The wp-config.php file is crucial to your WordPress installation. You’ll find this file at the root of your WordPress file directory and it contains information such as the database connection details of your website.
The file wp-config.php is not included with the first download of WordPress. According to the information you provide in the setup process, WordPress will create this file for you.
In this article, I’ll explain to you all what you should about the wp-config.php file.
Let’s get started!
Table of contents
The wp-config.php file is one of the core files of WordPress. It includes information about the database, such as its name, host, username, and password. WordPress uses this information to interact with the database to store and retrieve data (e.g. Posts, Users, Settings, etc.). Additionally, the file contains advanced settings for WordPress.
The wp-config.php file can be manually created by finding wp-config-sample.php (located in the root install-directory), editing it as needed, and then saving it as wp-config.php.
If you don’t find the wp-config-sample.php, you can copy/paste the code below and save it as wp-config.php in the root folder of your WordPress website.
<?php /* MySQL settings */ define( 'DB_NAME', 'database_name_here' ); define( 'DB_USER', 'username_here' ); define( 'DB_PASSWORD', 'password_here' ); define( 'DB_HOST', 'localhost' ); define( 'DB_CHARSET', 'utf8mb4' ); /* database table prefix. */ $table_prefix = 'wp_'; /* Authentication Unique Keys and Salts. */ /* https://api.wordpress.org/secret-key/1.1/salt/ */ define( 'AUTH_KEY', 'put your unique phrase here' ); define( 'SECURE_AUTH_KEY', 'put your unique phrase here' ); define( 'LOGGED_IN_KEY', 'put your unique phrase here' ); define( 'NONCE_KEY', 'put your unique phrase here' ); define( 'AUTH_SALT', 'put your unique phrase here' ); define( 'SECURE_AUTH_SALT', 'put your unique phrase here' ); define( 'LOGGED_IN_SALT', 'put your unique phrase here' ); define( 'NONCE_SALT', 'put your unique phrase here' ); /* Turning off the debug mode */ define( 'WP_DEBUG', false ); /* Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /* Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php');
You’ll usually find the wp-config.php file in your website’s root folder along with other folders such as /wp-content/.
The first setting deals with the database connection. Posts and other bits and pieces of WordPress data are stored in a database; they must be accessed to run.
The parameters of a database connection are the host, the username, the password, and the name of the database.
define( 'DB_NAME', 'database_name_here' ); define( 'DB_USER', 'username_here' ); define( 'DB_PASSWORD', 'password_here' ); define( 'DB_HOST', 'localhost' ); define( 'DB_CHARSET', 'utf8mb4' );
As I mentioned earlier, the first four lines represent the four key settings of your database. They can generally be founded in your hosting admin panel.
Character sets relate to languages and how they store specific characters. For example, UTF8 contains special characters like “*”, so it’s a good choice. This setting should be left alone unless you have special knowledge about these things.
Users logged in to WordPress are protected by security keys. These can be generated using the secret-key API of WordPress.org. You should include them if you do not see them in the file.
You should replace them if you’ve been hacked. There will be no data loss.
It’s wp_ by default, but you can also type any letters or numbers you want. The last letter must always be an underscore, and it is best if it is a letter and not a number
Security warning: anyone knows that wp_ is the default value and this could open a vulnerability on your website, which can be easily fixed by defining a custom value for
$table_prefix when running the set-up.
Debugging WordPress comes next on the list of settings. This is set to false by default, which means that error messages will be hidden. In production, this should be left on “FALSE” because it can help hackers to identify issues and security breaches on your website.
When developing or debugging a site it’s another story: you want to see errors so that you can fix them.
Setting the WP_DEBUG constant to “True” will, for instance, help you figure out why a theme or plugin is giving you the white screen of death.
So keep it on FALSE, unless you need to debug your website.
It’s absolutely legitimate to add any valid PHP to the config file since it’s just like any other file. Nevertheless, wp-config.php should be edited with care. Don’t add items unless necessary, and be careful when editing it so that your website doesn’t break.
Let’s not forget, this is the heart of WordPress!
You can modify the location of various WordPress folders from the config file. This could be useful if you want to:
define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/site/wp-content' ); define( 'WP_CONTENT_URL', 'http://example.com/site/wp-content' );
The first constant sets the full directory path and the second sets the new directory URL.
In the same manner, you can move the plugins folder of your WordPress site/
define( 'WP_PLUGIN_DIR', dirname(__FILE__) . '/wp-content/folder/plugins' ); define( 'WP_PLUGIN_URL', 'http://example.com/wp-content/folder/plugins' );
When done, arrange the folders according to your modifications and reload WordPress.
In some cases, you may be able to force WordPress to display errors and warnings for theme or plugin debugging purposes. You simply need to set the WP_DEBUG value to true to enable debugging:
define( 'WP_DEBUG', true );
You should disable the debug mode when you are working on a live site as we mentioned earlier. Warnings and errors should never be displayed to site viewers, as this can provide valuable information to hackers.
However, if you need to debug, you can force WordPress records information about errors and warning in a file, placed in a debug.log file, placed in /wp-content folder.
To do so, you need to add these lines of code in the wp-config file:
define( 'WP_DEBUG', true ); define( 'WP_DEBUG_LOG', true ); define( 'WP_DEBUG_DISPLAY', false ); @ini_set( 'display_errors', 0 );
WP uses Ajax to automatically save changes to posts as you edit them. Increasing this setting will delay auto-saving longer, but lowering it will ensure you never lose changes. The default setting is 60 seconds.
define( 'AUTOSAVE_INTERVAL', 30 );
You can also disable the functionality if you want by adding this peace of code:
define( 'WP_POST_REVISIONS', false );
This is so useful if you are an agency or a freelancer and want to block your customers from messing with your work.
define( 'DISALLOW_FILE_EDIT', true );
Multisite networks allow the same WordPress installation to be shared by multiple sites. Each site in the network is a virtual site, meaning that it does not have a separate directory on your server, although it does have its own subdirectory for media uploads within the shared installation, and separate tables in the database.
A multisite install allows you to set up separate WordPress sites based on the same install. This makes managing numerous websites very easy. This is typically used in corporate websites where the company website, shop, and blog are separate.
To enable multisite, you need to set WP_ALLOW_MULTISITE TRUE:
define( 'WP_ALLOW_MULTISITE', true );
As soon as you have defined this, reload the WordPress admin interface and you will find an option called “Network Setup” under the “Tools” section. WordPress will ask you to set up additional settings in your config file and .htaccess file.
Once you’re finished, you’ll be logged out and a nice new network install will appear when you re-log in
In WordPress, if you need more memory than the default allocated space, the allowed memory error will pop up.
The server’s maximum memory size will depend on its configuration.
Assuming you were not able to access the php.ini file, you can still set the WP_MEMORY_LIMIT constant in the wp-config file to increase WordPress memory.
To do so, add the following lines of code:
define( 'WP_MEMORY_LIMIT', '128M' );
By default, the memory limit is 64Mo.
From version 3.7 onwards, WordPress integrates automatic security updates. It is an essential feature that allows site admins to secure their website at all times. If you define the following constant, all automatic updates can be disabled:
define( 'AUTOMATIC_UPDATER_DISABLED', true );
Several settings in the config file can help developers catch errors or write better code. WP_DEBUG is the most prominent of these constants. Setting this to “True” will force errors to appear.
define( 'SCRIPT_DEBUG', true ); define( 'CONCATENATE_SCRIPTS', false );
Another useful WordPress constant for devs is the
SAVEQUERIES one. It will allow you to get access to detailed profiles of the SQL queries performed by WordPress.
Then we can get a quick overview of all the queries by printing $wpdb->queries.
global $wpdb; echo "<pre>"; print_r( $wpdb->queries ); echo "</pre>";
There are easy-to-implement tricks to protect your wp-config.php file from hackers.
Use an FTP client to connect to your website and download the .htaccess file found in the root directory.
Open the .htaccess file with Sublime Text of any other HTML editor.
Copy the code below to your .htaccess file. This should be copied at the bottom of your website’s .htaccess file, after all other entries.
# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>
This way, nobody will be able to access your wp-config.php file.
Throughout this post, I’ve listed several WordPress constants that can be defined in the wp-config file. There are several many constants whose functions can be easily understood.
Additionally, other constants are used for advanced features which require advanced knowledge of WordPress and website management.
If you want to learn more about these, you should give a look at the WordPress Codex.
This guide is designed to describe all major aspects of WP_Debug & WP_Debug_log so you can enable WordPress debugging.
Learn how to easily create professional-looking WordPress 404 error pages.
Because we do pretty much everything online these days, more and more people are getting […]