Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

15 Useful WordPress Configuration Tricks That You May Not Know

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

WP-config is one of the most powerful files on your WordPress site, and it plays an important role in how WordPress works behind the scenes.

There are some very useful WordPress configuration tricks that most beginners don’t know about.

In this article, we will share some of the most useful WordPress configuration tricks that will help you troubleshoot, optimize, and secure your WordPress site.

Useful WordPress configuration tricks

How to Use these WordPress Configuration Tricks?

WordPress comes with a powerful configuration file called wp-config.php. It is located in the root folder of every WordPress site and contains important configuration settings.

To learn more, see our guide on how to edit wp-config.php file in WordPress.

All the best WordPress hosting companies come with 1-click WordPress installation which means you would never need to edit the wp-config.php file during the installation. This is the main reason why many users are not familiar with the power of this file.

You can use the wp-config file to troubleshoot, optimize, and secure your WordPress site.

The wp-config.php file is a powerful tool, and a tiny mistake in the code can make your website inaccessible. You should only edit this file when necessary and always create a complete WordPress backup before making any changes,

That being said, let’s take a look at some handy WordPress configuration tricks that you can use on your WordPress website.

1. The Basic WordPress Configuration Settings

By default, you just need to fill in the database settings during WordPress installation. If you don’t have a wp-config.php file present, then you will be asked to create one by filling in your database information.

Default WordPress configuration settings

WordPress will try to automatically save these settings by generating a wp-config.php file. However, if it fails, then you will need to add them manually.

To do that, you will need to connect with your website using an FTP client. Once connected, you will need to rename the wp-config-sample.php file to wp-config.php.

Rename wp-config-sample.php file

After that, you can go ahead and edit the newly created wp-config.php file. You will need to add your database information by changing the following lines:

define('DB_NAME', 'database-name');
define('DB_USER', 'database-username');
define('DB_PASSWORD', 'database-password');
define('DB_HOST', 'localhost');

Don’t forget to save your changes and upload the file back to the server.

2. Adding Security Keys in WordPress

The default WordPress installation automatically adds security keys to your configuration file. These security keys are used to add an extra security layer to your WordPress login and cookie authentication.

You can always regenerate security keys if you feel someone may be accessing your website without proper authentication. Changing security keys will log out all logged in users.

define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

For more information, see our article on WordPress security keys and how to use them.

3. Change WordPress Table Prefix

A typical default WordPress installation adds a wp_ prefix to all WordPress database table names. Some WordPress security experts believe that changing the table prefix can make your WordPress database more secure.

To do that you, need to change the following line in your WordPress configuration.

$table_prefix = 'wp_';

If you are doing this for an existing website, then you will also need to change the table prefix in your WordPress database. To do that, see our article on how to change the WordPress database prefix.

4. Turn on Debugging in WordPress

WordPress comes with a neat debugging feature that allows you to see or hide WordPress errors when in debug mode. To turn this on, you will need to add this rule in your WordPress configuration file.

define( 'WP_DEBUG', true );

You can also turn on debugging while hiding the errors on your website and saving them in a log file instead. To do that, add the following lines to your configuration settings.

define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );

This will create a debug.log file inside wp-content folder of your website and store all debugging errors and notices inside the log file.

5. Changing Your Site or WordPress Address

Normally, you can set your WordPress and Site URLs from Settings » General page. However, you may not be able to do that if you don’t have access to your WordPress site, seeing redirect errors, or have just moved your site.

In that case, you can change your site and WordPress URLs via wp-config.php file by adding the following lines:

define('WP_HOME', '');
define('WP_SITEURL', '');

Don’t forget to replace with your own domain name.

6. Override File Permissions

WordPress allows you to override file permissions if your host has restrictive permissions for all user files. Most users do not need this, but it exists for those who need it.

define('FS_CHMOD_FILE', 0644);
define('FS_CHMOD_DIR', 0755);

To learn more about file permissions, see our article on how-to fix file and folder permissions error in WordPress.

7. Changing Post Revision Settings

WordPress has a very useful a post revisions feature which allows you to undo changes to your posts and pages by reverting back to a previous version or an autosave.

You can disable or change post revision settings through the configuration file. Here are different post revision settings that you can use.

You can change how often WordPress stores an autosave as a revision by adding the following line:

define('AUTOSAVE_INTERVAL', 120); // in seconds

Some articles on your site may have dozens of post revisions depending on how long it took to write them. If you think that feature annoys you, then you can limit the number of revisions per post.

define('WP_POST_REVISIONS', 10);

If for some reason, you want to disable the post revisions feature altogether (not recommended at all), then you can use the following code to disable post revisions.

define( 'WP_POST_REVISIONS', false );

8. Changing WordPress Trash Settings

WordPress comes with a recycle bin feature called Trash. When a user sends a post to trash, it is still stored on your website for next 30 days as trash. After that time, WordPress automatically deletes them forever.

You can change this behavior by changing the number of days you want to keep the trash.

define( 'EMPTY_TRASH_DAYS', 15 ); // 15 days

If you do not like this feature, then you can disable it by adding the function below:

define('EMPTY_TRASH_DAYS', 0 );

Note: Using zero means your posts will be deleted permanently. WordPress would not ask for confirmation when you click on Delete Permanently. Any accidental click could cost you…

To learn more, see our article on how to limit or disable automatic empty trash feature in WordPress.

9. Adding FTP/SSH Constants to WordPress Configuration

By default, WordPress allows you to upgrade WordPress core, themes, and plugins from the admin dashboard. There are some hosts that require an FTP or SSH connection every time you try to upgrade, or install a new plugin.

WordPress asking for FTP information

By using the codes, you can set the FTP or SSH constants and never have to worry about it again.

// forces the filesystem method: "direct", "ssh", "ftpext", or "ftpsockets"
define('FS_METHOD', 'ftpext');
// absolute path to root installation directory
define('FTP_BASE', '/path/to/wordpress/');
// absolute path to "wp-content" directory
define('FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/');
// absolute path to "wp-plugins" directory
define('FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/');
// absolute path to your SSH public key
define('FTP_PUBKEY', '/home/username/.ssh/');
// absolute path to your SSH private key
define('FTP_PRIVKEY', '/home/username/.ssh/id_rsa');
// either your FTP or SSH username
define('FTP_USER', 'username');
// password for FTP_USER username
define('FTP_PASS', 'password');
// hostname:port combo for your SSH/FTP server
define('FTP_HOST', ''); 

Note: Don’t forget to replace the WordPress path and with your own FTP Host information.

10. Allow Automatic Database Repair

WordPress comes with a built-in feature to automatically optimize and repair WordPress database. However, this feature is turned off by default.

To enable this feature you need to add the following line to your WordPress configuration file.

define('WP_ALLOW_REPAIR', true);

After adding this, you need to visit the following URL to optimize and repair WordPress database.

Don’t forget to replace with your own domain name. You will see a simple page with the options to repair or repair and optimize the database. You don’t need to be logged in to access this page.

Optimize and repair WordPress database

11. Increase PHP Memory Limit

Some of the most common WordPress errors are caused by PHP memory exhausted. You can increase the PHP memory limit through wp-config.php file. Simply paste the code below:

define('WP_MEMORY_LIMIT', '128M');

12. Moving wp-content Directory

WordPress allows you to move your wp-content directory. Some experts believe that it can help strengthen WordPress security.

You will need to add the following code to your wp-config.php file:

define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' );
define( 'WP_CONTENT_URL', 'http://example/blog/wp-content');
define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' );
define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');

Don’t forget to replace with your own domain name.

13. Use Custom User Tables

By default, WordPress saves all user data in the tables wp_users and wp_usermeta. By using the function below, you can specify the table where you want your user information stored.

define('CUSTOM_USER_TABLE', $table_prefix.'my_users');
define('CUSTOM_USER_META_TABLE', $table_prefix.'my_usermeta');

14. Enable Multi-Site Network

Each WordPress site comes with a built-in multisite feature which allows you to create multiple WordPress sites using the same installation. To learn more, see our complete guide on how to install and setup WordPress multisite network.

You can enable multisite functionality by adding the following line to your WordPress configuration file:

define('WP_ALLOW_MULTISITE', true);

15. Securing Your WordPress Configuration File

As you can see, the wp-config.php file contains really important WordPress settings. By default it is located in the root WordPress folder, but you can move it. It can be moved outside your public_html directory, so users cannot access it. WordPress knows by default to look in other directories if the files is not found in the WordPress root folder.

You can also add the following code to your .htaccess file to limit access to this file.

# Protect wp-config.php
<Files wp-config.php>
    order allow,deny
    deny from all

We hope this article helped you learn some useful WordPress configuration tricks that you didn’t know. You may also want to see our mega list of 55+ most wanted WordPress tips, tricks, and hacks that you can use on your site or our picks of the best WordPress plugins for business sites.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

52 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Jiří Vaněk says

    Thank you for the great article. I was particularly interested in point 2, as I constantly struggled to understand the function of these security keys. Thanks for the link in the article to additional content, where I was finally able to learn much more about this function and better understand the whole issue. Regarding point 4, is it good to keep the debug log enabled, or should it only be turned on in case of a problem?

    • WPBeginner Support says

      In most cases it is recommended to not have debug mode active unless you are looking for an error on your site. :)


  3. tareq khury says

    hello and thanks for this important post .
    my question is where i must add this codes , in the config.php file
    but in which line exactly .


    • WPBeginner Support says

      There is no specific line but it is normally best to add the code to the bottom so it is easy to find and remove should you want in the future.


  4. Ali says

    Thanks alot. But i want to know something more detailed about point 9. Where to place this code and more?

  5. Gurjit Singh says

    Thanks for this useful post.
    i was looking for this 10. Allow Automatic Database Repair.
    Thank you very much.

    Thanks and Regards,
    Gurjit Singh

  6. Sunday says

    I rely on your tutorials for my website development. The problems here are that you did not state clearly where these codes will be pasted in the various environments. Looking forward to your response.

  7. Stu Rader says

    Wow really awesome. This helped so much.

    I’m wresting with one thing setting up my own CDN (which the above took care of 98%:).

    I’m trying to exclude a sub-folder on my CDN sub-domain as it’s throwing an access violation.

    I’ve tried a half dozen NGINX CORS directives in a server block .conf with no joy.

    I want to figure out how to use this file in the main domain rather than how it’s written below:

    Access to Font at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘’ is therefore not allowed access.

    Thanks if you can point me to a fix or relevant info you may have !!


  8. Hypez says

    They can verufy the information in the wp-config.php if the password or database names correspond and change them if not.

  9. Gopal says

    My WordPress website adds weird numbers as suffix to every page URL. Why is it happening? I changed the permalinks settings to display post names; it didn’t help.

    Could you please guide me?

    Here are a few page urls of my site:

    • Alex says

      I have this ‘issue’ – for me its down to backup buddy needing to be run in alternative WP cron mode. The backup buddy FAQ told me to add this:

      define(‘ALTERNATE_WP_CRON’, true);

      to my wp_config.php file which now adds random numbers etc to URLs.

      Its this for me as removing it stops it but also stops backup buddy from working correctly.

  10. David Pascal says

    I have always enjoyed reading contents on this site. Thanks for sharing this awesome tricks.

  11. ugwu victor says

    I use useronline plugin…When am in the useronline dashboard I notice that some users want to access my default css, upload images link with their browser! So am scared may be they want to hack my site! Please any help on how to stop them

  12. Garratt Campton says

    WordPress Error Log –

    How should I do this in a local environment?

    I’m currently using DesktopServer (Xampp lite – Installs sites with .dev extension locally eg. “”) with SourceTree (Git) – However trying to figure out what the path I should be using to my error log file is proving difficult. Could I use a full URL path such as “” ? or does it need to be the system file path “C:/Users/Garratt/Documents/” ?

  13. Nathan Pinno says

    Got a question: How do I transfer ownership of a site from one user to another? Like I set it up with my admin account, but I want to have another user be the main admin and do updates and posts. I doubt I can just set them as an admin and myself as a subscriber and be done with it, so what’s the correct route of doing so?

    • WPBeginner Staff says

      Yes that’s one way to do it. A WordPress site can also have multiple administrators.

      If you also want to transfer them the ownership of domain, web hosting, and database then you will have to create a user account for them in your web hosting control panel. After that you can give them the complete control on domain, hosting, and database as well.

      • Nathan Pinno says

        They already have all that, I’m just helping them redevelop their website (cause it’s not a good look right now nor is it easy to update ATM). Found this awesome church theme for them (cause it’s my church’s website I’m working on), and wanted to see how difficult it would be to switch admins. Last time a site of mine had multiple admins, just the first admin (ID #1) could update the plugins, themes, and WP in general.

  14. john says

    After I got rid of the database error, now I dont have any errors but now I have just blank page with no source code ? Please help what to do now. Thnaks

  15. Maganizo says

    I can’t thank you more! You’ve touched on the heart of any online work in a very clear way! You’re great teachers indeed! It can’t be any better than this! Write more!

  16. brad says

    Hey Guys
    Great site, great info just found it. with the secure

    Securing Your WP-Config File
    where is the code that we need? please


  17. Bon says

    is there any configuration in wordpress 3.5 so that the uploaded files will use the defined WP_HOME or WP_SITEURL? thanks

  18. Heather Wood says

    Awesome. There is so much stuff about wordpress I didn’t even know. Like the repair database define code. this is one great article. I will have to bookmark this for sure.

  19. yadicemil says

    Thanks for this useful tips.I!m a beginner and I have a web site.
    I have followed your instructions and changed the wp-config file by copying the secure keys grabbed from the web site:
    After putting the new config file into the WP-Admin Folder in the server it gives an error “Parse error: syntax error, unexpected T_VARIABLE….”
    That line is: “$table_prefix  = ‘wp_’;” and it has never been changed.
    How can I correct this error? Thanks.

  20. Tony Cosentino says

    Great information about such an important are as configuration. With all the pharma hacks going on recently the last tip is my favourite. Protecting that damn wp-config file seems to be the key to palace these days.

    Thank you for the effort putting all of this information in one place for us all to benefit.

    kind regards

    • Editorial Staff says

      You will never move the .htaccess file anywhere. That file remains in your public_html folder or the folder where WordPress is installed… The code in that file will disallow all access to wp-config.php file from the web.

      You can move the wp-config.php file to the root directory (one above public_html) to add an extra layer of security. One or the other would be fine… doing both is an overkill.


  21. Andrew Nacin says

    For reference, 3.0 does not include more security keys, nor were 2.9 installs any less secure when it came to authentication.

    The first four are keys. The last four are salts. The salts were missing from wp-config.php before 3.0, but we actually added salts a few versions ago. We added them to wp-config.php in 3.0 so we could easily populate them on install, but they are not necessary.

    If salts are not defined (or remain the default, e.g. “Enter unique phrase here”), then WP simply generates random strings to use as salts and stores those in the database.

    Also, for an error log, you should instead use these constants:

    define( 'WP_DEBUG', true ); // Enables error reporting.
    define( 'WP_DEBUG_DISPLAY', false ); // Hides the errors.
    define( 'WP_DEBUG_LOG', true ); // Logs errors to wp-content/error.log (or use @ini_set('error_log') )

    This has the added benefit of exposing PHP notices, which provide developers warnings about code that could be better or may have errors in it.

  22. Ozh says

    Syntax doesn’t look correct to me ($_ENV[‘stuff’] maybe but {stuff} I don’t think so) and I’ve just checked, couldn’t find any host I have access to that has this defined. Definitely not something common.

    Other than this, nice roundup. Note that WP doesn’t look “in other directories” to find wp-config.php, it just goes one directory up (which is in most case out of the server document root).

  23. gopalb says

    Thanks…. it’s really good tutorial…Can you write the detail step by step tutorial of “Securing Your WP-Config File” for us…

  24. Angie Bowen says

    Thanks so much for all of this great info. This is the side of WordPress I need to learn more about so I’m going to use this post as a springboard to really dive in.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.