How WordPress Actually Works Behind the Scenes

Ever wondering how WordPress actually works behind the scenes? Most of the users today thinks that it is simple because all you have to do is type a URL as well as page loads in just a few seconds. However, there are actually lots of work behind the scenes. This guide will show you through infographics how the WordPress team actually works behind the scene.

  1. Load theWp-config.php File

It is the WordPress configuration file. This file sets global variables for WordPresssites, it also contains the WordPress data info. For a very obvious reason, this is the first file that WordPress loads.


  1. Set-up default constants

After the load of wp-config.php file, WordPress will then move to set the default constants. Default constants includes all the information needed such as the default upload location, maximum file sizes as well as other default constant sets.


  1. Load the advanced-cache.php file

Once the advanced-cache.php file already exists on your website, then WordPress will load it next. Advanced-cache-.php file is a file that acts like a drop-in file. It is used by a number of popular WordPress plugins. If your website is suing this type of file, you will then notice a new item on plugins display called Drop-ins.


  1. Load the wp-content/db.php file

WordPress allow developers to make or create their own database attraction layer as well as load them in a db.php file. These files are placed inside the wp-content folder.


  1. Connect the MySQL. Select Database

After WordPress had enough info it needs to proceed further, it will now move or connect to the MySQL server. It will also select the database, however, if WordPress isn’t able to connect to the database, you will see the sign “establishing database connection” the error sign. From this point, WordPress will now quit. If everything worked fine, then WordPress will now move on to the next set of steps.

  1. Load the object-cache.php or the wp-includes/cache.php file


  1. Load the wp-content/sunrise.php file.


  1. Load the Localization library.


  1. Load the Multiple Plugins.


  1. “muplugins_loaded” do action

This action is only available to those network activated plugins on WordPress multisite.


  1. Load the Active Plugins


  1. Load the pluggable.php file

This file contains all the functions WordPress plugins can be redefined. If WordPress cannot see the files inside that are already defined by another plugin, then it will define those functions itself.

  1. “plugins_loaded” do action


  1. Load the rewrite rules

  1. $wp_query, $wp_rewrite, $wp

WordPress will now load the 3 following objects:

$wp_query – it holds the WP_Query class and tells WordPress the contents requester in a usual WP query format.

$wp_rewrite – another global instance which holds the WP_Rewrite class. This file contains the rewrite rules and functions.

$wp – it contains the function which will parse the request and performs the main query.


  1. “set_up theme”

This action typically runs before the WordPres theme is actually loaded.


  1. Load the child theme’s functions.php file


  1. Load the parent theme’s functions.php file


  1. “after_setup_theme”

After WordPress has already set-up the theme and all the theme functions, it will now action the “after_setup_theme”.


  1. Set-up the Current User Object


  1. “init” action

“init” action allows the developer to add codes they needed to execute after WordPress has already loaded all information needed.

  1. “widget_init” do action
  2. Run the wp()

It is located in the wp-includes/functions.php file

  1. Request parse
  2. Run Query
  3. Do the action “template_redirect”

  1. Load the Feed Template.
  2. Then Load Template
  3. “Shutdown” action

The last action is called the shutdown. At this point, the WordPress will now stop working since it already ran the code and the generated user’s requested webpage.

That’s it. That is how WordPress actually works behind the scene. And what is more amazing is that all of these things actually happen within milliseconds.

We hope that this article will help you a lot in learning how WordPress works behind the scenes. If you have comments, suggestions or ideas, please write in the comment box below.










Microsoft ending support for original version of Windows 10: Pros and Cons that you may face

The Microsoft Windows users are well aware of the process of ending support for the various versions of Windows operating system. This has seen a long way and starting from the earlier versions like Windows 98, XP, Vista and more versions like Windows 10 are launched by Microsoft. As the title suggests this article is focused on the process of withdrawal of the support by Microsoft for the Original version of Windows 10.

The windows users have the knowledge that the software bundles or the technology provided by Microsoft are backed up by the after sales service and support via its service centers. These are offering the service and support for the customers facing any sort of difficulty in running the software. The original version of Windows 10 which was the first issue of the operating system was launched in the July 2015. Now Microsoft has decided to put all the support and services related to the original version of Windows 10 to an end.

This means the users using the original version of Windows 10 will not be able to receive any support on the technical issues from the Microsoft Service centers. In this article, we are going to bring the pros and the cons of this to light. This will help the users to understand the various after effects of this step. The users who have used the Windows 10 right from the launch of the original version can easily point out at the changes brought into the operating system since its launch. These changes were incorporated by the three updates which were instrumental in bringing about these changes.

These three updates were the November Update; the Anniversary Update and the Creators update. These three updates were responsible in the addition of the features in the operating system and the changes that were inevitable for operational sustainability.

The major reason behind ending the support to the original version of Windows 10 is to cut on the issues developing while supporting the multiple versions at a time. So the decision about ending the support on the original version has been stamped for implantation on this gone 09th of the May, Month in 2017. The original release known as the 1507 will not be entitled to any support from the said date. This is going to affect the businesses in many ways as those who have not updated can use the Windows 10 but they will not be able to receive the updates. Those willing to receive the updates have to go for the newer versions of Windows.

The users using the windows without any further updates will not have any drastic impact on their running instead they will not be getting the updates. But as the Microsoft policy says they will run the most updated version of the Windows 10 the users may go to the official page of the Microsoft to get the most updated version by clicking on the button “Update Now”.

How to safeguard your WordPress Site from the Cookies thief?

The above topic may sound cacophonous to the web admin that are largely depending on the WordPress for building their sites. This is not for the first time that webmasters have to come across the issues related to the security of the WordPress CMS. This has not only become all time preferred CMS just because of the numbers but it has also provided the relevant solutions to the user’s issues.

The diligent efforts in maintaining the security and the integrity of the CMS is undoubted and has made it stand ahead of the others. Irrespective of this the mischievous activities of the hacker’s community is never ending. The latest news as about the fake WordPress API that is quite similar in name with the original one has been launched to steal the information of the websites.

Nowadays the latest trap developed by the attackers is not all about hacking the site but they are focusing on stealing the information from the site. This is done by floating the fake WordPress site that is built to befool the webmasters and admin to give it control to browse the sessions and stealing the information.

This site related news was first revealed by the consulting firm Security in its report. This site is launched in the name of the WordPrssAPI that is quite enough to befool the users for using this fake API as it is of the WordPress CMS. Thus the mere typo sort of error made by the users in choosing the WordPrssAPI can lead you in troubles. This entire episode was about stealing information from the active cookies of the site.

This was based on the idea of using impersonate usage of the site by befooling the admin and the webmasters. Further, in the report, the Consulting firm clarified that there were no potential damages made to the sites running on the WordPress CMS. It also states that the fake site intending to steal the cookies is now offline. But this has created a new havoc for the WordPress Users that now shall keep a watch on such sites with malicious intentions.

The Original WordPress sites are having a pattern of login session expiry that safeguards the users from various issues as every time they have to log in using the password. This fraudulent API was stealing the information and sending it to the fake site so the login session expiry constraint was released.

How this Typo-squatting works?

This is known as the typo-squatting concept for befouling the users to long on the fake sites. Such sites are built in a dense coding pattern where it is difficult to notice the malicious code. This is usually injected in the JavaScript that allows the malware to run on the site without getting detected easily.

Further adding to it the hackers have developed the site in such a manner that all the information that was sent to the fake domains was kept hidden from the search engine crawlers. Thus it is inevitable for the webmasters to take care in using the legitimate sites only for any sort of code audit and other such processes.

The increasing number of the CMS based sites and has given the attackers the opportunity to focus on these sites as they are a simple target. The modular components make it easy to inject the malicious codes in the CMS based sites. These attacks are more prone to affect the sites running on the CMS like WordPress, Joomla and Magento, therefore, the webmasters need to be more focused and attentive for the same.

The beginner’s guide to avoiding cyber attacks

Online scams and frauds are one of the biggest threats to global cyber security, and small businesses are more often than not the primary victims of that. The logic is simple: small businesses often lack both the secure protocols and the business expertise to avoid such attacks. This is why the Federal Trade Commission has launched,a website that will help small business be aware of avoiding scams and protecting their business from cyber-attacks.

The Acting Chairman, Maureen Ohlhausen, commented that the US Government realize how important small businesses are for the economic growth of the nation, hence the website aims to serve as the ultimate destination to make small business owners aware of the risks and procedures of cyber security.

As a small context, it will be well worth to know that there are about 28 million small businesses across the United States, which employs a total of 57 million people if we believe the reports of US Small Business Administration. Since the numbers are so huge, it becomes easier for hackers to choose from and more difficult for the government to protect everyone. Small businesses, like we mentioned, are particularly vulnerable to cyber-attacks since they do not have the resources of big corporations to set up secure protocols. More often than not, it only takes a few minutes for a professional hacker to get into a typical small firm’s system. Most of the times, the attack is fairly textbook: fool them into downloading a file that is a malware, trick them into donating money to fake charities, making them pay for orders by making fake receipts or something to that effect. Sometimes, hackers go for a more sophisticated technique, like finding a breach in the company’s network and accessing vital information. Overall, the conclusion remains the same: if you don’t know the basics of cyber security, it is fairly simple for any teenager who knows his stuff to steal your money.

As it happens, most small businesses in the US don’t know the basics of cyber security, which compelled the FTC to launch the website. The website provides beginner’s guide about cyber security and the basic protocols you should employ in your company in order to prevent attacks and scams. It also aims to educate the employees about the threat, by informing them how to maintain the privacy of files, how to secure their network from external unauthorized access and how to react in case of an actual attack. The web page also gives information about the standard attacks like phishing and the newer threats like ransomware. The good thing is that FTC is aiming to make it a continuing initiative instead of a one-shot, and hence is working with SBA to keep updating the website with newer guidelines and threats.

If you are a small business owner, you should take this very seriously. The Federal Trade Commission is doing all it can to help you, but it requires efforts from your side too. In case you have further queries, you could always contact them on their helpline number, or contact them on Facebook or Twitter.

How to Move a WordPress from HTTP to HTTP/SSL

Are you looking for ways on how to move a WordPress from HTTP to HTTP/SSL but have no idea how to start? Do not worry, we’ve got you all covered.

You may have heard of the news that Google announced that they have already started using HTTP as a ranking signal. This would mean that for starters, these changes only affect less than 1 percent of global search queries. However, these changes shall definitely infers an implication on your site whether or not you are using an HTTP or HTTPS protocol.

First let’s take a look at the meaning of HTTPS and SSL. Later on, we are going to differentiate the two. Afterwards, we are going to teach how to install and activate SSL certificate and finally, moving your WordPress site from HTTP to HTTPS.

What are SSL and HTTPS?

Image courtesy:


Secure Sockets Layer or commonly termed as SSL is the standard security technology used in establishing links between a browser and a web server. It ensures that all the data passed between the browser and the web server remains private and essential to prevent tampering and eavesdropping. HTTPS on the other hand, is a combination of HTTP with SSL/TLS. Basically, HTTPS is an HTTP connection which delivers the data secured by suing an SSL/TLS.

How to Activate an SSL certificate?

Once you have purchased an SSL certificate, the next thing you have to do is to activate it. To do this, you will first need to acquire a CSR code which is generated on your server through your hosting service provider.

Important notice:

Once you install a certificate, the interface will then indicate whether your certificate is self-signed. Self-signed certificates, on the other hand, are easy targets for hackers and attackers and it may generate security warnings on your user’s web browsers. The tip is to only install a self-signed certificate temporarily. After that, replace the certificate with a valid certificate coming from a valid CA or certificate authority.

Usually, your hosting provider offers a much simpler UI in order to activate SSL certificate. That is, you just have to paste in the private key and certificate itself, and then the CA-bundle.

Installing an SSL certificate:

Browse Certificates

  1. Click on Browse Certificates and then the SSL certificate window will appear.
  2. Select the account from the Browse Account menu.
  3. Select the desired certificate
  4. Click Use Certificate. The system will then automatically populate the text boxes.
  5. A Certificate Authority Bundle text box will appear if you select a purchased SSL certificate. This is optional.
  6. If the system does not automatically populate this text box, contact your hosting provider or the organization from which you have purchased the certificate.
  7. Click Install.

Certificate’s Domain

  1. Enter your domain name.The AutoFill by Domain button will appear.
  2. Type in your certificate’s information in the text box. Or you may simply click Autofill by Domain in order to automatically populate the certificate information text boxes.
  3. Click Install.

How to Move WordPress Site from HTTP to HTTPS

For version 1.7 and above, the urls are converted to the right protocol if they have a difference between migration targets. Hence, no extra steps is required by the user.

Image courtesy:

For versions 1.6.1 and below, there are several steps you need to know to correctly convert protocols in between migration targets.

Image courtesy:

By following these tips, you should now be able to move your WordPress website from HTTP to HTTPS. It might look cumbersome at first, but it’s really simple once you tried it. It can be done in no time. Goodluck!