WordPress has made it easy for just about anyone to create and run a website without ever having to know what its made up of and how it functions. Almost everything can be done from the WordPress dashboard, but behind the scenes, there are complicated processes running and complex data being generated. A lot of that work is managed by wp-config.php file.

Like a faucet, if its faulty or leaking, if you have no plumbing skills, you wouldn’t want to go under the sink and try to fix it. But sometimes, as much as you’d prefer not to, you might find yourself Googling it to do it on your own. And you’ll realize it’s not that hard!

The same applies to your WordPress site, sometimes we need to tweak something small in the backend in order to fix the site.

The wp-config.php is one such file that may need a tweak once in a while (rarely!). This file enables you to change and add certain settings that are critical or could add more functionality to your site.

However be warned, this file is susceptible. For instance, a slight misstep or a tiny flaw in this file could cause your website to crash or malfunction. Fixing it becomes a nightmare – not to mention an expensive affair!

But don’t worry, we at BlogVault know the wp-config file inside out. We’ll guide you in understanding what this file does. We’ll also cover where to find it and teach you how to edit it without breaking your site.

Caution:

It’s good to learn about the WordPress wp-config.php file, but we recommend that you use the WordPress dashboard to change settings. Making changes directly to this file should be reserved for times when there is no other alternative.

As this is extremely risky, we strongly recommend that you do this on a staging site. First, take a backup of your WordPress site using the BlogVault Plugin. In case something goes wrong, you can restore your website to normalcy using a backup. Then create a staging site using the same plugin, and carry out your changes there. If you’re convinced the changes are working fine, you can merge it with your live site.

Now, let’s dive in!

What is the wp-config.php File?

First, we need to understand that a WordPress website is made up of files and a database. The files mostly contain settings and configurations, while the database contains your posts, comments, users, etc.

The wp-config.php is a file that is vital to the functioning of your website. It stores some of your website’s most important settings and configurations. Without it, your website will not work.

It also contains your website’s database information. But if you don’t have the wp-config file, then your WordPress site won’t be able to connect to your database. In this case, you’d see ‘error in establishing database connection’ when you or anyone tries to access the site.

Now you may never have to touch this file so long as you are fine with the default settings. But your wp-config file can come in handy if you want to:

    • Find your database name and database password
    • Move from one web host to another
    • Switch domain names
    • Change databases
    • Apply security precautions
    • Customize functionality and improve performance

To make changes to it, we need to first find out where it’s located.

Where is the wp-config.php File Located?

When you install WordPress, a number of files are installed. However, the wp-config file is not one of them. It is first generated as wp-config-sample.php. This contains the default settings and information pertaining to your WordPress installation alone.

You can find this file using two methods:

1. cPanel – This is your website’s control panel that you can access through your web hosting dashboard.

Log into your hosting account, go to cPanel and choose ‘File Manager.’

 

cPanel File Manager

 

After that, you will see a number of files and folders populated on the page. In the public-html folder, you will find the wp-config.php.

 

locating wpconfig file

 

2. FTP – If you don’t have access to cPanel or you prefer not to meddle with it, there is a software called File Transfer Protocol or FTP that you can use. You need to install it on your computer and it will enable you to access your WordPress files without having to access cPanel.

FileZilla is one such FTP client that’s popular and trusted. To use FTP, you would need your FTP credentials. You can find your FTP credentials in your web host dashboard. If not, contact your web host and request for it.

Launch Filezilla and enter your FTP credentials – host name, username, and password – and click on Connect.

 

entering ftn credentials

 

Once a connection is successfully established, you should see the folder ‘public_html’.

After that, you will find the wp-config file in this root folder.

 

public_html folder structure

If it is named wp-config-sample.php, simply rename it to wp-config.php and you’re good to go.

How to Edit the wp-config.php File?

Once you locate the file, you can follow the steps below to edit it:

1. Select the file and click on download.

 

downloading wp-config.php file

 

2. After that, open it in a text editor like Notepad. Here, you’ll be able to edit it. To edit the file, simply make the changes you require. This means you can add your own code, edit the existing code, or even delete some of it.

3. Once done, you need to save it. Head back to the File Manager and upload it to the public_html folder. Simply overwrite the old file.

 

uploading wp-config.php file

 

Now that you know how to download, edit and re-upload your wp-config file, we can show you what edits to make.

Editing the wp-config File

When you open a wp-config.php file, you will see the following code:

<?php

/**

* The base configuration for WordPress

*

* The wp-config.php creation script uses this file during the

* installation. You don't have to use the web site, you can

* copy this file to "wp-config.php" and fill in the values.

*

* This file contains the following configurations:

*

* * MySQL settings

* * Secret keys

* * Database table prefix

* * ABSPATH

*

* @link https://codex.wordpress.org/Editing_wp-config.php

*

* @package WordPress

*/

// ** MySQL settings ** //

/** The name of the database for WordPress */

define('DB_NAME', 'Database_SAMPLE');

/** MySQL database username */

define('DB_USER', 'Username_SAMPLE');

MySQL database password */

define('DB_PASSWORD', 'sample_password');

/** MySQL hostname */

define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */

define( 'DB_CHARSET', 'utf8' );

/** The Database Collate type. Don't change this if in doubt. */

define( 'DB_COLLATE', '' );

/**

* Authentication Unique Keys and Salts.

*

Change these to different unique phrases!

* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}

* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.

*

* @since 2.6.0

*/

define('AUTH_KEY', 'sample authentication key');

define('SECURE_AUTH_KEY', 'sample authentication key');

define('LOGGED_IN_KEY', 'sample authentication key');

define('NONCE_KEY', 'sample authentication key');

define('AUTH_SALT', 'sample authentication key');

define('SECURE_AUTH_SALT', 'sample authentication key');

define('LOGGED_IN_SALT', 'sample authentication key');

define('NONCE_SALT', 'sample authentication key');

/**

* WordPress Database Table prefix.

*

* You can have multiple installations in one database if you give each

* a unique prefix. Only numbers, letters, and underscores please!

*/

$table_prefix = 'wp_';

/**

* For developers: WordPress debugging mode.

*

* Change this to true to enable the display of notices during development.

* It is strongly recommended that plugin and theme developers use WP_DEBUG

* in their development environments.

*

* For information on other constants that can be used for debugging,

* visit the Codex.

*

* @link https://codex.wordpress.org/Debugging_in_WordPress

*/

define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */

if ( ! defined( 'ABSPATH' ) )

define( 'ABSPATH', dirname( __FILE__ ) . '/' );

/** Sets up WordPress vars and included files. */

require_once ABSPATH . 'wp-settings.php';

By looking at the file, apart from a few words, the rest of the file looks like gibberish to a regular WordPress developer. And we know, the first time you look at it, it’s perplexing! So let’s take a look at each element and understand what it means and whether it needs to be edited or not:

1. Database Configuration

As you create new users, publish posts and comments, all the data is stored in your database.

As a site owner, you would normally never need to access this. But there are times where you would need to know your database name, username, and password.

This information is contained in the wp-config file under ‘MySQL settings’:

// ** MySQL settings ** //

/** The name of the database for WordPress */

define('DB_NAME', 'Database_SAMPLE');

/** MySQL database username */

define('DB_USER', 'Username_SAMPLE');

/** MySQL database password */

define('DB_PASSWORD', 'sample_password');

/** MySQL hostname */

define('DB_HOST', 'localhost');

DB_Name: The name of your database

DB_User: The user who has access to the database

DB_Password: Security passcode required to access the database

DT_Host: Your database server’s hosting name. In most cases, it’s left as ‘localhost’

This information doesn’t need to be changed in most cases. However, if your WordPress host provider uses alternate ports, you would need to specify it here. For example, if the port number is 654321, you need to change to

define('DB_HOST', 'localhost:654321');

2. Character Set and Collation

The next lines in your wp-config are:

/** Database Charset to use in creating database tables. */

define( 'DB_CHARSET', 'utf8' );

/** The Database Collate type. Don't change this if in doubt. */

define( 'DB_COLLATE', '' );

DB_Charset –

A character set (charset) is a collection of characters that might be used by multiple languages. Consider it a form of coding in which every character of a language (letters, numbers, and symbols) is assigned a unique code or numerical value.

Why is it needed? The WordPress platform is used all over the world and in various languages. So it needs a character encoding system that can be used to display different languages.

Unicode is one such encoding system wherein every letter, digit or symbol is assigned a numeric value that applies across different languages, programs, and platforms.

By default, in the wp-config file, WordPress sets the character set to Unicode (UTF-8) as it supports almost all languages. You can disable character set or change it to an encoding system of your choice, but generally, this never needs to be touched.

DB_COLLATE –

In order for the character set to work, it needs rules for comparing and sorting called collations.

If you leave the settings as NULL or empty, WordPress will automatically fetch the correct collation as assigned by your server.

Many WordPress users choose to enter the default Unicode collation:

define(‘DB_COLLATE’, ‘utf8_general_ci’); // general collation

3. Security Keys

/**

* Authentication Unique Keys and Salts.

*

* Change these to different unique phrases!

You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}

* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.

*

* @since 2.6.0

*/

define('AUTH_KEY', 'sample authentication key');

define('SECURE_AUTH_KEY', 'sample authentication key');

define('LOGGED_IN_KEY', 'sample authentication key');

define('NONCE_KEY', 'sample authentication key');

define('AUTH_SALT', 'sample authentication key');

define('SECURE_AUTH_SALT','sample authentication key');

define('LOGGED_IN_SALT', 'sample authentication key');

define('NONCE_SALT', 'sample authentication key');

Here, WordPress tells you that you can change these keys to different unique phrases of your own.

Why would you ever need to change these keys?

Let’s take a step back. Once you login to your WordPress account, you don’t have to keep logging in every time, right? This is because of browser cookies. It stores information needed to log you in automatically.

If stored in plain text, in the event hackers get their hands on this information, they can read it. To safeguard this data, we encrypt it using security keys and salts.

A WordPress Security Key is a password that is made up of random elements. It’s created to be long and complex so that it’s almost impossible for any hacker to figure it out.

Salts add an extra layer of protection to the cookies and security keys. So even your security key is protected.

In the wp-config file, there are 4 security keys used to sign the cookies for your WordPress site. There are four corresponding salts for each key.

If your WordPress account has been compromised, you need to change these keys.

To do this, you can generate new keys using the online WordPress security key generator. Copy the entire thing and replace the same in your wp-config file.

This will invalidate all cookies stored and force all users to be logged out. They will need to log in again. So anyone logged in to WordPress including a hacker will be logged out.

Security keys and salts don’t need to be remembered. You should just never disclose them or post them online. It’s recommended you change these keys if you suspect a hack or are recovering from one.

4.WordPress Database Table Prefix.

$table_prefix = ‘wp_’;

Every WordPress website stores the majority of its data in a database such as pages, posts, comments, tags, etc.

There are 11 default database tables, and each one stores different kinds of data. When you install WordPress, the 11 core tables are by default prefixed with ‘wp_’ like wp_comments, wp_posts, wp_options, etc.

Hackers know the default prefix and this makes it easier for them to locate and break into databases.

To improve the security of your database, you can change this prefix to something of your choice. It will make it harder for hackers to guess the name of your database and its tables.

You needn’t edit wp-config.php file. You can install a plugin like Change DB Prefix to create unpredictable, random table prefixes.

If you wish to edit it in the config file, replace ‘wp_’ with something of your choice:

$table_prefix = ‘tra_’;

5. WordPress Debug Mode

The next part of the wp-config file is useful for developers who want to experiment with features and learn about the WordPress software.

By default, debugging settings on a WordPress site are switched off:

define('WP_DEBUG', false);

This means error notifications are not displayed to you. If you want to see these errors and debugging messages, you need to change this line to

define('WP_DEBUG', true);

This is helpful for developers who want to find and fix bugs. (Recommended read: Debugging WordPress)

6. Stop Editing

/* That's all, stop editing! Happy blogging. */

This line is crucial to the proper functioning of the wp-config file. Any changes you want to make or add to the file should be done above this line.

The final section of the wp-config file is

/** Absolute path to the WordPress directory. */

if ( ! defined( 'ABSPATH' ) )

define( 'ABSPATH', dirname( __FILE__ ) . '/' );

/** Sets up WordPress vars and included files. */

require_once ABSPATH . 'wp-settings.php';

It defines an absolute path that is used to set up WordPress vars and included files. An absolute path is the location of a directory or a file on a computer. You shouldn’t edit anything here.

Additional Things to Edit in the wp-config File

The wp-config file is useful in other ways. You can add a few settings here to improve the functionality of your site.

1. Change URLs

When you migrate to a new domain or web host, you may need to change your WordPress URLs. You can do this on the dashboard by going to Settings > General.

chaning url address

 

You can also make the change in the wp-config file by adding these two lines:

define('WP_HOME','http://example.com');

define('WP_SITEURL','http://example.com');

This can come in handy in case you don’t have access to your wp-admin.

2. Limit Post Revisions

WordPress maintains all revisions made to your posts. This can increase the amount of data on your website. It can eat up web server resources, slow down your website’s speed, and also increase the size of your backup.

To limit the number of revisions stored for a WordPress post, add this line:

define('WP_POST_REVISIONs’,5 );

This means only up to the last 5 revisions will be stored. The rest will be discarded. You can change ‘5’ to any number you prefer.

3. Disable Automatic Updates

You can disable automatic updates by adding this line to your wp-config file:

define('WP_AUTO_UPDATE_CORE’, false );

To enable it again, you can simply delete this line or change ‘false’ to ‘true’.

Since version 3.7 of WordPress, minor updates were made automatic. Minor updates usually carry security patches that would fix any vulnerabilities present in the default WordPress software. We recommended keeping auto-updates turned on for the minor ones. You can do so by adding this line:

define ( ‘WP_AUTO_UPDATE_CORE’, ‘minor’ );

(Recommended Read: How to Safely Update Your WordPress Site)

4. Change Uploads Directory

Any media uploaded to your website is stored in the wp-content/uploads folder by default. You can choose to store it elsewhere by adding this line:

define('UPLOADS’, ‘wp-content/myfolder’);

Replace ‘myfolder’ with the name of the folder you want to use.

5. Enable Multisite

WordPress enables you to create multiple WordPress sites on a single installation of WordPress. To create a network of sites, you need to add the following line:

define('WP_ALLOW_MULTISITE’, true);

6. Enable AutoSave

WordPress automatically saves edits to your posts as you’re creating or revising documents. The default time interval is 60 seconds. You can change this interval to a value of your choice by inserting the following line:

define('AUTOSAVE_INTERNAL’, 160); //seconds

7. Disabling Plugin and Theme Updates and Installs

Sometimes, updates can break your site or cause incompatibility issues. In some cases, plugins and themes may not be compatible with the version of WordPress you’re running your website on. By installing them without checking the compatibility, your website could crash.

In cases where there are multiple users working on a site, you might want to disable the option to update or install themes and plugins.

This is also useful for developers who want to disable this option for their clients so that they don’t install something without checking if it’s trusted and compatible.

You can disable this feature from appearing on your dashboard by adding this line:

define('DISALLOW_FILE_MODS’, true);

To enable the function, you need to change ‘true’ to ‘false’.

You can also enable and disable updates and installs on your website using a security plugin like MalCare. Its website hardening features enable you to do this with just a few clicks.

To learn more cool things you can do with the wp-config.php file, we recommend reading Everything about WordPress Configuration.

In Conclusion:

The wp-config file is one of the most critical elements of your website. It houses very important information and settings of your website. So, remember to take a backup before you edit this file.

While you can make changes and improve your site, you can also make errors and break your site. We suggest editing the file on a staging site. This will ensure any errors you make will not affect your live site.

Nonetheless, for as much as possible, we advise configuring settings from the WordPress dashboard.

We hope we were able to simplify the wp-config file and make it easy to edit. If you liked this article, you will love our backups. We offer fast and easy backups that are guaranteed to work when you need it!

Try Our BlogVault Plugin Now!