets.php
Files in the /wp-content/ directory
/wp-content/
index.php
/plugins/
/akismet/
admin.php
akismet.css
akismet.gif
akismet.js
akismet.php
legacy.php
readme.txt
widget.php
hello.php
index.php
/themes/
index.php
/twentyeleven/
404.php
archive.php
author.php
category.php
/colors/
dark.css
comments.php
content-aside.php
content-featured.php
content-gallery.php
content-image.php
content-intro.php
content-link.php
content-page.php
content-quote.php
content-single.php
content-status.php
content.php
editor-style-rtl.css
editor-style.css
footer.php
functions.php
header.php
image.php
/images/
comment-arrow-bypostauthor-dark-rtl.png
comment-arrow-bypostauthor-dark.png
comment-arrow-bypostauthor-rtl.png
comment-arrow-bypostauthor.png
comment-arrow-dark-rtl.png
comment-arrow-dark.png
comment-arrow-rtl.png
comment-arrow.png
comment-bubble-dark-rtl.png
comment-bubble-dark.png
comment-bubble-rtl.png
comment-bubble.png
headers
search.png
wordpress.png
/inc/
/images/
content-sidebar.png
content.png
dark.png
light.png
sidebar-content.png
theme-options.css
theme-options.js
theme-options.php
widgets.php
index.php
/js/
html5.js
showcase.js
/languages/
twentyeleven.pot
license.txt
page.php
readme.txt
rtl.css
screenshot.png
search.php
searchform.php
showcase.php
sidebar-footer.php
sidebar-page.php
sidebar.php
single.php
style.css
tag.php
/twentyten/
404.php
archive.php
attachment.php
author.php
category.php
comments.php
editor-style-rtl.css
editor-style.css
footer.php
functions.php
header.php
/images/
/headers/
berries-thumbnail.jpg
berries.jpg
cherryblossoms-thumbnail.jpg
cherryblossoms.jpg
concave-thumbnail.jpg
concave.jpg
fern-thumbnail.jpg
fern.jpg
forestfloor-thumbnail.jpg
forestfloor.jpg
inkwell-thumbnail.jpg
inkwell.jpg
path-thumbnail.jpg
path.jpg
sunset-thumbnail.jpg
sunset.jpg
wordpress.png
index.php
/languages/
twentyten.pot
license.txt
loop-attachment.php
loop-page.php
loop-single.php
loop.php
onecolumn-page.php
page.php
rtl.css
screenshot.png
search.php
sidebar-footer.php
sidebar.php
single.php
style.css
tag.php
Files in the /wp-includes/ directory
/wp-includes/
/Text/
Diff
Diff.php
admin-bar.php
atomlib.php
author-template.php
bookmark-template.php
bookmark.php
cache.php
canonical.php
capabilities.php
category-template.php
category.php
class-IXR.php
class-feed.php
class-http.php
class-json.php
class-oembed.php
class-phpass.php
class-phpmailer.php
class-pop3.php
class-simplepie.php
class-smtp.php
class-snoopy.php
class-wp-admin-bar.php
class-wp-ajax-response.php
class-wp-editor.php
class-wp-error.php
class-wp-http-ixr-client.php
class-wp-walker.php
class-wp-xmlrpc-server.php
class-wp.php
class.wp-dependencies.php
class.wp-scripts.php
class.wp-styles.php
comment-template.php
comment.php
compat.php
cron.php
/css/
admin-bar-rtl.css
admin-bar-rtl.dev.css
admin-bar.css
admin-bar.dev.css
editor-buttons.css
editor-buttons.dev.css
jquery-ui-dialog.css
jquery-ui-dialog.dev.css
wp-pointer.css
wp-pointer.dev.css
default-constants.php
default-filters.php
default-widgets.php
deprecated.php
feed-atom-comments.php
feed-atom.php
feed-rdf.php
feed-rss.php
feed-rss2-comments.php
feed-rss2.php
feed.php
formatting.php
functions.php
functions.wp-scripts.php
functions.wp-styles.php
general-template.php
http.php
/images/
admin-bar-sprite.png
arrow-pointer-blue.png
blank.gif
/crystal/
archive.png
audio.png
code.png
default.png
document.png
interactive.png
license.txt
spreadsheet.png
text.png
video.png
down_arrow.gif
icon-pointer-flag.png
rss.png
/smilies/
icon_arrow.gif
icon_biggrin.gif
icon_confused.gif
icon_cool.gif
icon_cry.gif
icon_eek.gif
icon_evil.gif
icon_exclaim.gif
icon_idea.gif
icon_lol.gif
icon_mad.gif
icon_mrgreen.gif
icon_neutral.gif
icon_question.gif
icon_razz.gif
icon_redface.gif
icon_rolleyes.gif
icon_sad.gif
icon_smile.gif
icon_surprised.gif
icon_twisted.gif
icon_wink.gif
toggle-arrow.png
upload.png
/wlw/
wp-comments.png
wp-icon.png
wp-watermark.png
wpicons.png
wpmini-blue.png
xit.gif
/js/
admin-bar.dev.js
admin-bar.js
autosave.dev.js
autosave.js
colorpicker.dev.js
colorpicker.js
comment-reply.dev.js
comment-reply.js
/crop/
cropper.css
cropper.js
marqueeHoriz.gif
marqueeVert.gif
hoverIntent.dev.js
hoverIntent.js
/imgareaselect/
border-anim-h.gif
border-anim-v.gif
imgareaselect.css
jquery.imgareaselect.dev.js
jquery.imgareaselect.js
/jcrop/
Jcrop.gif
jquery.Jcrop.css
jquery.Jcrop.dev.js
jquery.Jcrop.js
/jquery/
jquery.color.dev.js
jquery.color.js
jquery.form.dev.js
jquery.form.js
jquery.hotkeys.dev.js
jquery.hotkeys.js
jquery.js
jquery.query.js
jquery.schedule.js
jquery.serialize-object.js
jquery.table-hotkeys.dev.js
jquery.table-hotkeys.js
suggest.dev.js
suggest.js
/ui/
jquery.effects.blind.min.js
jquery.effects.bounce.min.js
jquery.effects.clip.min.js
jquery.effects.core.min.js
jquery.effects.drop.min.js
jquery.effects.explode.min.js
jquery.effects.fade.min.js
jquery.effects.fold.min.js
jquery.effects.highlight.min.js
jquery.effects.pulsate.min.js
jquery.effects.scale.min.js
jquery.effects.shake.min.js
jquery.effects.slide.min.js
jquery.effects.transfer.min.js
jquery.ui.accordion.min.js
jquery.ui.autocomplete.min.js
jquery.ui.button.min.js
jquery.ui.core.min.js
jquery.ui.datepicker.min.js
jquery.ui.dialog.min.js
jquery.ui.draggable.min.js
jquery.ui.droppable.min.js
jquery.ui.mouse.min.js
jquery.ui.position.min.js
jquery.ui.progressbar.min.js
jquery.ui.resizable.min.js
jquery.ui.selectable.min.js
jquery.ui.slider.min.js
jquery.ui.sortable.min.js
jquery.ui.tabs.min.js
jquery.ui.widget.min.js
json2.dev.js
json2.js
/plupload/
changelog.txt
handlers.dev.js
handlers.js
license.txt
plupload.flash.js
plupload.flash.swf
plupload.html4.js
plupload.html5.js
plupload.js
plupload.silverlight.js
plupload.silverlight.xap
prototype.js
quicktags.dev.js
quicktags.js
/scriptaculous/
MIT-LICENSE
builder.js
controls.js
dragdrop.js
effects.js
scriptaculous.js
slider.js
sound.js
unittest.js
wp-scriptaculous.js
swfobject.js
/swfupload/
handlers.dev.js
handlers.js
license.txt
/plugins/
swfupload.cookies.js
swfupload.queue.js
swfupload.speed.js
swfupload.swfobject.js
swfupload-all.js
swfupload.js
swfupload.swf
/thickbox/
loadingAnimation.gif
macFFBgHack.png
tb-close.png
thickbox.css
thickbox.js
/tinymce/
/langs/
wp-langs-en.js
wp-langs.php
license.txt
/plugins/
/directionality/
editor_plugin.js
/fullscreen/
editor_plugin.js
fullscreen.htm
/inlinepopups/
editor_plugin.js
/skins/
/clearlooks2/
/img/
alert.gif
button.gif
buttons.gif
confirm.gif
corners.gif
drag.gif
horizontal.gif
vertical.gif
window.css
template.htm
/media/
/css/
media.css
editor_plugin.js
/js/
embed.js
media.js
media.htm
moxieplayer.swf
/paste/
blank.htm
editor_plugin.js
/js/
pastetext.js
pasteword.js
pastetext.htm
pasteword.htm
/spellchecker/
changelog.txt
/classes/
EnchantSpell.php
GoogleSpell.php
PSpell.php
PSpellShell.php
SpellChecker.php
/utils/
JSON.php
Logger.php
config.php
/css/
content.css
editor_plugin.js
/img/
wline.gif
/includes/
general.php
rpc.php
/tabfocus/
editor_plugin.js
/wordpress/
/css/
content.css
editor_plugin.dev.js
editor_plugin.js
/img/
audio.gif
embedded.png
image.gif
media.gif
more_bug.gif
page.gif
page_bug.gif
trans.gif
video.gif
/wpdialogs/
editor_plugin.dev.js
editor_plugin.js
/js/
popup.dev.js
popup.js
wpdialog.dev.js
wpdialog.js
/wpeditimage/
/css/
editimage-rtl.css
editimage.css
editimage.html
editor_plugin.dev.js
editor_plugin.js
/img/
delete.png
image.png
/js/
editimage.dev.js
editimage.js
/wpfullscreen/
editor_plugin.js
fullscreen.htm
/wpgallery/
editor_plugin.dev.js
editor_plugin.js
/img/
delete.png
edit.png
gallery.png
t.gif
/wplink/
editor_plugin.dev.js
editor_plugin.js
/themes/
/advanced/
about.htm
anchor.htm
charmap.htm
color_picker.htm
editor_template.js
image.htm
/img/
colorpicker.jpg
flash.gif
gotmoxie.png
icons.gif
iframe.gif
pagebreak.gif
quicktime.gif
realmedia.gif
shockwave.gif
trans.gif
video.gif
windowsmedia.gif
/js/
about.js
anchor.js
charmap.js
color_picker.js
image.js
link.js
source_editor.js
link.htm
shortcuts.htm
/skins/
/default/
content.css
dialog.css
/img/
buttons.png
items.gif
menu_arrow.gif
menu_check.gif
progress.gif
tabs.gif
ui.css
/highcontrast/
content.css
dialog.css
ui.css
/o2k7/
content.css
dialog.css
/img/
button_bg.png
button_bg_black.png
button_bg_silver.png
ui.css
ui_black.css
ui_silver.css
/wp_theme/
content.css
dialog.css
/img/
tabs.gif
ui.css
source_editor.htm
tiny_mce.js
tiny_mce_popup.js
/utils/
editable_selects.js
form_utils.js
mctabs.js
validate.js
wp-mce-help.php
wp-tinymce.js.gz
wp-tinymce.php
tw-sack.dev.js
tw-sack.js
wp-ajax-response.dev.js
wp-ajax-response.js
wp-list-revisions.dev.js
wp-list-revisions.js
wp-lists.dev.js
wp-lists.js
wp-pointer.dev.js
wp-pointer.js
wplink.dev.js
wplink.js
kses.php
l10n.php
link-template.php
load.php
locale.php
media.php
meta.php
ms-blogs.php
ms-default-constants.php
ms-default-filters.php
ms-deprecated.php
ms-files.php
ms-functions.php
ms-load.php
ms-settings.php
nav-menu-template.php
nav-menu.php
pluggable-deprecated.php
pluggable.php
plugin.php
/pomo/
entry.php
mo.php
po.php
streams.php
translations.php
post-template.php
post-thumbnail-template.php
post.php
query.php
registration-functions.php
registration.php
rewrite.php
rss-functions.php
rss.php
script-loader.php
shortcodes.php
taxonomy.php
template-loader.php
/theme-compat/
comments-popup.php
comments.php
footer.php
header.php
sidebar.php
theme.php
update.php
user.php
vars.php
version.php
widgets.php
wlwmanifest.xml
wp-db.php
wp-diff.php
25 responses
-
I wonder which of these files are changed by the system and which are never to be changed. On the ones that should never be changed, except via a core upgrade, maybe a checksum so that we can compare the files more rapidly.
This is great info. No sharing buttons :(
-
That’s a good suggestion Jim gave there.
But still. An excellent and bloody usefull post!
-
-
Whoa! Useful. Agreed! No sharing?
-
Tweet for sure! Facebook share for sure IMO – would allow others to specifically share on their own pages, groups, networks etc. highly focused! Facebook like… debatable – it only gets lost in the plethora of the Facebook algos right? Google +1 yeah! no brainer, if it’s authority you want authority you will get. If not, then it wouldn’t harm in the whole scheme of things from an seo point of view anyways.
-
Useful list, thanks Jeff. Please include Google+ when you get around to adding sharing buttons.
-
Isn’t there a plugin that will detect hacked files for easy clean up?
-
I’d love to see a review of Wordfence, it’s a new antivirus/ firewall plugin /service
-
Highly useful and bookmarked.
To add to the IDS discussion, nort.org is a good solution. It needs to be trained a bit to not report everything, but a few times its shown up some bad activity which I have gone on to block.
Login Lockdown is the one plugin, which has saved my bacon a few times.