Few files are as fundamental to the health and security of a WordPress website as wp-config.php . This core configuration file governs how WordPress connects to its database, defines security measures, and manages a wide array of crucial settings that impact performance, debugging, and overall site functionality. Located in the root directory of your WordPress installation, this file is instrumental in nearly every aspect of your site's operation, and understanding its purpose and capabilities is a key step toward mastery of the platform.
Locate the following section in your file to update your credentials:
The wp-config.php file is the brain of your WordPress website. It is one of the most critical files in your WordPress installation, acting as the bridge between your website's files and the database that stores all your content.
# Create a new wp-config.php file wp config create --dbname=mydb --dbuser=myuser --dbpass=mypass
The Ultimate Guide to the WordPress wp-config.php File The wp-config.php file is the most important configuration file in your WordPress installation. It acts as a bridge between your WordPress files and your database, housing core security keys, database connection details, and performance tweaks. wp config.php
You can set permissions via your FTP client by right-clicking the file, selecting “File Permissions,” and entering the numeric value.
If WordPress is installed in a subdirectory (e.g., https://yourdomain.com/wordpress ), you would use:
Always download a copy of your working wp-config.php file to your local computer before making changes. One missing semicolon can crash your site.
WordPress uses security keys and salts (like AUTH_KEY , SECURE_AUTH_KEY , LOGGED_IN_KEY , NONCE_KEY , and their salts) to encrypt information stored in user cookies, making it much harder for hackers to compromise login credentials. You can generate a completely new set of random, unique keys and salts from the WordPress.org secret-key service. Few files are as fundamental to the health
define( 'WP_ALLOW_REPAIR', true );
<?php // Database settings (use strong credentials) define( 'DB_NAME', 'prod_db' ); define( 'DB_USER', 'prod_user' ); define( 'DB_PASSWORD', 'complex_pass_here' ); define( 'DB_HOST', 'localhost' );
This comprehensive guide will walk you through everything from basic setup to advanced security and performance tweaks. 1. What is the wp-config.php File?
The MySQL database user who has privileges to access the database. Locate the following section in your file to
The wp-config.php file is located in the of your WordPress site (often called public_html , www , or your site's name).
Disable it by adding this line to wp-config.php :
When building custom themes, troubleshooting plugin conflicts, or encountering a "White Screen of Death," debugging modes pinpoint exactly what went wrong.
WordPress stores cookies on the user's computer to verify identity. To ensure these cookies cannot be easily deciphered or hacked via "brute force" or "rainbow table" attacks, WordPress uses and Salts .
define( 'WP_POST_REVISIONS', 3 ); // Limit to 3 revisions per post define( 'WP_POST_REVISIONS', false ); // Disable revisions entirely
You can cap the number of saved revisions per post, or disable them entirely: