Cuando limpiamos un sitio web hackeado y probamos trucos con .htaccess para listas los ficheros de nuestro sitio en web, podemos obtener una lista del directorio y nombres de ficheros que tenemos. Especialmente cuando trabajamos remotamente, tener una lista completa de ficheros de WordPress puede ser útil para el proceso de recuperación después del ataque.
En la página Codex tenemos una lista de ficheros importantes, pero solo para la versión 2.x de WordPress. Hemos tenido muchos cambios en las nuevas versiones.
Hemos extraido el fichero comprimido zip por defecto de WordPress versión 3.3.2, y generado una lista completa de ficheros y todos los directorios en orden alfabético. Este es el roadmap (gracias DigWP):
- Estructura de directorio (sin ficheros)
- Ficheros WordPress en el nivel root
- ficheros en directorio
/wp-admin/
- ficheros en el directorio
/wp-content/
- ficheros en el directorio
/wp-includes/
Estructura de directorio (sin ficheros)
/wordpress/ /wp-admin/ /css/ /images/ /includes/ /js/ /maint/ /network/ /user/ /wp-content/ /plugins/ /akismet/ /themes/ /twentyeleven/ /colors/ /images/ /inc/ /images/ /js/ /languages/ /twentyten/ /images/ /headers/ /languages/ /wp-includes/ /Text/ /css/ /images/ /crystal/ /smilies/ /wlw/ /js/ /crop/ /imgareaselect/ /jcrop/ /jquery/ /ui/ /plupload/ /scriptaculous/ /swfupload/ /plugins/ /thickbox/ /tinymce/ /langs/ /plugins/ /directionality/ /fullscreen/ /inlinepopups/ /skins/ /clearlooks2/ /img/ /media/ /css/ /js/ /paste/ /js/ /spellchecker/ /classes/ /utils/ /css/ /img/ /includes/ /tabfocus/ /wordpress/ /css/ /img/ /wpdialogs/ /js/ /wpeditimage/ /css/ /img/ /js/ /wpfullscreen/ /wpgallery/ /img/ /wplink/ /themes/ /advanced/ /img/ /js/ /skins/ /default/ /img/ /highcontrast/ /o2k7/ /img/ /wp_theme/ /img/ /utils/ /pomo/ /theme-compat/
Ficheros WordPress en el nivel root
/wordpress/ index.php license.txt readme.html wp-activate.php wp-app.php wp-blog-header.php wp-comments-post.php wp-config-sample.php wp-cron.php wp-links-opml.php wp-load.php wp-login.php wp-mail.php wp-pass.php wp-register.php wp-settings.php wp-signup.php wp-trackback.php xmlrpc.php
ficheros en directorio /wp-admin/
/wp-admin/ about.php admin-ajax.php admin-footer.php admin-functions.php admin-header.php admin-post.php admin.php async-upload.php comment.php credits.php /css/ colors-classic.css colors-classic.dev.css colors-fresh.css colors-fresh.dev.css farbtastic.css file-list.txt ie-rtl.css ie-rtl.dev.css ie.css ie.dev.css install.css install.dev.css media-rtl.css media-rtl.dev.css media.css media.dev.css wp-admin-rtl.css wp-admin-rtl.dev.css wp-admin.css wp-admin.dev.css custom-background.php custom-header.php edit-comments.php edit-form-advanced.php edit-form-comment.php edit-link-form.php edit-tag-form.php edit-tags.php edit.php export.php freedoms.php gears-manifest.php /images/ align-center.png align-left.png align-none.png align-right.png archive-link.png arrows-dark-vs.png arrows-dark.png arrows-vs.png arrows.png blue-grad.png bubble_bg-rtl.gif bubble_bg.gif button-grad-active.png button-grad.png comment-grey-bubble.png date-button.gif ed-bg-vs.gif ed-bg.gif fade-butt.png fav-arrow-rtl.gif fav-arrow.gif fav-vs.png fav.png generic.png gray-grad.png gray-star.png icons32-vs.png icons32.png imgedit-icons.png list.png loading-publish.gif loading.gif logo-ghost.png logo-login.png logo.gif marker.png mask.png media-button-image.gif media-button-music.gif media-button-other.gif media-button-video.gif media-button.png menu-arrow-frame-rtl.png menu-arrow-frame.png menu-arrows.gif menu-bits-rtl-vs.gif menu-bits-rtl.gif menu-bits-vs.gif menu-bits.gif menu-dark-rtl-vs.gif menu-dark-rtl.gif menu-dark-vs.gif menu-dark.gif menu-shadow-rtl.png menu-shadow.png menu-vs.png menu.png no.png press-this.png required.gif resize-rtl.gif resize.gif screen-options-toggle-vs.gif screen-options-toggle.gif screenshots se.png sort.gif star.png toggle-arrow-rtl.gif toggle-arrow.gif upload-classic.png upload-fresh.png wheel.png white-grad-active.png white-grad.png widgets-arrow-vs.gif widgets-arrow.gif wordpress-logo.png wp-badge.png wp-logo-vs.png wp-logo.png wpspin_dark.gif wpspin_light.gif xit.gif yes.png import.php /includes/ admin.php bookmark.php class-ftp-pure.php class-ftp-sockets.php class-ftp.php class-pclzip.php class-wp-comments-list-table.php class-wp-filesystem-base.php class-wp-filesystem-direct.php class-wp-filesystem-ftpext.php class-wp-filesystem-ftpsockets.php class-wp-filesystem-ssh2.php class-wp-importer.php class-wp-links-list-table.php class-wp-list-table.php class-wp-media-list-table.php class-wp-ms-sites-list-table.php class-wp-ms-themes-list-table.php class-wp-ms-users-list-table.php class-wp-plugin-install-list-table.php class-wp-plugins-list-table.php class-wp-posts-list-table.php class-wp-terms-list-table.php class-wp-theme-install-list-table.php class-wp-themes-list-table.php class-wp-upgrader.php class-wp-users-list-table.php comment.php continents-cities.php dashboard.php deprecated.php export.php file.php image-edit.php image.php import.php list-table.php manifest.php media.php menu.php meta-boxes.php misc.php ms-deprecated.php ms.php nav-menu.php plugin-install.php plugin.php post.php schema.php screen.php taxonomy.php template.php theme-install.php theme.php update-core.php update.php upgrade.php user.php widgets.php index-extra.php index.php install-helper.php install.php /js/ cat.dev.js cat.js categories.dev.js categories.js comment.dev.js comment.js common.dev.js common.js custom-background.dev.js custom-background.js custom-fields.dev.js custom-fields.js dashboard.dev.js dashboard.js edit-comments.dev.js edit-comments.js editor.dev.js editor.js farbtastic.js gallery.dev.js gallery.js image-edit.dev.js image-edit.js inline-edit-post.dev.js inline-edit-post.js inline-edit-tax.dev.js inline-edit-tax.js link.dev.js link.js media-upload.dev.js media-upload.js media.dev.js media.js nav-menu.dev.js nav-menu.js password-strength-meter.dev.js password-strength-meter.js plugin-install.dev.js plugin-install.js post.dev.js post.js postbox.dev.js postbox.js revisions-js.php set-post-thumbnail.dev.js set-post-thumbnail.js tags.dev.js tags.js theme-preview.dev.js theme-preview.js theme.dev.js theme.js user-profile.dev.js user-profile.js utils.dev.js utils.js widgets.dev.js widgets.js word-count.dev.js word-count.js wp-fullscreen.dev.js wp-fullscreen.js xfn.dev.js xfn.js link-add.php link-manager.php link-parse-opml.php link.php load-scripts.php load-styles.php /maint/ repair.php media-new.php media-upload.php media.php menu-header.php menu.php moderation.php ms-admin.php ms-delete-site.php ms-edit.php ms-options.php ms-sites.php ms-themes.php ms-upgrade-network.php ms-users.php my-sites.php nav-menus.php /network/ admin.php edit.php index-extra.php index.php menu.php plugin-editor.php plugin-install.php plugins.php profile.php settings.php setup.php site-info.php site-new.php site-settings.php site-themes.php site-users.php sites.php theme-editor.php theme-install.php themes.php update-core.php update.php upgrade.php user-edit.php user-new.php users.php network.php options-discussion.php options-general.php options-head.php options-media.php options-permalink.php options-privacy.php options-reading.php options-writing.php options.php plugin-editor.php plugin-install.php plugins.php post-new.php post.php press-this.php profile.php revision.php setup-config.php theme-editor.php theme-install.php themes.php tools.php update-core.php update.php upgrade-functions.php upgrade.php upload.php /user/ admin.php index-extra.php index.php menu.php profile.php user-edit.php user-edit.php user-new.php users.php widgets.php
ficheros en el directorio /wp-content/
/wp-content/ index.php /plugins/ /akismet/ admin.php akismet.css akismet.gif akismet.js akismet.php legacy.php readme.txt widget.php hello.php index.php /themes/ index.php /twentyeleven/ 404.php archive.php author.php category.php /colors/ dark.css comments.php content-aside.php content-featured.php content-gallery.php content-image.php content-intro.php content-link.php content-page.php content-quote.php content-single.php content-status.php content.php editor-style-rtl.css editor-style.css footer.php functions.php header.php image.php /images/ comment-arrow-bypostauthor-dark-rtl.png comment-arrow-bypostauthor-dark.png comment-arrow-bypostauthor-rtl.png comment-arrow-bypostauthor.png comment-arrow-dark-rtl.png comment-arrow-dark.png comment-arrow-rtl.png comment-arrow.png comment-bubble-dark-rtl.png comment-bubble-dark.png comment-bubble-rtl.png comment-bubble.png headers search.png wordpress.png /inc/ /images/ content-sidebar.png content.png dark.png light.png sidebar-content.png theme-options.css theme-options.js theme-options.php widgets.php index.php /js/ html5.js showcase.js /languages/ twentyeleven.pot license.txt page.php readme.txt rtl.css screenshot.png search.php searchform.php showcase.php sidebar-footer.php sidebar-page.php sidebar.php single.php style.css tag.php /twentyten/ 404.php archive.php attachment.php author.php category.php comments.php editor-style-rtl.css editor-style.css footer.php functions.php header.php /images/ /headers/ berries-thumbnail.jpg berries.jpg cherryblossoms-thumbnail.jpg cherryblossoms.jpg concave-thumbnail.jpg concave.jpg fern-thumbnail.jpg fern.jpg forestfloor-thumbnail.jpg forestfloor.jpg inkwell-thumbnail.jpg inkwell.jpg path-thumbnail.jpg path.jpg sunset-thumbnail.jpg sunset.jpg wordpress.png index.php /languages/ twentyten.pot license.txt loop-attachment.php loop-page.php loop-single.php loop.php onecolumn-page.php page.php rtl.css screenshot.png search.php sidebar-footer.php sidebar.php single.php style.css tag.php
ficheros en el directorio /wp-includes/
/wp-includes/ /Text/ Diff Diff.php admin-bar.php atomlib.php author-template.php bookmark-template.php bookmark.php cache.php canonical.php capabilities.php category-template.php category.php class-IXR.php class-feed.php class-http.php class-json.php class-oembed.php class-phpass.php class-phpmailer.php class-pop3.php class-simplepie.php class-smtp.php class-snoopy.php class-wp-admin-bar.php class-wp-ajax-response.php class-wp-editor.php class-wp-error.php class-wp-http-ixr-client.php class-wp-walker.php class-wp-xmlrpc-server.php class-wp.php class.wp-dependencies.php class.wp-scripts.php class.wp-styles.php comment-template.php comment.php compat.php cron.php /css/ admin-bar-rtl.css admin-bar-rtl.dev.css admin-bar.css admin-bar.dev.css editor-buttons.css editor-buttons.dev.css jquery-ui-dialog.css jquery-ui-dialog.dev.css wp-pointer.css wp-pointer.dev.css default-constants.php default-filters.php default-widgets.php deprecated.php feed-atom-comments.php feed-atom.php feed-rdf.php feed-rss.php feed-rss2-comments.php feed-rss2.php feed.php formatting.php functions.php functions.wp-scripts.php functions.wp-styles.php general-template.php http.php /images/ admin-bar-sprite.png arrow-pointer-blue.png blank.gif /crystal/ archive.png audio.png code.png default.png document.png interactive.png license.txt spreadsheet.png text.png video.png down_arrow.gif icon-pointer-flag.png rss.png /smilies/ icon_arrow.gif icon_biggrin.gif icon_confused.gif icon_cool.gif icon_cry.gif icon_eek.gif icon_evil.gif icon_exclaim.gif icon_idea.gif icon_lol.gif icon_mad.gif icon_mrgreen.gif icon_neutral.gif icon_question.gif icon_razz.gif icon_redface.gif icon_rolleyes.gif icon_sad.gif icon_smile.gif icon_surprised.gif icon_twisted.gif icon_wink.gif toggle-arrow.png upload.png /wlw/ wp-comments.png wp-icon.png wp-watermark.png wpicons.png wpmini-blue.png xit.gif /js/ admin-bar.dev.js admin-bar.js autosave.dev.js autosave.js colorpicker.dev.js colorpicker.js comment-reply.dev.js comment-reply.js /crop/ cropper.css cropper.js marqueeHoriz.gif marqueeVert.gif hoverIntent.dev.js hoverIntent.js /imgareaselect/ border-anim-h.gif border-anim-v.gif imgareaselect.css jquery.imgareaselect.dev.js jquery.imgareaselect.js /jcrop/ Jcrop.gif jquery.Jcrop.css jquery.Jcrop.dev.js jquery.Jcrop.js /jquery/ jquery.color.dev.js jquery.color.js jquery.form.dev.js jquery.form.js jquery.hotkeys.dev.js jquery.hotkeys.js jquery.js jquery.query.js jquery.schedule.js jquery.serialize-object.js jquery.table-hotkeys.dev.js jquery.table-hotkeys.js suggest.dev.js suggest.js /ui/ jquery.effects.blind.min.js jquery.effects.bounce.min.js jquery.effects.clip.min.js jquery.effects.core.min.js jquery.effects.drop.min.js jquery.effects.explode.min.js jquery.effects.fade.min.js jquery.effects.fold.min.js jquery.effects.highlight.min.js jquery.effects.pulsate.min.js jquery.effects.scale.min.js jquery.effects.shake.min.js jquery.effects.slide.min.js jquery.effects.transfer.min.js jquery.ui.accordion.min.js jquery.ui.autocomplete.min.js jquery.ui.button.min.js jquery.ui.core.min.js jquery.ui.datepicker.min.js jquery.ui.dialog.min.js jquery.ui.draggable.min.js jquery.ui.droppable.min.js jquery.ui.mouse.min.js jquery.ui.position.min.js jquery.ui.progressbar.min.js jquery.ui.resizable.min.js jquery.ui.selectable.min.js jquery.ui.slider.min.js jquery.ui.sortable.min.js jquery.ui.tabs.min.js jquery.ui.widget.min.js json2.dev.js json2.js /plupload/ changelog.txt handlers.dev.js handlers.js license.txt plupload.flash.js plupload.flash.swf plupload.html4.js plupload.html5.js plupload.js plupload.silverlight.js plupload.silverlight.xap prototype.js quicktags.dev.js quicktags.js /scriptaculous/ MIT-LICENSE builder.js controls.js dragdrop.js effects.js scriptaculous.js slider.js sound.js unittest.js wp-scriptaculous.js swfobject.js /swfupload/ handlers.dev.js handlers.js license.txt /plugins/ swfupload.cookies.js swfupload.queue.js swfupload.speed.js swfupload.swfobject.js swfupload-all.js swfupload.js swfupload.swf /thickbox/ loadingAnimation.gif macFFBgHack.png tb-close.png thickbox.css thickbox.js /tinymce/ /langs/ wp-langs-en.js wp-langs.php license.txt /plugins/ /directionality/ editor_plugin.js /fullscreen/ editor_plugin.js fullscreen.htm /inlinepopups/ editor_plugin.js /skins/ /clearlooks2/ /img/ alert.gif button.gif buttons.gif confirm.gif corners.gif drag.gif horizontal.gif vertical.gif window.css template.htm /media/ /css/ media.css editor_plugin.js /js/ embed.js media.js media.htm moxieplayer.swf /paste/ blank.htm editor_plugin.js /js/ pastetext.js pasteword.js pastetext.htm pasteword.htm /spellchecker/ changelog.txt /classes/ EnchantSpell.php GoogleSpell.php PSpell.php PSpellShell.php SpellChecker.php /utils/ JSON.php Logger.php config.php /css/ content.css editor_plugin.js /img/ wline.gif /includes/ general.php rpc.php /tabfocus/ editor_plugin.js /wordpress/ /css/ content.css editor_plugin.dev.js editor_plugin.js /img/ audio.gif embedded.png image.gif media.gif more_bug.gif page.gif page_bug.gif trans.gif video.gif /wpdialogs/ editor_plugin.dev.js editor_plugin.js /js/ popup.dev.js popup.js wpdialog.dev.js wpdialog.js /wpeditimage/ /css/ editimage-rtl.css editimage.css editimage.html editor_plugin.dev.js editor_plugin.js /img/ delete.png image.png /js/ editimage.dev.js editimage.js /wpfullscreen/ editor_plugin.js fullscreen.htm /wpgallery/ editor_plugin.dev.js editor_plugin.js /img/ delete.png edit.png gallery.png t.gif /wplink/ editor_plugin.dev.js editor_plugin.js /themes/ /advanced/ about.htm anchor.htm charmap.htm color_picker.htm editor_template.js image.htm /img/ colorpicker.jpg flash.gif gotmoxie.png icons.gif iframe.gif pagebreak.gif quicktime.gif realmedia.gif shockwave.gif trans.gif video.gif windowsmedia.gif /js/ about.js anchor.js charmap.js color_picker.js image.js link.js source_editor.js link.htm shortcuts.htm /skins/ /default/ content.css dialog.css /img/ buttons.png items.gif menu_arrow.gif menu_check.gif progress.gif tabs.gif ui.css /highcontrast/ content.css dialog.css ui.css /o2k7/ content.css dialog.css /img/ button_bg.png button_bg_black.png button_bg_silver.png ui.css ui_black.css ui_silver.css /wp_theme/ content.css dialog.css /img/ tabs.gif ui.css source_editor.htm tiny_mce.js tiny_mce_popup.js /utils/ editable_selects.js form_utils.js mctabs.js validate.js wp-mce-help.php wp-tinymce.js.gz wp-tinymce.php tw-sack.dev.js tw-sack.js wp-ajax-response.dev.js wp-ajax-response.js wp-list-revisions.dev.js wp-list-revisions.js wp-lists.dev.js wp-lists.js wp-pointer.dev.js wp-pointer.js wplink.dev.js wplink.js kses.php l10n.php link-template.php load.php locale.php media.php meta.php ms-blogs.php ms-default-constants.php ms-default-filters.php ms-deprecated.php ms-files.php ms-functions.php ms-load.php ms-settings.php nav-menu-template.php nav-menu.php pluggable-deprecated.php pluggable.php plugin.php /pomo/ entry.php mo.php po.php streams.php translations.php post-template.php post-thumbnail-template.php post.php query.php registration-functions.php registration.php rewrite.php rss-functions.php rss.php script-loader.php shortcodes.php taxonomy.php template-loader.php /theme-compat/ comments-popup.php comments.php footer.php header.php sidebar.php theme.php update.php user.php vars.php version.php widgets.php wlwmanifest.xml wp-db.php wp-diff.php