How to Edit Your WordPress Website (Without Hacking Core Files)

If you have been using WordPress for a while, or even if you are brand new to WordPress, somewhere along the way you are going to want to make some code changes on your site.

It could be for anything from adding basic functionality to your site that doesn’t warrant a full-blown plugin, or you might want to create a child theme. That’s just two examples of a myriad number.

But stop right there cowboy! There are some important dos and don’ts related to code editing in WordPress, as well as some areas that you need to steer clear of completely. We’re going to cover all that in this article.

Public Service Announcement: Don’t Ever Hack the WordPress Core!

Spend enough time around WordPress people and you will eventually hear this immortal phrase: “Don’t hack core.” What that means is that you shouldn’t touch the core files – the stuff that makes WordPress work.

Why not you ask? Well, there are a lot of reasons, but let’s go with a couple of the more serious ones here:

  1. Your site is no longer future-proof. If you make changes to the core of WordPress, you lose the ability to do updates and maintain your changes. Simply put, when an upgrade is released and you hit the button to make it go (because you’re a good person who does their updates regularly), your customizations will get overwritten with the upgrade. In order to keep your customizations, you’ll need to read them every time you do an upgrade, and that doesn’t sound like a good use of time to me.
  2. There’s a plugin for that.  When you hack WordPress core, you are essentially doing what plugins are meant to do: change, add to, or bend the way WordPress works. Plugins are a much more acceptable way of achieving what you want to do than hacking core.

So now that you have good reasons not to hack the core, lets find out what you can change safely.

WordPress’ File Structure

Here’s a screenshot that shows the file structure of a typical WordPress installation.

How to edit WordPress core files

You’ll see that there are three top-level folders and a bunch of files.

The folders labeled wp-admin and wp-include are off-limits; there’s nothing there you should be touching! The wp-content folder contains your themes, plugins and any images or documents you have uploaded. You can do some customization of your theme via the functions.php file.

As for the top-level files, the only one you should ever need to touch is wp-config.php. We dive into some examples of how to edit both files later on, but let’s get some of the best practices in place before we do.

Best Practices for Editing WordPress Files

WordPress comes with a theme and plugin editor as part of the core functionality. You can find it in your install by going to Appearance > Editor from your sidebar.

Go have a look at it if you’d like, then forget about it completely, because you shouldn’t use the WordPress editor for anything. Period. In fact, I would love to see this feature removed entirely from WordPress for a couple of reasons:

  1. The editor is not really a fully functioning code editor, and it is easy to make mistakes that result in the dreaded “white screen of death.”.
  2. Once you have pressed the save button, there is no undo. No do-overs. Most good code editors will let you roll back the changes you’ve made in the event that they don’t work out as planned.

So, what’s the alternative? Well, if you’re going to use a code editor, you need to get familiar with FTP.

FTP stands for File Transfer Protocol – a fancy way of saying that you are moving files from your computer to the web server where your WordPress website resides. You’ll need to connect to your site via an FTP client, download a copy of the file you want to change, make the changes and then upload the file back to the server, overwriting the file that’s on the server.

Some code editors – Coda for example (very sexy indeed) – allow you to edit the files right on the server. Some even let you preview your changes (just for HTML and CSS normally). If your code editor does that, it’s a good idea to create and save a copy of the original file with a new name (something like filename_old.php is always a good idea). That way, if you make a mistake you can’t back out of, you can simply delete the new file, change the filename back on the copy you created and be fine.

Time to Edit Some WordPress Files

Alright, let’s get down to business.

We are going to do some sample edits on two files – wp-config.php and functions.php – which are two non-theme files that you’ll most commonly edit. (There is another whole article we could write here on editing theme files, but we’ll save that one for another day.)

Editing the wp-config.php File

The wp-config.php file is one of the most important files in your WordPress installation. It actually doesn’t come with the default installation of WordPress; you install a file named wp-config-sample.php. You create wp-config.php when you go through the installation program (entering your database info primarily), or you can also rename the wp-config-sample file to wp-config and add the database info manually.

You’ll find both files in the root of the web directory. If you went through the install program (screen shot below) and entered the database info there, you have already created your wp-config.php. So, let’s open it up in your favorite code editor and make a couple of edits.

How to edit WordPress core files

Example Coding Magic: Turn Off Automatic Updates

Auto updates have been a part of WordPress since version 3.7. Not everyone likes this feature; many would like to turn it off. All you need to do is add this line of code to your wp-config.php file.

/* Disable WordPress automatic updates */
define( 'WP_AUTO_UPDATE_CORE', false );

When I make any changes to wp-config that require me to add new code to the file, I always make sure I am putting it in a place where I can easily find it if I need to. If you look at line 85 of the wp-config.php file (see why a proper code editor is useful yet?), you’ll find this line:

 /* That's all, stop editing! Happy blogging. */

I put all my changes right above this line. That way I can easily find all the changes that I’ve made in a consistent place with every site I work on. Make sure you save the file after you add the code and you’re good to go.

Editing the functions.php file

The functions.php file allows you to change the default behaviors of WordPress. The file acts like a plugin, allowing you to add features and functionality to your WordPress site.

You’ll typically find the file included in your theme folder located at If you don’t have one, you can easily create it; just make sure you are putting it in the theme you are intending to make the changes to.

If you’re starting with a newly created file, you’ll need to open the php script using <?php. Unlike a traditional PHP file, you don’t need to close the script (in fact, you’ll have fewer problems if you leave it unclosed).

Below you’ll find a couple of examples of things you can add to your functions.php file and the corresponding code to put into your theme. Keep in mind that any major changes are best handled by using a child theme.

Example Coding Magic: Add Thumbnail Support

If your theme doesn’t support thumbnails, you can add the following code to your functions.php file:

add_theme_support( 'post-thumbnails');

To make it work in your theme, simply add this line of code to your loop where you want the thumbnails to appear:

<?php the_post_thumbnail(); ?>

Example Coding Magic: Create a Custom Excerpt Length

WordPress defaults to a 55 word excerpt length, but adding this piece of code to your functions.php file will allow you to set the excerpt length to something more to your liking.

//custom excerpt length function custom_excerpt_length($length) {    return 20; } add_filter('excerpt_length', 'custom_excerpt_length');

Simply change the ‘20’ to whatever number you’d like the excerpt length to be.

Wrapping Up

By now you should know everything you need to know about editing WordPress core files. Now is the time to put your newly-gained wisdom into practice.

Good luck, and be sure to let us know what shenanigans you get up to in the comments section below!

Tom Ewer

Tom Ewer is the founder of He has been a huge fan of WordPress since he first laid eyes on it, and has been writing educational and informative content for WordPress users since 2011. When he's not working, you're likely to find him outdoors somewhere – as far away from a screen as possible!


  1. Anthony Iacono

    My team and I have been working on a plugin called WordPatch which allows you to edit core files, theme files, and plugin files without the guilt! We wanted to be able to modify stuff without losing the ability to auto-update. WordPatch works on any hosting environment and it allows you to upload patches to be applied to directories that you specify within the admin panel. It even has it’s own admin panel separate from WP-Admin if there is an issue that causes your site to stop loading due to your modifications. I would love to show you how it works so you can give it a shot.

  2. Steve Wood

    Hello Tom,

    You seem like the man that knows so here goes…

    I have successfully been using the Cascade template for my work site. I notice last month that my site had been hacked. A client notified me when she did a Google search on me.

    The site looks normal however I did find some anomalies with the word “Cialis” sprinkled throughout. I made those changes but then did a “Fetch with Google” and was able to see some embed text on one of the four links they isolated. My question is…. how can I find that code and delete it?

    Any help would be appreciated and I can provide screenshots from my iMac that I can share with you if requested.

    Steve Wood
    Phoenix, AZ USA

    1. Tyler

      Steve, it’s likely you are past this already but you probably have reinstalled or upgraded the core WP code.

      You could have searched for the word ‘Cialis’ throughout and remove the it and/or function calling it. But without knowing what was being called, because I assume you aren’t code literate, you could have done more damage.

      I’m sure you can find text editors/command line editors that can help you search. This probably could have been done via which ever FTP client you were using.

  3. TJ

    Hi Tom,

    I am glad such an article exists.
    This is solid advice.

    I’ve started working for a company that had it’s website built in 2011 on the WP version 3.3.

    WP has not been update since (only small content updates have been made regularly).

    I would like to update the theme & WordPress version, but I am afraid that possibly the original
    developer made some changes to the core.

    How can I check if the coding has been done merely to the appearance of the website and not the core?

    Thanks in advance,


  4. Peter

    I attempted to upgrade WordPress to 4.3 and got this error message: PHP Fatal error: Call to undefined function wp_resolve_numeric_slug_conflicts() in G:\PleskVhosts\\httpdocs\2014\wp-includes\class-wp.php on line 313. To correct this I will have to modify wp-includes which you say not to do. What should I do?

  5. Miraz Mac

    I tried some modifications on WordPress core files. But it occurs errors every time! I prefer plugins instead of editing core files.

  6. Mickey Kay

    I thought the entire content of this post was going to be: “Don’t.”

    1. matt

      Yeah a better title may have been ‘how to make changes to your wp site *without* hacking core’

      1. Tom Ewer


        Fair point guys – change made!

Leave a Reply

Your email address will not be published. Required fields are marked *

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!