If functions.php is the single most important file in your WordPress theme, then wp-config.php is the single most important file in your entire WordPress installation. This file can be used to configure database functionalities, enhance performance, and improve security on all WordPress powered websites and blogs. In this article, we will share some of the most useful WordPress configuration tricks that you may not know yet.
By default, WordPress installation does not come with a file wp-config.php. The default install comes with a sample file known as wp-config-sample.php. You must use this file as a sample to create the actual wp-config.php before you can setup your blog. Most users never do this manually because WordPress lets you do it automatically from their installation setup. In that setup, you are adding/modifying key WordPress configurations. So first, we will walk you through what the default setup lets you do.
When you upload WordPress via FTP and access the site, you see a screen like this:
The setup basically tells you to use the wp-config-sample.php because it may not work on all hosts. Most of which we tried it with, it works. If you are using one of the popular hosts, then it will work. The next step would be something like this:
There you enter some of the key information. The info there lets WordPress connect with a database. Anything you enter in the setup will be added in your wp-config.php as:
define('DB_NAME', 'database-name'); define('DB_USER', 'database-username'); define('DB_PASSWORD', 'database-password'); define('DB_HOST', 'localhost');
By default, the database host is localhost because it works with most hosts. But there are hosts that has different configuration, so you will need to modify this if you are using the following hosts:
- 1and1 Hosting — db12345678
- DreamHost — mysql.example.com
- GoDaddy — h41mysql52.secureserver.net
- ICDSoft — localhost:/tmp/mysql5.sock
- MediaTemple (GS) — internal-db.s44441.gridserver.com
- Pair Networks — dbnnnx.pair.com
- Yahoo — mysql
One of the coolest trick for wp-config.php in Digging into WordPress eBook was the ability to detect the database host.
Paste the code above, and it will most likely grab the database server. For this, you would have to manually edit the wp-config.php file though.
WordPress Security Keys is a set of random variables that improve encryption of information stored in the user’s cookies. Prior to WordPress 3.0, you had to install this in your wp-config.php file manually. In WordPress 3.0 if you use the install wizard, then it automatically adds the security keys in your wp-config.php. Also prior to WordPress 3.0, there were only 4 security keys, but with 3.0 there are 8 security keys available.
These can be added in the wp-config.php as so:
define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here');
When you are installing WordPress using the wizard, one of the options is to select the Table prefix. That is stored in wp-config.php file as:
$table_prefix = 'wp_';
We recommend that you use something other than wp_ to add extra work for the hackers. Although if you already have WordPress setup, then don’t just change the prefix like this. There is a set of steps here that you should take.
By default, English is the localized language of WordPress, but it can be changed to your native language with these:
define('WPLANG', ''); define('LANGDIR', '');
The language translation file (.mo) must be placed in the default location which is assumed to be wp-content/languages (first) and then wp-includes/languages (second). As you can see in the function above, you can define your own language directory if you like. To find WordPress in your language, please check out the official WordPress Codex page.
For developers, WordPress has this awesome debugging feature which allows them to find errors, and deprecated functions. By default, this function is set to false, but in the development mode, developers should have it enabled.
define(‘WP_DEBUG’, false); // disable debugging mode by default define(‘WP_DEBUG’, true); // enable debugging mode
In your WordPress Settings, you specify the WordPress address and the site address. Those are added in your database, and every time the developer calls it in the template, it is running a database query. In WordPress 2.2, these two settings were introduced to override the database values without changing them:
define('WP_HOME', 'http://www.wpbeginner.com'); define('WP_SITEURL', 'http://www.wpbeginner.com');
By adding these in your wp-config.php, you are reducing the number of database queries thus increasing your site’s performance.
Override File Permissions
You can override file permissions, if your host has restrictive permissions for all user files. Most of you do not need this, but it exists for those who need it.
define('FS_CHMOD_FILE', 0755); define('FS_CHMOD_DIR', 0644);
In the recent versions of WordPress, there is a super awesome feature called Post Revisions. This function auto-saves posts just incase if your browser crash, or something else happen. It also allows users to restore back to previous versions if they don’t like the changes and so on. While a lot of us love this feature, some of us really hate it with a passion. This function has numerous configuration, so you can make it work just right for you.
The Auto-Save Configuration
By default WordPress saves post every 60 seconds, but if you think that is way too much, then you can modify it to your likings with this configuration:
define('AUTOSAVE_INTERVAL', 120); // in seconds
Some posts have 10s, 20s, or even 100 post revisions depending on the blog owner. If you think that feature annoys you, then you can limit the number of revisions per post.
You can use any integer you like there.
If none of the settings above satisfies you, then you can simply disable the post revisions feature by adding this function:
WordPress Trash Feature
In WordPress 2.9, there was a new “Trash” feature added to the core. This feature works just like the recycling bin, so instead of deleting the post permanently, you would send it to the trash. This helped those users who accidently click on Delete button, and it can be any of us. The bad part about this trash feature is that you have to empty the trash regularly. By default the trash empties itself every 30 days. You can modify that by using the following function:
define('EMPTY_TRASH_DAYS', 7 ); //Integer is the amount of days
If you do not like this feature, then you can disable it by adding the function below:
define('EMPTY_TRASH_DAYS', 0 );
But remember, if you keep the value to 0, then WordPress would not ask for confirmation when you click on Delete Permanently. Any accidental click could cost you…
By default, WordPress allow you to upgrade plugins, and WordPress core versions from within the backend. There are some hosts that requires an FTP or SSH connection everytime you try to upgrade, or install a new plugin. By using the codes below, you can set the FTP or SSH constants and never have to worry about it again.
// forces the filesystem method: "direct", "ssh", "ftpext", or "ftpsockets" define('FS_METHOD', 'ftpext'); // absolute path to root installation directory define('FTP_BASE', '/path/to/wordpress/'); // absolute path to "wp-content" directory define('FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/'); // absolute path to "wp-plugins" directory define('FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/'); // absolute path to your SSH public key define('FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub'); // absolute path to your SSH private key define('FTP_PRIVKEY', '/home/username/.ssh/id_rsa'); // either your FTP or SSH username define('FTP_USER', 'username'); // password for FTP_USER username define('FTP_PASS', 'password'); // hostname:port combo for your SSH/FTP server define('FTP_HOST', 'ftp.example.org:21');
Auto Database Optimization
In WordPress 2.9, there was a feature added called Automatic Database Optimization. To enable this feature, you would need to use the following function:
Once activated, you can see the settings on this page: http://www.yoursite.com/wp-admin/maint/repair.php
The user does not need to be logged in to access this functionality when this define is set. This is because its main intent is to repair a corrupted database, Users can often not login when the database is corrupt. So once you are done repairing and optimizing your database, make sure to remove this from your wp-config.php.
Increase PHP Memory Limit
There is a common WordPress Memory Exhausted Error that users have seen when activating some plugin. You can increase the PHP Memory Limit through wp-config.php file. Simply paste the code below:
Note: This feature may not work with some web hosts, so you would have to ask them (beg them) to increase your PHP Memory limit.
WordPress Error Log
For developers, it is useful to have an error log for a site. You can easily create a simple error log for a WordPress powered website by using wp-config.php file. First create a file called “php_error.log”, make it server-writable, and place it in the directory of your choice. Then edit the path in the third line of the following code:
@ini_set('log_errors','On'); @ini_set('display_errors','Off'); @ini_set('error_log','/home/path/domain/logs/php_error.log'); <h4>Move your wp-content Directory</h4>
Starting from WordPress 2.6, you can move your wp-content directory. It helps with site security. You can do move your wp-content directory by adding the following code in your wp-config.php file:
define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' ); define( 'WP_CONTENT_URL', 'http://example/blog/wp-content'); define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' ); define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');
We have the plugin directory defined because some plugins might not work if you do not define it specifically.
Custom User / UserMeta Tables
By default, WordPress saves all user data in the tables wp_users and wp_usermeta. By using the function below, you can specify the table where you want your user information stored.
define('CUSTOM_USER_TABLE', $table_prefix.'my_users'); define('CUSTOM_USER_META_TABLE', $table_prefix.'my_usermeta');
Enable Multi-Site Network
In WordPress 3.0, WPMU was merged into WordPress core. To enable the multi-site network functionality, you have to add the following code in your wp-config.php file.
Once you add this code, there will be a new page in your wp-admin called “Network” located in Tools » Network.
You will have to follow the directions on that page to continue the setup of the MU Network.
Securing Your WP-Config File
As you can see, this file is SUPER IMPORTANT therefore it needs extra security. By default it is located in the root WordPress folder, but you can move it. It can be moved outside your public_html directory, so users cannot access it. WordPress knows by default to look in other directories, if the files is not found in the WordPress root folder. You can also use .htaccess file to limit access to this file.
Add the following code:
# Protect wp-config.php <Files wp-config.php> order allow,deny deny from all </Files>
If you have other tips that we can add, surely let us know and we will add it in the article.