Most of the time you shouldn’t edit your WordPress core files but it is ok to do so when,
- the site has been hacked and the hack is in a core file,
- when there has been an emergency fix that was difficult to do in the best practice methods to over write core functionality and
- when you are editing wp-config.php.
Table of Contents:
When can you edit core WordPress files?
Most of the time you don’t need or want to edit core WordPress files when you are looking at it from a best practice point of view. usually there is a better and ‘proper WordPress’ way to do things. But there are some circumstances where in the 9 years I’ve been using WordPress I have edited core files.
First of let’s define what core files are. Core Files in WordPress are the files which make up WordPress software itself. In some cases people also consider plugins and themes to be core and while I don’t think they are they still should be treated in a similar fashion when it comes to editing them or not. Most of the time you shouldn’t edit your plugin or theme code directly either as there are ‘WordPress methods’ to do this which avoid your changes being overwritten.
You’ve been hacked!
When you have ben hacked the hacker or bot can put nefarious code inside of your sites files. They can be anywhere and are often in core files. As such you should scan these files and revert them to their original form. Doing this manually is difficult so I use a security plugin to do this named WordFence. This plugin monitors what the original file looked like and compares it to the current one noting any changes. This will reveal the hacker code and you know will know which files to ‘revert’. WordFence also allows you to revert the file with one click also.
In an emergency
If some emergency comes up and you don’t have time to do the best practice methods described below them you can change a core file as it will be a temporary fix. When I say emergency I mean you will lose the customer a lot of business if the site is not fixed in the next X minutes and you will be fired kind of emergency. Even if it’s not your fault that the problem happened then you may still be the knight who saves the day. I have never come across a scenario like this in my 9 years as a developer buy in this case I would do it. Later you can go back and overwrite the offending code properly once the problem has been quickly fixed.
when editing wp-config.php
wp-config.php is technically part of WordPress Core files which sometime people edit to turn on and off particular functionality. This file also contains your database credentials and is not overwritten by WordPress updates so you can safely edit this file without much problem.
More specifically I like to put conditional statements in here which let me turn on error reporting via a URL parameter because it is more convenient than manually editing this file every time I have to see errors on the front end.
When shouldn’t you edit core WordPress Files
To change plugin functionality
If there is some functionality which you want to change about a plugin or indeed the WordPress Core functionality then you should either use hooks and filters or the template over ride design pattern of WordPress and other PHP based website softwares.
Hooks and filters in WordPress allow you to ‘interject’ the normal PHP functions which run WordPress and ‘insert’ code at a particular point in PHPs runtime in order to do what you want to do. These hooks and filters are pre-made (by WP Core and plugin developers) functions which you can use to alter core code.
If the Core Team or the plugin developer has not provided a hook or filter then I have in some cases copied this plugin in order to make a different version of it, made my changes directly to the plugin and then told the site admins that they are not allowed to update this plugin. I have also, with CSS, hidden this plugin from the plugin list so there are no mistakes.
To change theme functionality
The same principle applies to a theme. You should not as best practice alter a theme directly because when it is updated your changes will be overwritten. Themes have something called a child theme design pattern which allows you to add changes to the overall aesthetic of the site while avoiding having to edit the theme files directly.