wp-config.php is the most powerful and important file in your WordPress installation without which WordPress simply won’t work. With the basic setting like configuring the database with default setting is enough for basic WordPress installation.
But there are lot other cool thinks like improving security, performance and functionality. Check out the 20 lists to power up your WordPress with wp-config.php
- Create wp-config.php file:
WordPress installation package doesn’t include wp-config.php , instead you need to rename wp-config-sample.php to wp-config.php. - Add Database Credentials:
Then add your database credentials. This should appear after the PHP comment near the top of the file:// ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'database_name_here'); /** MySQL database username */ define('DB_USER', 'username_here'); /** MySQL database password */ define('DB_PASSWORD', 'password_here'); /** MySQL hostname */ define('DB_HOST', 'localhost'); /** Database Charset to use in creating database tables. */ define('DB_CHARSET', 'utf8'); /** The Database Collate type. Don't change this if in doubt. */ define('DB_COLLATE', '');
For most of the web hosting server you just need to enter the database name, database username and database password. After that if it doesn’t work then you need to enter the hostname as per your hosting server. You don’t need to edit the last two items charset and collate.
- Authentication Unique Keys and Salts:
It is very important to add the unique keys and salts for security reason. In
WordPress version 2.7 onwards, there was only eight (8) security keys, AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT,
SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT were there to insure better encryption of information stored in the user’s cookies. These secret keys makes your site
harder to hack and access harder to crack by adding random elements to the password./**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here');
You don’t have to remember these keys. Just make them long, random and complicated. The best is to use the Official WordPress.org online generator. Click here to generate the keys. It should look like this:
/**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'a]$~/3=2hg.Kng[j8HmYb..Pj^Bj|_zsRdRX3Lv(L&1p6[%<M<%KG=^=:3GtfD|y'); define('SECURE_AUTH_KEY', '%{sAzE(lzq,+WI+/!k<uQGJk&yPzQQJx.is0/<dHR443TE|!!PZCHAh/#U|;kcf.'); define('LOGGED_IN_KEY', 'J$QX%41+0!5v|QesiT&tAk#e+hY759cwW[1Od3/|0&:i0{?,`LhWIv/+3&V _T~W'); define('NONCE_KEY', '-C00-~_|GB*LHUo<#Vu`|b,;K6Hn/,+$xq1(._A:CH~/$|2A|VZBJfrSE{.[HtMS'); define('AUTH_SALT', ' ;%8J%OP%cQuj._jn> Yz+E*TC>4IXdf[M++&Ud`|Ul?I47fEfyJsz<1LY[|/Y*$'); define('SECURE_AUTH_SALT', 'b~?o3Zp_ZDEh`YCc!vup|PHH{T4m4|#Z5N/X`Eb,t!egbB%@u|FfBO|q#~nK]|$-'); define('LOGGED_IN_SALT', '3|bd!!505GGW ZR9~|v`Qn4`p|2lxQ_J)KV%ielG<EP+fP1-z<,BaqUrF`<[}SMw'); define('NONCE_SALT', 'db](&Me1plB:!igjd#8o.?v}DeZIe&2]q.~s){>bqvmr`t<Bh;}C+w$#ycp:Iu:Y'); /**#@-*/
- WordPress Database Table Prefix:
The $table_prefix is the value placed in the front of your database table. By default the value is wp_. Typically this value is changed if you are installing multiple WordPress in the same database. But even for the single installation it is highly recommended to change the default value of table prefix for the security reason. As the default value is heavily targeted by malicious scripts and bad bots. For better security try to make it more random and unique but keep some key as recognition to your site. In table prefix you can only use numbers, letters, and underscores.
For example dvtpre12_CI200_/** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each a unique * prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'dvtpre12_CI200_';
- WordPress Localized Language:
English language is the default language used in WordPress installation. There are various language available, Click here to read how to Install WordPress in other language.By Default it will look like this where nothing is define in WPLANG which will take default value as English Language:
/** * WordPress Localized Language, defaults to English. * * Change this to localize WordPress. A corresponding MO file for the chosen * language must be installed to wp-content/languages. For example, install * de.mo to wp-content/languages and set WPLANG to 'de' to enable German * language support. */ define ('WPLANG', '');
- Enable the Cache:
The WP_CACHE setting, if true, includes the wp-content/advanced-cache.php script, when executing wp-settings./** Enable the Cache */ define('WP_CACHE', true);
- Debugging WordPress:
For normal user who doesn’t have much knowledge about the error can leave it as default. This is very helpful for the WordPress developers as enabling the WP_DEBUG as true will enable error reporting. This function is extremely
useful but I have seen many WordPress theme and plugin developer haven’t used it. If you haven’t enable debugging, you are in for a surprise – you will see lots of errors even with some of the most popular plugins.
By Default it will look like this:/** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. */ define('WP_DEBUG', false);
You can enable the debug mode by changing the value to true, which will look like this:
/** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. */ define('WP_DEBUG', true);
- Configure Error Log:
wp-config.php is loaded from every page view not loaded from a cache file, it is an excellent location to set php ini settings that control your php installation. This is useful if you don’t have access to a php.ini file, or if you just want to change settings on the fly.This is the easy way to enable basic error logging for your WordPress powered site. Here is an example that turns php error_logging on and logs them to a specific file. If WP_DEBUG is defined to true, the errors will also be saved to this file. Just place this above any require_once or include commands. Note: you need to create the file php_error.log and make it writable (666 permission). The third line in the code is the location of php_error.log file.
/** Configuring Error Log */ @ini_set('log_errors','On'); @ini_set('display_errors','Off'); @ini_set('error_log','/home/path/domain/logs/php_error.log');
- Post Revisions:
By default, WordPress will save copies of each edits made to a post or page, allowing the possibility of reverting to a previous version of that post or page. The savings of revisions can be disables, or a maximum number of revision per post or page can be specified.
Disable Post Revisions:/** Disable the post-revision feature */ define('WP_POST_REVISIONS', false);
Limiting the maximum number of post revision:
/** Limit the number of saved revisions */ define('WP_POST_REVISIONS', 2); // any integer, for example I made it two but don't go crazy
- Specify the Autosave Interval:
When editing a post, WordPress uses Ajax to autosave revision to the post as you edit. You can increase or decrease the time intervals in between auto-saves. The default value is 60 seconds. You can change to any but be realistic./** Specify the Autosave Interval */ define('AUTOSAVE_INTERVAL', 120); // I have changed to 120 seconds.
- Empty Trash:
In WordPress version 2.9 WordPress introduces “trash” feature to help prevent accidents delete. So now instead of
deleting stuff like posts, pages, attachments and comments, you send them to the Trash. By default WordPress deletes the Trash every 30 days. But you can set it to whatever you want or even disable it by adding a a line like this to wp-config.php:
For Example: to empty trash in 7 days add the following:/** Empty trash in 7 days */ define('EMPTY_TRASH_DAYS', 7); /** Disable Trash */ define('EMPTY_TRASH_DAYS', 0);
- Increase PHP Memory:
Since WordPress version 2.4, the WP_MEMORY_LIMIT option allow you to specify the maximum amount of memory that can be consumed by PHP. You need to increase the memory limit in the even you receive error messages telling you that your “Allowed memory size of xxx bytes exhausted”.This setting increases PHP Memory only for WordPress, not other applications. By default, WordPress will attempt to increase memory allocated to PHP to 32MB (code is at beginning of wp-settings.php), so the setting in wp-config.php should reflect something higher than 32MB.
Increase PHP Memory to 64MB add the following in wp-config.php:
/** Setting PHP Memory Limit to 64MB */ define('WP_MEMORY_LIMIT', '64M');
Increase PHP Memory to 96MB add the following in wp-config.php:
/** Setting PHP Memory Limit to 96MB */ define('WP_MEMORY_LIMIT', '96M');
Increase PHP Memory to 128MB add the following in wp-config.php:
/** Setting PHP Memory Limit to 128MB */ define('WP_MEMORY_LIMIT', '128M');
- Automatic Database Repair:
Added with Version 2.9, there is automatic database repair and optimize support, which you can enable by adding the following define to your wp-config.php file only when the feature is required./** Set Automatic Database Repair */ define('WP_ALLOW_REPAIR', true);
After you have added the code in the wp-config.php, you can repair your database anytime by visiting the URL. In this example replace example.com to your site url:
http://devotepress.com/wp-admin/maint/repair.php
- Block External Requests:
YOu can prevent WordPress from making external requests by adding this snippet towp-config.php
:/** Block External Requests */ define('WP_HTTP_BLOCK_EXTERNAL', true);
There is one problem with this code if you don’t allow access to pingomatic.com. This will prevent things from happening that normally happen, like updates, dashboard feeds, and data reporting. Fortunately, it’s easy to whitelist (allow access) anything that is needed. Here is an example where we grant access to pingomatic.com:
/** Whitelist (Allowing) External Request to pingomatic */ define('WP_ACCESSIBLE_HOSTS', 'rpc.pingomatic.com');
- Blog Address and Site Address (URL):
WP_HOME and WP_SITEURL are two settings added in WordPress Version 2.2. By default, these two configurational definitions are not included in the wp-config.php file, but they may be added to improve performance. Example:/** Setting Blog Address and Site Address */ define('WP_HOME', 'http://catchintenet.com'); // It should include the http:// part and should not have a slash "/" at the end define('WP_SITEURL', 'http://catchinternet.com'); // It should include the http:// part and should not have a slash "/" at the end
These settings should match those specified in your WordPress Admin. Once you set them in wp-config.php, they will be “grayed-out” when displayed in the Admin.
- Change your wp-content directory:
Since WordPress 2.6 you can change your wp-content directory.Set WP_CONTENT_DIR to the full local path of this directory but should not have a slash “/” at the end. Example:
/** Setting wp-content directory */ define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/oc-folder-structure/wp-content' );
Set WP_CONTENT_URL to the full URI of this directory but should not have a slash “/” at the end. Example:
/** Setting wp-content directory */ define( 'WP_CONTENT_DIR', 'http://devotepress.com/oc-folder-structure/wp-content' );
- Enable WordPress Multisite:
Since WordPress 3.0 included built in multisite capability. This means you can use one WordPress installation to host multiple sites, even on different top level domains.To show the ‘Network’ tab under the Tools menu, add this snippet above “/* That’s all, stop editing! Happy blogging. */”.
/** Enable WordPress Multisite */ define('WP_ALLOW_MULTISITE', true);
Click on the Network tab which will take you to the installation menu. Try using subdirectories rather than subdomains, for SEO, security, and flexibility in site architecture.
Using wp-config settings like these to customize your installation is a great example of how WordPress offers much more than is offered in the administration.
- Disabling the Plugin and Theme Editor:
This might be necessary if you have given many user as the well-privileged access and you don’t want them to edit the theme and plugin. It also provides you an additional layer of security if a hacker gains access to a well-privileged user account./** Disabling the Plugin and Theme Editor */ define('DISALLOW_FILE_EDIT',true);
- Overriding default file permissions:
FS_CHMOD_DIR changes the file permission for the directory ad FS_CHMOD_FILE changes the permission for the files. I recommend chmod 0755 for folders and chmod 0644 for the file. Please refer to Changing File Permissions for more details./** Setting Default File Permission */ define('FS_CHMOD_DIR', (0755 & ~ umask())); define('FS_CHMOD_FILE', (0644 & ~ umask()));
- Protect wp-config.php:
Finally the most important part after all the configuration in wp-config.php, don’t forget to protect this file. There is one simple hack to secure our wp-config.php from unwanted access to your sensitive data. Just add the following code in your root .htaccess file:# BEGIN Protect wp-config.php <Files wp-config.php> Order Allow,Deny Deny from all </Files> # END Protect wp-config.php
Full documentation is available: http://codex.wordpress.org/Editing_wp-config.php
It is really amazing! Thanks