WordPress users are familiar with the wp-config.php
file as the one used to set up the database information, such as the database name, the username, password, and its location (as well as table prefixes, security keys, and language).
However, many users are unaware that the wp-config.php
file can be used to set a wide range of configurations to enhance the functionality, performance, and security of your WordPress site.
In this guide, I’ll share several configuration tricks that I’ve encountered over the years. The guide will cover options detailed in the WordPress Codex, as well as options you may not be familiar with.
Here is an image of a typical wp-config.php
file, known as the WordPress Configuration File:
Let’s take a look on some of the settings you can apply via the wp-config.php
file:
1. Database Settings
These four settings are necessary for WordPress to connect to the database:
define('DB_NAME', 'database-name');
define('DB_USER', 'database-username');
define('DB_PASSWORD', 'database-password');
define('DB_HOST', 'localhost');
The database name, username, and password are the settings you defined during the creation of the database, but the DB_HOST
setting is a bit trickier to crack. In most cases, its value should be localhost
, but some hosting companies may require a different value.
You can also set a different port for the database server; here are two examples:
define('DB_HOST', 'localhost:1234');
define('DB_HOST', 'mysql.domain.tld:1234');
Another useful trick is to automatically identify the database server:
define('DB_HOST', $_ENV{DATABASE_SERVER});
If you still struggle to find the correct value, talk to your hosting company and ask for the information.
2. Database – Collation & Character Set
From WordPress version 2.2 onwards, you can set the Character Set
for MySQL tables. In general, there’s no need to touch this setting since the default is UTF-8
, which supports all languages. Here’s the recommended setting:
define('DB_CHARSET', 'utf8');
Starting from WordPress 2.2, you can also set the Collation, which determines the sort order of the character set in the database. This setting is usually done automatically by MySQL based on the character set and can be left blank. Here’s the recommended default value:
define('DB_COLLATE', '');
Note: Use/change these settings only if they already exist in the wp-config.php file.
3. Security Keys
From WordPress version 2.7, there are four security keys designed to enhance better encryption of cookies. These keys work quietly behind the scenes and should be as random and complex as possible. The easiest way to generate these keys automatically is by using the WordPress.org secret-key service.
Simply visit the link and copy the result into your wp-config.php
file during your WordPress installation. You can change these keys anytime; changing them will make the cookies for all logged-in users on your site irrelevant, forcing them to log in again to the WordPress dashboard.
define('AUTH_KEY', '_;*Yfw@]Qr#[|YDl-v$pXkPZ^;Ac&YC:|s]-pw`qJYDM<[Z7!%V66bWLu_Qr]MKF');
define('SECURE_AUTH_KEY', 'FF@{y)vPLNmMiIWW~7+fN7Zf7e9Jw37HyGRf9=$`0kg%cKrG33kkJ5 jpE6Ox)8*');
define('LOGGED_IN_KEY', 'q!0/8%dcC6Ey<t)[*r+/W/3R2L&V:=BM<zuAC!#bt&![hIu0@TgF+nqGp)aBLl-2');
define('NONCE_KEY', 'kIHaSGF92lbRElp/UZ4<)@?xoIDaxlve|]oY+53UG.v=g/[.3wz,/|yP-yhc2-aD');
4. Database Table Prefix
Table prefixes are especially useful to strengthen your WordPress site’s security or to host multiple WordPress installations on one database.
By changing the default value of wp_
to something more unique, you can thwart hacking attempts on your site’s database and enhance site security. Here is the default definition:
table_prefix = 'wp_';
Many hackers try to break into your site when they already have this data (since it’s the default). Changing the prefix to something like sVVV_
is a good way to prevent these targeted attacks.
You can also use this setting to perform multiple WordPress installations on one database. Simply define the unique table prefix in each installation:
$table_prefix = 'wp1_'; // first blog
$table_prefix = 'wp2_'; // second blog
$table_prefix = 'wp3_'; // third blog
5. Language Settings
WordPress allows you to set the translation file for the language used on your WordPress site and its location. The translation file is a .mo
file, and its default location (if not specified otherwise) is in wp-content/languages
as the first source and wp-includes/languages
as the second source. Here are the default settings:
define('WPLANG', '');
define('LANGDIR', '');
6. Library Settings
This is not a setting you need to touch. This code comes with the wp-config.php
file and contains a few lines that define the absolute path and the wp-settings.php
settings file.
/** WordPress absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
7. Blog URL and Site URL
This is the more interesting part… 🙂 The following two settings are not in wp-config.php
by default, but adding them can improve the performance of your WordPress site – minimally, I must say. These settings were added in WordPress 2.2 and override the settings in the database (without actually changing them).
Adding these settings to the wp-config.php
file reduces the number of calls to the database. These settings should match the setting in the WordPress control panel. Here’s an example (note that there should be no “/” at the end of the addresses):
define('WP_HOME', 'https://savvy.co.il');
define('WP_SITEURL', 'https://savvy.co.il');
A nice trick is to set these settings automatically to use the global server
variable:
define('WP_HOME', 'http://'.$_SERVER['HTTP_HOST'].'/path/to/wordpress');
define('WP_SITEURL', 'http://'.$_SERVER['HTTP_HOST'].'/path/to/wordpress');
8. Template Path and Stylesheet Path
For the same reason in the previous section, you can improve the performance of your WordPress site by avoiding unnecessary calls to the database to get the template path
and stylesheet path
on your site. Here are the default WordPress settings:
define('TEMPLATEPATH', get_template_directory());
define('STYLESHEETPATH', get_stylesheet_directory());
As they are, they still make calls to the database, but you can skip these unnecessary calls by writing the paths in the code:
define('TEMPLATEPATH', '/absolute/path/to/wp-content/themes/active-theme');
define('STYLESHEETPATH', '/absolute/path/to/wp-content/themes/active-theme');
9. Domain Settings for Cookies
This setting is intended for those with a non-standard domain setup. For example, if you use a subdomain to serve static content (such as images, CSS files, and JavaScript files), you can set cookies to be sent only to the main domain so that the subdomain with static content does not send these cookies with every request to the server.
define( 'COOKIE_DOMAIN', 'www.example.com' );
10. File and Directory Permissions Override
If your hosting company’s permission settings are too strict, adding these lines to the WordPress configuration can help. Note that there is no need for quotes around the permission value:
define('FS_CHMOD_FILE', 0755);
define('FS_CHMOD_DIR', 0755);
11. Custom User and Usermeta Tables
What about changing the tables responsible for users in the database? You can change these by using the following code:
define('CUSTOM_USER_TABLE', $table_prefix.'my_users');
define('CUSTOM_USER_META_TABLE', $table_prefix.'my_usermeta');
12. Changing the Location of the wp-content Directory
Since WordPress 2.6 and above, you can change the default location of the wp-content
directory. There are several reasons to do this, such as securing your WordPress site and FTP updates. Here are examples:
// full local path of current directory (no trailing slash)
define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/path/wp-content');
// full URI of current directory (no trailing slash)
define('WP_CONTENT_URL', 'http://domain.tld/path/wp-content');
You can also set a different path for your plugins folder. This option can help solve compatibility issues with certain plugins:
// full local path of current directory (no trailing slash)
define('WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'].'/path/wp-content/plugins');
// full URI of current directory (no trailing slash)
define('WP_PLUGIN_URL', 'http://domain.tld/path/wp-content/plugins');
13. Post Revisions
In WordPress, there is a system for saving post revisions that allows you to revert back to older revision of a post if needed. Whether you like this option or not, there are several configurations you can make in this system:
Limit the number of saved revisions
define('WP_POST_REVISIONS', 3); // integer
Disable post versions functionality
define('WP_POST_REVISIONS', false);
14. Set the Time Between Automatic Post Saving
Related to the previous point, by default, WordPress saves a version of a post every 60 seconds, but you can set different intervals between saves. For example:
define('AUTOSAVE_INTERVAL', 160); // in seconds
15. Allow Upload of All File Types for Admins
WordPress limits the file types that can be uploaded to the media library. You can enable the upload of additional file types by adding the following line to your `wp-config.php` file:
define( 'ALLOW_UNFILTERED_UPLOADS', true );
It’s important to note that this setting allows only administrators to upload all file types. If you want to allow specific file types for non-admin users, check out this guide on allowing additional file types in WordPress.
16. Add a Trash Bin to the Media Library
Have you ever accidentally deleted an image in the media library and cursed yourself (and WordPress) for not allowing recovery of that image? Well, not anymore! Add the following line to your `wp-config.php` file:
define( 'MEDIA_TRASH', true );
Now, you’ll never have to worry about accidentally deleting an image.
17. Debugging
Starting from WordPress version 2.3.1, there is an option to display certain error messages on the site using Debugging. From WordPress version 2.5 and above, the system displays a higher level of errors and also shows errors for functions that have been deprecated. By default, displaying errors is not enabled.
define('WP_DEBUG', true); // enable debugging mode
define('WP_DEBUG', false); // disable debugging mode (default)
I recommend checking out this article on a more proper way to debug WordPress using WP_DEBUG_LOG.
18. Increase PHP Memory
If you receive an error message like “Allowed memory size of xxx bytes exhausted,” this setting can solve the problem. The `WP_MEMORY_LIMIT` setting allows you to specify the amount of memory available for PHP. By default, WordPress tries to set this to 32MB, so this setting is necessary only for values higher than that.
define('WP_MEMORY_LIMIT', '64M');
define('WP_MEMORY_LIMIT', '96M');
define('WP_MEMORY_LIMIT', '128M');
19. Save and Display Database Queries for Analysis
This technique is useful for saving queries to the database for analysis and analytics. It saves each database query along with the function that executed it and the total time taken to execute that query. To enable this, add the following line to your `wp-config.php` file:
define('SAVEQUERIES', true);
After that, add the following code to your theme’s footer to display the query array for admins:
// display the query array for admin only
if (current_user_can('level_10')) {
global $wpdb;
echo "<pre>";
print_r($wpdb->queries);
echo "</pre>";
}
20. Disable File Editing in the WordPress Dashboard
In the context of site security, there is an option to edit plugin and theme files through the WordPress dashboard (Dashboard > Appearance > Editor). You can disable this option to prevent users from mistakenly or intentionally modifying these files:
define('DISALLOW_FILE_EDIT', true);
21. Concatenate Files in the Admin Interface
To speed up the loading of the admin interface, WordPress combines JavaScript files into one address. If there are JavaScript errors in the admin interface, you can try using this code to disable file concatenation:
define( 'CONCATENATE_SCRIPTS', false );
22. Honestly – I have nothing more to write…
Point 22 can come from your comments – if you have cool tricks related to `wp-config.php`, share them in the comments, and I’ll add them to the post… 🙂