Did you read a tutorial that asks you to edit your wp-config file, and you have no idea what it is? Well we’ve got you covered. In this article, we will show you how to properly edit the wp-config.php file in WordPress.
What is wp-config.php File?
As the name suggests, it is a configuration file that is part of all self-hosted WordPress sites.
Unlike other files, wp-config.php file does not come built-in with WordPress rather it’s generated specifically for your site during the installation process.
WordPress stores your database information in the wp-config.php file. Without this information your WordPress website will not work, and you will get the ‘error establishing database connection‘ error.
Apart from database information, wp-config.php file also contains several other high-level settings. We will explain them later in this article.
Since this file contains a lot of sensitive information, it is recommended that you don’t mess with this file unless you have absolutely no other choice.
But since you’re reading this article, it means that you have to edit wp-config.php file. Below are the steps to do it without messing things up.
Video Tutorial
If you don’t like the video or need more instructions, then continue reading.
Getting Started
First thing you need to do is to create a complete WordPress backup. The wp-config.php file is so crucial to a WordPress site that a tiny mistake will make your site inaccessible.
You will need an FTP client to connect to your website. Windows users can install WinSCP or SmartFTP and Mac users can try Transmit or CyberDuck. An FTP client allows you to transfer files between a server and your computer.
Connect to your website using the FTP client. You will need FTP login information which you can get from your web host. If you don’t know your FTP login information, then you can ask your web host for support.
The wp-config.php file is usually located in the root folder of your website with other folders like /wp-content/.
Simply right click on the file and then select download from the menu. Your FTP client will now download wp-config.php file to your computer. You can open and edit it using a plain text editor program like Notepad or Text Edit.
Understanding wp-config.php file
Before you start, let’s take a look at the full code of the default wp-config.php file. You can also see a sample of this file here.
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://codex.wordpress.org/Editing_wp-config.php
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
/** MySQL database username */
define('DB_USER', 'username_here');
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the Codex.
*
* @link https://codex.wordpress.org/Debugging_in_WordPress
*/
define('WP_DEBUG', false);
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
Each section of wp-config.php file is well documented in the file itself. Almost all settings here are defined using PHP Constants.
define( 'constant_name' , 'value');
Let’s take a closer look at each section in wp-config.php file.
MySQL Settings in wp-config.php File
Your WordPress database connection settings appear under ‘MySQL Settings’ section of the wp-config.php file. You will need your MySQL host, database name, database username and password to fill in this section.
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
/** MySQL database username */
define('DB_USER', 'username_here');
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
You can get your database information from your web hosting account’s cPanel under the section labeled databases.
If you cannot find your WordPress database or MySQL username and password, then you need to contact your web host.
Authentication Keys and Salts
Authentication unique keys and salts are security keys that help improve security of your WordPress site. These keys provide a strong encryption for user sessions and cookies generated by WordPress. See our guide on WordPress Security Keys for more information.
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
/**#@-*/
You can generate WordPress security keys and paste them here. This is particularly useful if you suspect your WordPress site may have been compromised. Changing security keys will logout all currently logged in users on your WordPress site forcing them to login again.
WordPress Database Table Prefix
By default WordPress adds wp_ prefix to all the tables created by WordPress. It is recommended that you change your WordPress database table prefix to something random. This will make it difficult for hackers to guess your WordPress tables and will save you from some common SQL injection attacks.
/** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_';
Please note that you cannot change this value for an existing WordPress site. Follow the instructions in our how to change the WordPress database prefix article to change these settings on an existing WordPress site.
WordPress Debugging Mode
This setting is particularly useful for users trying to learn WordPress development, and users trying experimental features. By default WordPress hides notices generated by PHP when executing code. Simply setting the debug mode to true will show you these notices. This provides crucial information to developers to find bugs.
define('WP_DEBUG', false);
Absolute Path Settings
The last part of wp-config file defines the absolute path which is then used to setup WordPress vars and included files. You don’t need to change anything here at all.
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
Useful wp-config.php Hacks and Settings
There are some other wp-config.php settings that can help you troubleshoot errors and solve many common WordPress errors.
Changing MySQL Port and Sockets in WordPress
If your WordPress hosting provider uses alternate ports for MySQL host, then you will need to change your DB_HOST value to include the port number. Note, that this is not a new line but you need to edit the existing DB_HOST value.
define( 'DB_HOST', 'localhost:5067' );
Don’t forget to change the port number 5067 to whatever port number is provided by your web host.
If your host uses sockets and pipes for MySQL, then you will need to add it like this:
define( 'DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock' );
Changing WordPress URLs Using wp-config.php File
You may need to change WordPress URLs when moving a WordPress site to a new domain name or a new web host. You can change these URLs by visiting Settings » General page.
You can also change these URLs using wp-config.php file. This comes handy if you are unable to access the WordPress admin area due to error too many directs issue. Simply add these two lines to your wp-config.php file:
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Don’t forget to replace example.com with your own domain name. You also need to keep in mind that search engines treat www.example.com and example.com as two different locations (See www vs non-www – Which one is better for SEO?). If your site is indexed with www prefix then you need to add your domain name accordingly.
Change Uploads Directory Using wp-config.php
By default WordPress stores all your media uploads in /wp-content/uploads/ directory. If you want to store your media files in someother location then you can do so by adding this line of code in your wp-config.php file.
define( 'UPLOADS', 'wp-content/media' );
Note that the uploads directory path is relative to the ABSPATH automatically set in WordPress. Adding an absolute path here will not work. See out detailed guide on how to change default media upload location in WordPress for more information.
Disable Automatic Updates in WordPress
WordPress introduced automatic updates in WordPress 3.7. It allowed WordPress sites to automatically update when there is a minor update available. While automatic updates are great for security, but in some cases they can break a WordPress site making it inaccessible.
Adding this single line of code to your wp-config.php file will disable all automatic updates on your WordPress site.
define( 'WP_AUTO_UPDATE_CORE', false );
See our tutorial on how to disable automatic updates in WordPress for more information.
Limit Post Revisions in WordPress
WordPress comes with built-in autosave and revisions. See our tutorial on how to undo changes in WordPress with post revisions. However, if you run a large site revisions can increase your WordPress database backup size.
Add this line of code to your wp-config.php file to limit the number of revisions stored for a post.
define( 'WP_POST_REVISIONS', 3 );
Replace 3 with the number of revisions you want to store. WordPress will now automatically discard older revisions. However, your older post revisions are still stored in your database. See our tutorial on how to delete old post revisions in WordPress.
We hope this article helped you learn how to edit wp-config.php file in WordPress and all the cool things you can do with it. You may also want to see our article on 25+ extremely useful tricks for WordPress functions file.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Thank you for sharing this article, it was simple and easy to understand.
Hi, I just updated my WordPress to new version manually using FileZilla. My website was working. But then, I did some update inside wp-config.php file. Now the size of that file on server has become ‘0’. Even if I update it from local PC, it still remains ‘0’. What should I do? Now website is not working. I am getting – HTTP Error 500
Hi Gaurav,
You can download a fresh copy of WordPress and extract it on your computer. Inside it you will find a wp-config-sample.php file. You can upload this file to your server and rename it to wp-config.php. You will now need to edit wp-config.php file and enter your WordPress database information.
It worked. Thank you.
I have an intranet-based wordpress site that I’m setting up. I’m having issues with the proxy configuration in wp-config.php. I’ve tried about everything I know and I still keep getting ‘Proxy Authentication Required” errors.
define(‘WP_PROXY_HOST’, ‘https://proxy.domain.com’);
define(‘WP_PROXY_PORT’, ‘3128’);
define(‘WP_PROXY_USERNAME’, ‘domain\\username’);
define(‘WP_PROXY_PASSWORD’, ‘xxxxxx’);
define(‘WP_PROXY_BYPASS_HOSTS’, ‘localhost’);
Our internal wordpress site can detect that there are new versions of plug-ins but when I try to update I get the proxy authentication error. I’ve tried the variables above with https, http, just proxy.domain.com, the username escaping the \, not escaping the backslash, etc. I looked at the code in class-wp-http-proxy.php and it appears the authentication connects the username with a : and then the password like the http(s)_proxy environment variable. I’ve tried local host for the bypass and an empty string. Our Windows domain uses an file; is there a place to specify this?
I get the same proxy authentication errors trying to download anything from the internal wordpress site.
Error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /var/www/epkb.mw-process-ctrl.com/public_html/wp-admin/includes/plugin-install.php on line 168
I’m also having an issue with php’s file_get_contents if that’s something wordpress uses. cURL works fine.
Any ideas?
Thanks
Hi Greg,
Please make sure that your localhost environment has curl extension installed and enabled for PHP. Please see our guide on how to fix secure connection error in WordPress for more details.
I have curl installed.
It lists ipV6 as yes but I have ipV6 disabled since our network doesn’t support it.
I think the problem is authenticating with our proxy. On the server I use:
(the \ is escaped when setting the env variables). Above is my wp-content proxy settings.
I’m using ufw for my firewall and have tried with it enabled & disabled with the same results.
Any other ideas?
Thanks
Hi Greg,
We are not sure. You can post on WordPress.org forums may be someone who has faced similar situation can help out.
Do the changes take effect immediately after saving the new wp-config file?
Hey Jon,
Yes, they are effectively immediately. However, if you are editing wp-config file in a text editor on your computer, then simply saving your changes may not change the wp-config.php file on your server. You will need to upload the changed wp-config.php file back to your server for changes to take effect.
What’s the best way to upload the changed wp-config.php file back to the server?
Can the tutorial be updated with how to upload the adjusted config file? The tutorial seems to be incomplete for the (relative) novice
Hi Andy,
We have linked to our article on how to use FTP to upload WordPress files. It also applies to editing your wp-config.php file. You can simply download your wp-config.php file to your computer using FTP. Edit it to make your desired changes and then upload it back using the same FTP client.
Hope this helps.
I did something silly , i removed the www part from wp site url under Setting-General . Now admin panel is getting redirected to wordpress one. i used your steps to copy both lines with modification and uploaded via ftp . No luck .Plz help
Excellent post. I am a newbie and learned a lot.
I have an issue with my site. It looks like I have been hacked. I ran WordFence scan and it caught a line of code in my wp-config.php file that it flagged as not belonging there. Following is the code:
My question is this. Can I remove the "@include…" from the file without screwing up the .php file.
Any guidance will be appreciated.
Hi Boris,
Is the file part of the core WordPress software, a plugin, or a theme? If yes, then download a fresh copy of WordPress core, plugins, or theme the file belongs to and then upload the new file.
You can also download the file to your computer before editing the code as a backup. If anything goes wrong you can then upload it back.
Great post, glad I read.
I’m having problems accessing site. I debugged and am getting a list of problems but most seem to come back to this one:
“Notice: get_settings is deprecated since version 2.1.0!
Use get_option() instead. in /usr/local/pem/vhosts/xxxxxx/webspace/siteapps/WordPress-xxxxx/htdocs/wp-includes/functions.php on line 3752″
But line 3752 reads:
” trigger_error( sprintf( __(‘%1$s is deprecated since version %2$s! Use %3$s instead.’), $function, $version, $replacement ) ); ”
So i’ve no idea what to replace. I’m sure this is 101 stuff to you, but I’m really confused!! I would really appreciate your advice, thank you.
Found your section on disabling plugins – which was a great help as the the site is now viewable whilst I try to resolve. This is the message I see now when logged in WP Admin
” Catchable fatal error: Argument 1 passed to Genesis_Admin_CPT_Archive_Settings::__construct() must be an instance of stdClass, instance of WP_Post_Type given, called in /usr/local/pem/vhosts/xxxxxx/webspace/siteapps/WordPress-xxxxxx/htdocs/wp-content/themes/genesis/lib/admin/menu.php on line 122 and defined in /usr/local/pem/vhosts/xxxxxx/webspace/siteapps/WordPress-xxxxxx/htdocs/wp-content/themes/genesis/lib/admin/cpt-archive-settings.php on line 38 ”
Am in a spot of bother and could really use your help – thank you!
Hey Steph,
Try updating your Genesis child theme. Connect to your website using FTP and download your child theme as a backup. After that delete child theme folder from your website.
Next, download a fresh copy of the theme and install it. If this doesn’t work, then try updating Genesis core itself.
If i delete salt key can i decrypt wordpress password ?
Hi,
I did something silly and now can’t get my site to work. Basically I kept my site live at said URL example.com and created a folder where I built the WordPress site example.com/Wordpress. However when I went to put the wordpress site into the root folder after backing everything up I forgot to change the site URL in the dashboard. i basically then removed my entire site and copied everything from the wordpress site into the root URL. It didn’t work – so I thought I would remove everything and restore my site as it was with both the wordpress and the normal site working.
However once I restored all the files the wordpress site now errors with 404 Page not found and I can’t login into the dashboard either.
Any idea how I can restore this? I think it is looking in the root directory and WordPress folder for the site or something similar and it’s causing the error – but how do I fix it?
Thanks
Sean
Hi Sean,
You can update WordPress URLs by adding this code to your wp-config.php file:
define('WP_HOME','http://example.com');define('WP_SITEURL','http://example.com');
Hello i would like to have it when i upload an image it gets uploaded to my cloud from wordpress.
i got a url & api key.
Any suggestions would be cool. thanks.
Best site for WordPress Beginners. Solved my blog problem simply. Thank u so much Sir…
You are welcome
Don’t forget to join us on Twitter for more WordPress tips and tutorials.
Nice instructions, as far as they go. However, I know it is ALSO possible to edit wp-config.php directly through WordPress’ Admin area but it seems to be a closely guarded secret as to HOW to actually do this. I do not have FTP access to my site so I have to use some other method and I’d rather not go chasing down the rabbit hole of trying out various flaky plugins until I find one that actually works. Your assistance as to what menu drill-down to explore in WordPress Admin would be greatly appreciated.
It is not a good idea to edit wp-config.php file inside WordPress admin area. One tiny mistake and you will be locked out of your WordPress site. If you do not have FTP access, you can try editing it via cPanel’s file manager.
I don’t want to sound stupid, but please help me understand… are the wp-config.php changes supposed to be made on my Mac or on the host for my website. They are two different machines.
Please help! I keep making changes to my web site and all of a sudden they just do not ‘take’.
Best regards,
Angela
You can make changes to wp-config.php file using an FTP client. It allows you to edit files on your web server. After connecting to your website using an FTP client, you need to locate wp-config.php file and download it to your computer. Make changes it to it using a text editor like TextEdit. Save your changes and then upload the file back to your web server using the FTP client.
Ok, so I added define(‘WP_ALLOW_REPAIR’, true); to my downloaded wp config file with notepad. Now what?
Once you have done that, you can see the settings by visiting this URL on your blog:
yoursite.com/wp-admin/maint/repair.php
You have 2 buttons
1st – Repair Database
2nd – Repair and Optimize Database
I suggest u click the 1st one and wait for the process to finish.
CODA is an FTP Client as well. Correct?
Hi,
For security I add to my .htaccess
<files wp-config.php>
order allow,deny
deny from all
</files>
Kind regards