Understanding the file wp-config.php in WordPress is essential for any WordPress development, because, this is the most important configuration file in your site. The wp-config.php file is located in the root folder of your WordPress installation. Inside this file, you create your website basic setup like database connection information, debugger information, security keys, enable multisite, and more. This wp-config.php file is created as a result of your WordPress installation process, before you install WordPress there is a mirror file called wp-config-example.php, so, you can rename the sample file and made your modifications before install WordPress, in this case, you will skip a couple of screens.
The file wp-config.php in WordPress is almost entirely a collection of PHP defined constants, so, you usually write a define('CONFIG_NAME', 'config-value');
line to set an option, and it always has to be before the /* That's all, stop editing! Happy blogging. */
line.
So, Let’s take a look at the most common configuration options.
The Database Connection
Inside this file, you have to set your MySQL database connection credentials. They are:
/** The name of the database for WordPress */ define( 'DB_NAME', 'database_name_here' ); /** Your MySQL database username */ define( 'DB_USER', 'username_here' ); /** Your MySQL database password */ define( 'DB_PASSWORD', 'password_here' ); /** MySQL hostname */ /** * Usually you do not need to change this line, * because the MySQL Server and the Web Server are in the device * Or you are Working on your local machine. */ define( 'DB_HOST', 'localhost' ); //If using an special port, you can append it, e.g.,"localhost:3307".
You can also configure the database charset and collate with DB_CHARSET and DB_COLLATE options.
/** Database Charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8' ); /** * This value should be changed only before installing WordPress, * if you change it after the WordPress database is created, it could lead to an unstable site */ define( 'DB_COLLATE', '' );
Security Keys
The security keys are a list of eight random strings that WordPress uses to encrypt your user credentials when logged in. It is strongly recommended to create them. WordPress has a web service which helps you to set these security keys, just go to this online generator, copy and paste in your wp-config.php file, and that’s it.
Example:
// This is just an example, please DO NOT USE this keys on your WordPress site. // Instead go to the online generator and create your unique keys there. define( 'AUTH_KEY', 'JYFJK)$)$7N/eEqJxl`ETxA7Ik-<wg2[0]^OA3v~xO^+3#W<{pU-+1GGXD@G(f=e' ); define( 'SECURE_AUTH_KEY', 'k|c%e,[G-J?o}B({w%h^Qz3?o=K8^X`H%4dOeg0X9!mJXzqAi&wFmG+>lo{si@c=' ); define( 'LOGGED_IN_KEY', '|aTd14PoM/PV%FpLrF)jYgu=*{Yicb1{7Pt;CMmPHp>TBENpKI|,CZitF%>af!u.' ); define( 'NONCE_KEY', ']&!XcF:Z)fWBJM,1jirhPZOdrm._nv>@YfW|/:_~-E6>V! >KeoPLG44Z23|iK}N' ); define( 'AUTH_SALT', '%+IJNq_4:5Y:7[bzuL_;^J5 *]E@w%nAlx{Ut@87?h/&/4G_]?g:D[4UF:O#;4n6' ); define( 'SECURE_AUTH_SALT', 'WI%rH`3;nU+s2Sz$wutolPBB]K2CFgE $6{IEG=a@ wQn035<=a_3I9Xnhr0?,oK' ); define( 'LOGGED_IN_SALT', 'jddHwJz|=da[W]hFDC4+uKq[-(`|?y5T#Q;ASm}!tkT|T1%22;>^064<4M-drU=-' ); define( 'NONCE_SALT', '~-bFkm=DNgEy+1wS.<9j*<(3{IZOoKC}E>tLl+XV$nZ |Or#{YNl& 4|-c^(TV& ' );
Database table prefix
The database table prefix is a WordPress security option, by default it is «wp_», but, you should change this value with your unique table prefix. With this feature, you make it harder for an attacker to guess your database table names and you can also have multiple WordPress installations in one MySQL server.
Example:
/** * Set your unique table prefix, DO NOT USE the 'wp_' default of WordPress * and DO NOT USE my example here, it is so easy to guess. */ $table_prefix = 'myprefix_';
WordPress debug mode
There are a couple of lines you can add in your wp-config file for debugging, by default WordPress is configured to hide any run time errors, but, if you are in a development environment you can add these lines:
define( 'WP_DEBUG', true ); define( 'WP_DEBUG_LOG', true ); define( 'WP_DEBUG_DISPLAY', false );
Now WordPress will create a debug.log file in the wp-content folder and write any error inside that file; it is the recommended option to track errors because displaying them on your site is considered a vulnerability issue.
In conclusion, those are the most important and essential configuration options on the file wp-config.php in WordPress, in addition, there are many more features like WP_SITEURL to override the table «siteurl» value on your {prefix}_options table. Or WP_POST_REVISIONS to limit or disable the number of revisions that WordPress creates in your database; this will help to reduce your database size because every time you make changes to a post WordPress creates a whole new instance of it in the database as a new «revision», so, disabling or limiting this option helps to reduce your {prefix}_posts rows. You can also enable the WordPress multisite functionality setting WP_ALLOW_MULTISITE to true, by default it is false. Some other configuration options are FTP connection, memory limit, cookie domain limit, and more!
If you want to learn more about the file wp-config.php in WordPress, go to Editing wp-config.php in the WordPress codex.