An Introduction to the WP-Config.php File
The Role and Purpose of WP-Config.php file in Wordpress
Wordpress is the most used CMS powering more than 43% of all the websites and having excellent features that make it the preferred CMS of bloggers as well as businesses and users with other types of website needs.
What makes Wordpress the favorite of so many users globally is its flexibility and ease of use. Someone with little to no technical knowledge can easily run a blog on Wordpress using themes and plugins that extend wordpress functionality.
Wordpress is made from php and mysql. Its core files include various php files and the CMS requires a mysql database for storing all the information. One of the most critical files in a Wordpress installation is the wp-config.php file which includes all the basic configurations of wordpress including the database details. It does not come included with the wordpress download. The file that you download with Wordpress during installation is the wp-config-sample.php file. You can copy this file to wp-config.php and add the details like database host, user name, password, authentical salts etc. Otherwise, the file is created during installation.
The WP-Config.php file first comes into play at the time of Wordpress installation and includes the important database credentials as well as other variables that affect the functioning of Wordpress. Its function is not limited to database configurations but also includes more variables that affect Wordpress performance and security.
You can perform more tasks from the wp-config.php file like increasing php memory allocation, limiting number of revisions, changing the location of themes and plugin folders, adding home url and blog url and similar more tasks.
In this post, we will discuss the main features and functions of the wp-config.php file and how it can be used for more tasks than just database configuration to optimize wordpress for speed and security.
Here are the contents of the wp-config-sample.php. These contents are copied to the wp-config.php file at the time of wordpress installation and then the variables are changed for specific use.
<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the web site, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://wordpress.org/documentation/article/editing-wp-config-php/
 *
 * @package WordPress
 */
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** Database username */
define( 'DB_USER', 'username_here' );
/** Database password */
define( 'DB_PASSWORD', 'password_here' );
/** Database hostname */
define( 'DB_HOST', 'localhost' );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );
/**#@-*/
/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';
/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://wordpress.org/documentation/article/debugging-in-wordpress/
 */
define( 'WP_DEBUG', false );
/* Add any custom values between this line and the "stop editing" line. */
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
You can see the database credentials are right at the top inside the wp-config.php file including database name, user name, password and the database host. When you install wordpress, you create a mysql database for use with your Wordpress blog for storing information. The data required to connect with the wp mysql database must be filled inside the wp-config.php file.
Suppose, you created a mysql database named Mydb and with username wpdb. You should add these values to the wp-config.php file. When you install wordpress for the first time, during the final installation, you are required to provide these values along with a table prefix. These values are filled inside the wp-config.php file.
Scroll down in the wp-config-sample.php file and you will find the table prefix there:
$table_prefix = ‘wp_’;
It is recommended to use a different prefix than wp since it is commonly used and can be exploited by hackers and so to keep the database safe, one must use a different prefix like wpjx_ or wp14rt_. It must be something that is not too easy to guess.
To keep your wordpress database safe, you should also regularly change the authorization salts. You can generate these salts from the following link:
https://api.wordpress.org/secret-key/1.1/salt/
Copy the values from there and add them to the wp-config.php file in place of the old values to update them.
The ABSPATH that you see inside the wp-config.php file is a predefined constant representing the absolute path to the root directory of the wordpress installation. It is used for the purpose of consistency, security and portability.
How to edit the wp-config.php file
The wp-config.php file can be edited in two main ways. One can edit it using the FTP or using the nano editor via ssh.
If you know how to upload and download files using SFTP, it is very easy to edit the wp-config.php file. Connect to your server using a SFTP client like Filezilla or Cyberduck. Go to the root folder and look for the wp-config.php file. Right click on the wp-config.php file and open with a text editor like notepad. Now, you can edit the file and then save it. Otherwise, you can download the file and then make changes and upload it once again.
If you know how to run terminal commands, it is even easier to edit the wp-config.php file. However, before editing the file, you must take a backup since if any error happens, you will be able to revert the changes.
To edit the wp-config.php file, ssh to your server and then go to the root folder. For example, if your wordpress is installed in /var/www/html, then:
$ cd /var/www/html
Now that you are inside the root folder, you can open the wp-config.php file using the nano or vim editor.
$ sudo nano wp-config.php
This will open the file. You can now make edits and then save the file using ctrl + S and then close the file with ctrl + X. That’s all. However, while editing the wp-config,php file, you have to make sure that you are making the changes in the right place.
Most of the new variables that are not there already in your original wp-config.php file are inserted above the ‘That’s all stop editing! Happy publishing’. Otherwise, those changes will not work. So, just make sure that you are inserting new variables in the right place.
Define WP_HOME and SITE URL in WP-CONFIG.php
When you login to your Wordpress dashboard and go to the settings -> General, you will see the wordpress address (url) and site address (url). These values can be edited from the dashboard. However, if you define your wordpress address url and site url in the wp-config.php file, one will not be able to change these urls from the dashboard.
To define these values in the wp-config.php file, open the file inside the terminal or using SFTP and then add the following two lines to it.
define('WP_HOME','https://example.com');
define('WP_SITEURL','https://example.com');
Replace example.com with your site address and wordpress url. Do not add a backslash at the end.
Now, go back and check on the wordpress dashboard and you will see that the wordpress url and site url can no longer be edited from the general settings. It will also keep your website secure.
The above values could also be changed from the wordpress database. When you edit this value in the wp-config.php file, it will override the value for site url set inside the wp-options table inside the wordpress database. These changes will also reduce the number of database calls being made from your wordpress website to the database.
Since the values stored inside the database do not change when you edit the wp-config.php file, if you ever revert the changes, the boxes for site url and wordpress address url on your wordpress dashboard in general settings will again be open for editing.
Sometimes when you are unable to access your wordpress dashboard, setting the right urls in wp-config.php might fix the issue. You can also use the Relocate flag to help wordpress decide which is the right site url.
Add the following line to the top of the wp-config.php file:
define('RELOCATE',true);
Apart from the above discussed settings, the wp-config.php file can be used for several more purposes like limiting post revisions, setting cookie domain, setting multisite installation, for debugging, and other things like moving folder locations.
It is important to remember that wp-config.php is among the most vital files inside your wordpress installation and you must edit it with caution. Always keep a backup that can be used if anything goes wrong. The wp-config.php file affects wordpress performance in terms of speed, security and is essential for the normal functioning of your wordpress blog. The file is also critical for maintaining database connection and can help fix several types of common wordpress errors.
How to increase allocated php memory in wp-config.php
The php memory limit can be increased from the wp-config.php by using WP_MEMORY_LIMIT constant. Increasing the memory allocated to php may also become essential in the event that you receive a message like “Allowed memory size of xxxxxxx bytes exhausted.”
In many cases, the default memory allocation might not be sufficient for Wordpress and so one may need to increase the php memory limit.
To do that edit the wp-config.php and add the following to it:
define( 'WP_MEMORY_LIMIT', '64M' );
You can replace 64M with a larger value if required like 128M or 256M.
However, the wp-admin tasks may require higher memory. When in the admin area, you can increase or decrease the php memory limit by defining WP_MAX_MEMORY. The default value for WP_MAX_MEMORY limit is 256MB, which can be increased by adding the following to the wp-config.php file.
define( 'WP_MAX_MEMORY_LIMIT', '512M' );
Limit post revisions in wp-config.php
Wordpress saves copies of each revision made to a post or page so that one can revert the changes if required. However, it also consumes memory and limiting post revisions can help speed up your wordpress installation.
You can specify the maximum number of revisions in wordpress or completely disable it if required. It will require you to define the WP_POST_REVISIONS constant in Wordpress.
Suppose, you want to define the maximum number of regions as 3, then add the following to wp-config.php file:
define( 'WP_POST_REVISIONS', 3 );
If you completely want to disable post revisions, then you can set the above constant to false in the wp-config.php file like below:
define( 'WP_POST_REVISIONS', false );
Change Autosave Interval in Wordpress
While you are editing a post, Wordpress uses Ajax to autosave revisions to a post. It can also be a memory intensive task and therefore increasing the autosave interval can help you speed up your wordpress site.
The default autosave interval in wordpress is 60 seconds. If you want, you can increase the autosave interval to a higher value like 160 seconds or 300 seconds.
define( 'AUTOSAVE_INTERVAL', 160 ); // Seconds
Enable Multisite Wordpress
If you want to run several Wordpress blogs from the same installation, you will need to enable Wordpress mutltisite settings. This can be done through the wp-config.php.
The WP_ALLOW_MULTISITE constant helps us enable Wordpress mutlsite. If it is not set in the wp-config.php file, the default setting is fasle. So, you will need to set it to true to enable Wordpress multisite/network functionality.
Add the following to the wp-config.php to enable Wordpress mutltisite functionality:
define( 'WP_ALLOW_MULTISITE', true );
Set Cookie Domain in Wordpress
You can set a cookie domain in Wordpress if you are using subdomains to serve static content. In that case, you will want to set your non-static domain as the cookie domain, which will prevent the Wordpress cookies from being sent with each request to the static content on your subdomain. It is a common practice to use cookie free subdomains for servign static content. Yu can create a subdomain to serve static content pointed tp the Wp-content folder. Then, you can set your domain as the cookie domain.
To set a cokie domain in Wordpress, all you need to do is to to define the COOKIE_DOMAIN in the wp-config.php file.
define( 'COOKIE_DOMAIN', 'www.example.com' );
Disable WP_CRON
Wordpress scans for scheduled tasks on every page load. While it works generally fine in case of low to moderate traffic blogs, on high traffic websites, it can significantly impact server performance. To prevent it, youc an completely disable WP_CRON by setting the DISABLE_WP_CRON to true.
Add the following piece of code above the /* That’s all, stop editing! Happy blogging. */ line in the wp-config.php file.
define( 'DISABLE_WP_CRON', true );
The following piece of code will help ypu ensure that a given cron process does not run more than once in specified time.
define( 'WP_CRON_LOCK_TIMEOUT', 60 );
You can specify the time in seconds like 60 or 120 to ensure that a cron job runs only once in th specified amount of time. Disbling cron entirely can speed things up on busy servers.
Automatically Empty Trash in Wordpress
The default time for emptying trash or permanently deleting the posts and pages in trash is 30 days. When you delete a post, it is not permanently deleted but just moved to the Trash folder. To delete a post permanently, yu have to first delete it and then delete it from trash as well. it applies to posts, pages, attachemnts as well as comments.
However, you can change this behavior using the EMPTY_TRASH_DAYS constant. You can set a value to less than 30 days like 1 or 2 to make sure that the posts, pages, attachments and comments that you have deleted from your site are permanently deleted.
define( 'EMPTY_TRASH_DAYS', 10 ); // 10 days
You can also disable trash by setting the value to zero, in which case Wordpress will not seek confirmation when you click on delete permanently.