WP-config is one of the most powerful files on your WordPress site, and it plays an important role in how WordPress works behind the scenes. There are some very useful WordPress configuration tricks that most beginners don’t know about. In this article, we will share some of the most useful WordPress configuration tricks that will help you troubleshoot, optimize, and secure your WordPress site.
How to Use these WordPress Configuration Tricks?
WordPress comes with a powerful configuration file called wp-config.php. It is located in the root folder of every WordPress site and contains important configuration settings.
To learn more, see our guide on how to edit wp-config.php file in WordPress.
All the best WordPress hosting companies come with 1-click WordPress installation which means you would never need to edit the wp-config.php file during the installation. This is the main reason why many users are not familiar with the power of this file.
You can use the wp-config file to troubleshoot, optimize, and secure your WordPress site.
The wp-config.php file is a powerful tool, and a tiny mistake in the code can make your website inaccessible. You should only edit this file when necessary and always create a complete WordPress backup before making any changes,
That being said, let’s take a look at some handy WordPress configuration tricks that you can use on your website.
1. The Basic WordPress Configuration Settings
By default, you just need to fill in the database settings during WordPress installation. If you don’t have a wp-config.php file present, then you will be asked to create one by filling in your database information.
WordPress will try to automatically save these settings by generating a wp-config.php file. However, if it fails, then you will need to add them manually.
To do that, you will need to connect with your website using an FTP client. Once connected, you will need to rename the wp-config-sample.php file to wp-config.php.
After that, you can go ahead and edit the newly created wp-config.php file. You will need to add your database information by changing the following lines:
define('DB_NAME', 'database-name');
define('DB_USER', 'database-username');
define('DB_PASSWORD', 'database-password');
define('DB_HOST', 'localhost');
Don’t forget to save your changes and upload the file back to the server.
2. Adding Security Keys in WordPress
The default WordPress installation automatically adds security keys to your configuration file. These security keys are used to add an extra security layer to your WordPress login and cookie authentication.
You can always regenerate security keys if you feel someone may be accessing your website without proper authentication. Changing security keys will log out all logged in users.
define( 'AUTH_KEY', 'put your unique phrase here' ); define( 'SECURE_AUTH_KEY', 'put your unique phrase here' ); define( 'LOGGED_IN_KEY', 'put your unique phrase here' ); define( 'NONCE_KEY', 'put your unique phrase here' ); define( 'AUTH_SALT', 'put your unique phrase here' ); define( 'SECURE_AUTH_SALT', 'put your unique phrase here' ); define( 'LOGGED_IN_SALT', 'put your unique phrase here' ); define( 'NONCE_SALT', 'put your unique phrase here' );
For more information, see our article on WordPress security keys and how to use them.
3. Change WordPress Table Prefix
A typical default WordPress installation adds a wp_ prefix to all WordPress database table names. Some WordPress security experts believe that changing the table prefix can make your WordPress database more secure.
To do that you, need to change the following line in your WordPress configuration.
$table_prefix = 'wp_';
If you are doing this for an existing website, then you will also need to change the table prefix in your WordPress database. To do that, see our article on how to change the WordPress database prefix.
4. Turn on Debugging in WordPress
WordPress comes with a neat debugging feature that allows you to see or hide WordPress errors when in debug mode. To turn this on, you will need to add this rule in your WordPress configuration file.
define( 'WP_DEBUG', true );
You can also turn on debugging while hiding the errors on your website and saving them in a log file instead. To do that, add the following lines to your configuration settings.
define( 'WP_DEBUG', true ); define( 'WP_DEBUG_LOG', true ); define( 'WP_DEBUG_DISPLAY', false );
This will create a debug.log file inside wp-content folder of your website and store all debugging errors and notices inside the log file.
5. Changing Your Site or WordPress Address
Normally, you can set your WordPress and Site URLs from Settings » General page. However, you may not be able to do that if you don’t have access to your WordPress site, seeing redirect errors, or have just moved your site.
In that case, you can change your site and WordPress URLs via wp-config.php file by adding the following lines:
define('WP_HOME', 'http://www.example.com');
define('WP_SITEURL', 'http://www.example.com');
Don’t forget to replace example.com with your own domain name.
6. Override File Permissions
WordPress allows you to override file permissions if your host has restrictive permissions for all user files. Most users do not need this, but it exists for those who need it.
define('FS_CHMOD_FILE', 0644);
define('FS_CHMOD_DIR', 0755);
To learn more about file permissions, see our article on how-to fix file and folder permissions error in WordPress.
7. Changing Post Revision Settings
WordPress has a very useful a post revisions feature which allows you to undo changes to your posts and pages by reverting back to a previous version or an autosave.
You can disable or change post revision settings through the configuration file. Here are different post revision settings that you can use.
You can change how often WordPress stores an autosave as a revision by adding the following line:
define('AUTOSAVE_INTERVAL', 120); // in seconds
Some articles on your site may have dozens of post revisions depending on how long it took to write them. If you think that feature annoys you, then you can limit the number of revisions per post.
define('WP_POST_REVISIONS', 10);
If for some reason, you want to disable the post revisions feature altogether (not recommended at all), then you can use the following code to disable post revisions.
define( 'WP_POST_REVISIONS', false );
8. Changing WordPress Trash Settings
WordPress comes with a recycle bin feature called Trash. When a user sends a post to trash, it is still stored on your website for next 30 days as trash. After that time, WordPress automatically deletes them forever.
You can change this behavior by changing the number of days you want to keep the trash.
define( 'EMPTY_TRASH_DAYS', 15 ); // 15 days
If you do not like this feature, then you can disable it by adding the function below:
define('EMPTY_TRASH_DAYS', 0 );
Note: Using zero means your posts will be deleted permanently. WordPress would not ask for confirmation when you click on Delete Permanently. Any accidental click could cost you…
To learn more, see our article on how to limit or disable automatic empty trash feature in WordPress.
9. Adding FTP/SSH Constants to WordPress Configuration
By default, WordPress allows you to upgrade WordPress core, themes, and plugins from the admin dashboard. There are some hosts that require an FTP or SSH connection everytime you try to upgrade, or install a new plugin.
By using the codes, you can set the FTP or SSH constants and never have to worry about it again.
// forces the filesystem method: "direct", "ssh", "ftpext", or "ftpsockets"
define('FS_METHOD', 'ftpext');
// absolute path to root installation directory
define('FTP_BASE', '/path/to/wordpress/');
// absolute path to "wp-content" directory
define('FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/');
// absolute path to "wp-plugins" directory
define('FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/');
// absolute path to your SSH public key
define('FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub');
// absolute path to your SSH private key
define('FTP_PRIVKEY', '/home/username/.ssh/id_rsa');
// either your FTP or SSH username
define('FTP_USER', 'username');
// password for FTP_USER username
define('FTP_PASS', 'password');
// hostname:port combo for your SSH/FTP server
define('FTP_HOST', 'ftp.example.org:21');
Note: Don’t forget to replace the WordPress path and ftp.example.com with your own FTP Host information.
10. Allow Automatic Database Repair
WordPress comes with a built-in feature to automatically optimize and repair WordPress database. However, this feature is turned off by default.
To enable this feature you need to add the following line to your WordPress configuration file.
define('WP_ALLOW_REPAIR', true);
After adding this, you need to visit the following URL to optimize and repair WordPress database
http://example.com/wp-admin/maint/repair.php
Don’t forget to replace example.com with your own domain name. You will see a simple page with the options to repair or repair and optimize the database. You don’t need to be logged in to access this page.
11. Increase PHP Memory Limit
Some of the most common WordPress errors are caused by PHP memory exhausted. You can increase the PHP memory limit through wp-config.php file. Simply paste the code below:
define('WP_MEMORY_LIMIT', '128M');
12. Moving wp-content Directory
WordPress allows you to move your wp-content directory. Some experts believe that it can help strengthen WordPress security.
You will need to add the following code to your wp-config.php file:
define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' ); define( 'WP_CONTENT_URL', 'http://example/blog/wp-content'); define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' ); define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');
Don’t forget to replace example.com with your own domain name.
13. Use Custom User Tables
By default, WordPress saves all user data in the tables wp_users and wp_usermeta. By using the function below, you can specify the table where you want your user information stored.
define('CUSTOM_USER_TABLE', $table_prefix.'my_users');
define('CUSTOM_USER_META_TABLE', $table_prefix.'my_usermeta');
14. Enable Multi-Site Network
Each WordPress site comes with a built-in multisite feature which allows you to create multiple WordPress sites using the same installation. To learn more, see our complete guide on how to install and setup WordPress multisite network.
You can enable multisite functionality by adding the following line to your WordPress configuration file:
define('WP_ALLOW_MULTISITE', true);
15. Securing Your WordPress Configuration File
As you can see, the wp-config.php file contains really important WordPress settings. By default it is located in the root WordPress folder, but you can move it. It can be moved outside your public_html directory, so users cannot access it. WordPress knows by default to look in other directories if the files is not found in the WordPress root folder.
You can also add the following code to your .htaccess file to limit access to this file.
# Protect wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>
We hope this article helped you learn some useful WordPress configuration tricks that you didn’t know. You may also want to see our mega list of 55+ most wanted WordPress tips, tricks, and hacks that you can use on your site.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
I rely on your tutorials for my website development. The problems here are that you did not state clearly where these codes will be pasted in the various environments. Looking forward to your response.
I want to increase my server timeout limit, where I can find that code???
Wow really awesome. This helped so much.
I’m wresting with one thing setting up my own CDN (which the above took care of 98%:).
I’m trying to exclude a sub-folder on my CDN sub-domain as it’s throwing an access violation.
I’ve tried a half dozen NGINX CORS directives in a server block .conf with no joy.
I want to figure out how to use this file in the main domain rather than how it’s written below:
Access to Font at ‘https://cdn.mydomain.com/wp-content/themes/mytheme/includes/lib/assets/fonts/fontawesome/fontawesome-webfont.woff?v=4.7.0’ from origin ‘https://mydomain.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://mydomain.com’ is therefore not allowed access.
Thanks if you can point me to a fix or relevant info you may have !!
Stu
They can verufy the information in the wp-config.php if the password or database names correspond and change them if not.
My WordPress website adds weird numbers as suffix to every page URL. Why is it happening? I changed the permalinks settings to display post names; it didn’t help.
Could you please guide me?
Here are a few page urls of my site:
Try these WordPress troubleshooting tips step by step and see if it resolves your issue.
I have this ‘issue’ – for me its down to backup buddy needing to be run in alternative WP cron mode. The backup buddy FAQ told me to add this:
define(‘ALTERNATE_WP_CRON’, true);
to my wp_config.php file which now adds random numbers etc to URLs.
Its this for me as removing it stops it but also stops backup buddy from working correctly.
I have always enjoyed reading contents on this site. Thanks for sharing this awesome tricks.
I use useronline plugin…When am in the useronline dashboard I notice that some users want to access my default css, upload images link with their browser! So am scared may be they want to hack my site! Please any help on how to stop them
Hey, amazint tricks, thanks a lot. Very useful!
WordPress Error Log –
How should I do this in a local environment?
I’m currently using DesktopServer (Xampp lite – Installs sites with .dev extension locally eg. “mysite.dev”) with SourceTree (Git) – However trying to figure out what the path I should be using to my error log file is proving difficult. Could I use a full URL path such as “http://mysite.dev/php_error.log” ? or does it need to be the system file path “C:/Users/Garratt/Documents/mysite.dev/php_error.log” ?
Yes.
Hi thanks for the great summary!
I have a question: is any change in the wp-config immediately effective?
Yes, it is immediately effective
Got a question: How do I transfer ownership of a site from one user to another? Like I set it up with my admin account, but I want to have another user be the main admin and do updates and posts. I doubt I can just set them as an admin and myself as a subscriber and be done with it, so what’s the correct route of doing so?
Yes that’s one way to do it. A WordPress site can also have multiple administrators.
If you also want to transfer them the ownership of domain, web hosting, and database then you will have to create a user account for them in your web hosting control panel. After that you can give them the complete control on domain, hosting, and database as well.
They already have all that, I’m just helping them redevelop their website (cause it’s not a good look right now nor is it easy to update ATM). Found this awesome church theme for them (cause it’s my church’s website I’m working on), and wanted to see how difficult it would be to switch admins. Last time a site of mine had multiple admins, just the first admin (ID #1) could update the plugins, themes, and WP in general.
Im not too sure but usually u have to do it in your Terminal like : sudo adduser sudo.
After I got rid of the database error, now I dont have any errors but now I have just blank page with no source code ? Please help what to do now. Thnaks
Thanks, It helps me lot, why dont you add
define(‘WP_CACHE’, true);
useful!
so, what about the Securing Your WP-Config File ? thank you
Just a heads up, that the indicated GoDaddy Hostname doesn’t work (maybe at least not for everyone) and the $_ENV option didn’t either.
I found instructions on where to find my specific Hostname here:
http://support.godaddy.com/help/article/39/viewing-your-databases-details?locale=en
I can’t thank you more! You’ve touched on the heart of any online work in a very clear way! You’re great teachers indeed! It can’t be any better than this! Write more!
Hey Guys
Great site, great info just found it. with the secure
Securing Your WP-Config File
where is the code that we need? please
Brad
is there any configuration in wordpress 3.5 so that the uploaded files will use the defined WP_HOME or WP_SITEURL? thanks
Awesome. There is so much stuff about wordpress I didn’t even know. Like the repair database define code. this is one great article. I will have to bookmark this for sure.
Thanks for this useful tips.I!m a beginner and I have a wordpress.org web site.
I have followed your instructions and changed the wp-config file by copying the secure keys grabbed from the web site: https://api.wordpress.org/secret-key/1.1/salt/
After putting the new config file into the WP-Admin Folder in the server it gives an error “Parse error: syntax error, unexpected T_VARIABLE….”
That line is: “$table_prefix = ‘wp_’;” and it has never been changed.
How can I correct this error? Thanks.
@yadicemil You are not supposed to put this in the wp admin folder.
Like it
you rock man, thanks for the info
Great information about such an important are as configuration. With all the pharma hacks going on recently the last tip is my favourite. Protecting that damn wp-config file seems to be the key to palace these days.
Thank you for the effort putting all of this information in one place for us all to benefit.
kind regards
Tony
Cool, this is informative and always a good flashback if I forgot any of them.
Thanks for sharing!
What exactly does adding those # protect wpconfig.php… to .htaccess file do?
Do I have to do anything else after moving .htacess from public_html to root folder?
You will never move the .htaccess file anywhere. That file remains in your public_html folder or the folder where WordPress is installed… The code in that file will disallow all access to wp-config.php file from the web.
You can move the wp-config.php file to the root directory (one above public_html) to add an extra layer of security. One or the other would be fine… doing both is an overkill.
For reference, 3.0 does not include more security keys, nor were 2.9 installs any less secure when it came to authentication.
The first four are keys. The last four are salts. The salts were missing from wp-config.php before 3.0, but we actually added salts a few versions ago. We added them to wp-config.php in 3.0 so we could easily populate them on install, but they are not necessary.
If salts are not defined (or remain the default, e.g. “Enter unique phrase here”), then WP simply generates random strings to use as salts and stores those in the database.
Also, for an error log, you should instead use these constants:
define( 'WP_DEBUG', true ); // Enables error reporting.
define( 'WP_DEBUG_DISPLAY', false ); // Hides the errors.
define( 'WP_DEBUG_LOG', true ); // Logs errors to wp-content/error.log (or use @ini_set('error_log') )
This has the added benefit of exposing PHP notices, which provide developers warnings about code that could be better or may have errors in it.
Thank You Andrew. Didn’t know about the SALT keys. Just saw it in 3.0 and thought it was a new addition.
Very nice write up, and easy read for beginners. I’ll be sending people here to learn;)
$_ENV{DATABASE_SERVER} ??
Syntax doesn’t look correct to me ($_ENV[‘stuff’] maybe but {stuff} I don’t think so) and I’ve just checked, couldn’t find any host I have access to that has this defined. Definitely not something common.
Other than this, nice roundup. Note that WP doesn’t look “in other directories” to find wp-config.php, it just goes one directory up (which is in most case out of the server document root).
Thanks…. it’s really good tutorial…Can you write the detail step by step tutorial of “Securing Your WP-Config File” for us…
The last two steps are pretty easy to follow, but sure will add that one to the list
Great article as always. I especially like the .htaccess file tip.
Wow plenty there to get my teeth into, thanks WPB
Thanks so much for all of this great info. This is the side of WordPress I need to learn more about so I’m going to use this post as a springboard to really dive in.