Tutorials UPDATED: 30 June 2024

wp-config.php: Mastering the WordPress Configuration File [With Examples]

Tassos Antoniou

13 min read

Always wanted to know all about the wp-config.php file in WordPress? You’re in the right place! In this article, we take a look at what the file is, where it’s located, and crucially how it works along with details of ways you can edit it in order to achieve certain tasks within your WordPress website.

Let’s get going!

wp-config.php Basics

Before we get into the details let’s take a look at some wp-config.php basics.

What is wp-config.php?

The wp-config.php file is an integral component of a WordPress installation and is generated during the installation process. It is the main configuration file for all versions of this widely used platform.

If you download the default WordPress package, you will notice that the wp-config.php is not included, but you will see a wp-config-sample.php file. This file is renamed to wp-config.php during the installation process.

Where is wp-config.php located?

You can access the wp-config.php file by using an FTP client such as FileZilla or the File Manager provided by your web host. The file can be found under the root folder of your website.

wp-config.php location

Open it with your favorite editor and take a look as we examine the contents below.

wp-config.php Contents

The wp-config.php file contains configuration items that allow WordPress to establish a connection with the database in order to be able to store and retrieve data from it.

The most suitable example we can use to explain the contents of wp.config.php, line by line, is the example wp-config.php file WordPress provides on its repository. Let’s break down its content piece by piece.

Database settings

The wp-config file is primarily used to establish the connection to the database. The information related to this task are configured at the MySQL section at the start of the file.

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the web site, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/
 *
 * @package WordPress
 */

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );

/** Database username */
define( 'DB_USER', 'username_here' );

/** Database password */
define( 'DB_PASSWORD', 'password_here' );

/** Database hostname */
define( 'DB_HOST', 'localhost' );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

This includes:

  • the database name (DB_NAME),
  • the database username (DB_USER),
  • the database password (DB_PASSWORD),
  • the database hostname (DB_HOST),
  • the database charset to use in creating database tables (DB_CHARSET) and
  • the database collate type (DB_COLLATE)

As you’ll see, a brief description of each section is provided to help you understand what each line does. If you’re not sure what info needs to be included here (and it’s not been pre-populated), you’ll need to check with your web host.

Try our Award-Winning WordPress Hosting today!

In rare instances, you may find that the wp-config file isn’t correctly configured during the installation process. If this is the case, you’ll need to do this manually. You can do this by creating an empty wp-config.php file and defining the constants with the right values copying the content from the wp-config-sample.php file.

Later on in this article, you’ll find a part where we describe how Pressidium handles the wp-config.php file and what is inserted in its contents during a vanilla installation of a Pressidium customer.

Security keys

Next, we can see the authentication keys and salts. This set of keys adds protection from brute-force attacks to your website by encrypting the WordPress cookie login information.

/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

/**#@-*/

There is also a great tool provided by the WordPress API that will generate unique values for each of these keys.

It is advisable to replace these strings on a regular basis. After applying new security keys and salts, WordPress will log out all users and invalidate cookies, which will result in any logged-in users needing to re-login.

The database table prefix

Next, we have the $table_prefix value which, by default is wp_.

/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';

However, WordPress allows you to set a custom database prefix for better protection. It should consist of underscores, letters, and numbers. For example:

$table_prefix = 'wp_mycustomprefix';

Make certain though that it is distinct enough to prevent other users from easily guessing it. You can access the structure of your database via phpMyAdmin, to check the table names to see whether they begin with the prefix that you have been assigned.

The WordPress debugging mode

All WordPress websites can occasionally run into problems and, if and when this happens, you’ll want to be able to search for the issue that caused your site to break. To do this in WordPress you’ll need to put it into Debug mode. Below you can see the part of configuration content in wp-config that is related to debugging, set to FALSE by default.

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://wordpress.org/support/article/debugging-in-wordpress/
 */
define( 'WP_DEBUG', false );

This is a very useful feature, especially if you’re a WordPress developer. We can set this to TRUE if we need to consult some logs to trace an error and mitigate an issue. To do this, you’ll need to enable the debug mode by changing ‘WP_DEBUG’ to ‘true’ (as shown below):

define( 'WP_DEBUG', true );

Then, to allow pages to load normally for the visitors, insert these two lines right below the debug line:

define( 'WP_DEBUG_DISPLAY', false );
@ini_set( 'display_errors', 0 );

And the last thing to do is to set the code that will allow you to see the debugger’s output:

define( 'WP_DEBUG_LOG', true );

Your new debug log file will appear in /wp-content/ and can be accessed via SFTP like any other WordPress file. This file only appears when there’s an error. If everything works, this file won’t be created.

When a log file is created, open it in a text editor to read. Even if you’re a beginner, there are usually clear clues as to what’s wrong. At this point, you can fix the issue or give it to a developer or web host (if their support team can help). When you’re done debugging, turn off debugging mode. Leaving this switched on will consume server resources unnecessarily and slow your website down.

You can also define a different path that the log file should be created in by entering this line:

define( 'WP_DEBUG_LOG', ABSPATH .  'wp-errors.log' );

This piece of code should be inserted in the “Custom Values” part of the file. The ABSPATH will also be explained later on in this tutorial.

Custom Values

Further down the wp-config.php file, WordPress leaves room for us to add any required custom code.

/* Add any custom values between this line and the "stop editing" line. */

/* That's all, stop editing! Happy publishing. */

This can be useful for plenty of things. One popular use is to set a custom directory for the wp-content folder in order to help thwart malware injections.

define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/customfolder/wp-content' );
define( 'WP_CONTENT_URL', 'exampledomain.com/customfolder/wp-content' );

You notice that we need to change both the directory(‘WP_CONTENT_DIR’) and URL(‘WP_CONTENT_URL’), as they are represented by different variables.

The same goes if you want to change the plugins directory:

define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/content/wp-content/plugins' );
define( 'PLUGINDIR', $_SERVER['DOCUMENT_ROOT'] . '/customfolder/wp-content/plugins' );
define( 'WP_PLUGIN_URL', 'exampledomain.com/customfolder/wp-content/plugins');

WordPress suggests that you use your custom code at this specific area until the “stop editing!” comment. If the code is put before or after that point, then the initialization process will continue, possibly skipping your custom code or worse.

Absolute path

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

It is highly recommended that the absolute path information isn’t edited. For information purposes, however, ABSPATH is a PHP constant that specifies the absolute path to the WordPress directory and is defined at this part of the wp-config.php file. The absolute path is later used to include files and setup WordPress vars.

WordPress vars

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

The same goes for the last part, where the ABSPATH mentioned above is used in order to reach the wp-settings.php file, where all the necessary WordPress variables are loaded from. It would be wise to not edit this either.

What you can do with wp-config.php

There are numerous ways you can benefit from editing the wp-config.php file. Here are some of the most common ones.

Change The WordPress URL

There are occasions where the WordPress URL needs to be changed, such as when migrating a website. WordPress admin provides the ability to change this in the General Settings admin screen. However, there are occasions where errors in your WordPress site can prevent you from accessing the Admin panel. In these cases, you can edit the URL directly from the wp-config.php file.

define( 'WP_HOME', 'http://example.com' );
define( 'WP_SITEURL', 'http://example.com' );

As we mentioned before, edits like this should be placed in the “Custom Values” part of the content.

Change The Memory Size Limit

In the wp-config.php file you can modify the maximum amount of memory that can be consumed by PHP like this:

define('WP_MEMORY_LIMIT', '256M');

Take extreme care when changing this though. If you notice that your script needs excessive amounts of memory to execute, then check the script for possible ways of optimizing it.

Redefine the Uploads Folder

The default location for the media uploads is the “/wp-content/uploads/” directory. By adding the code below to the “Custom Values” section of wp-content.php you can change the location of the uploads to one of your choosing:

define( 'UPLOADS', 'wp-content/custom-uploads-folder' );

Just make sure that after changing the location, you transfer all the files inside the ‘old’ uploads folder into the new folder, otherwise this content won’t appear on your website as designed.

Relocate the wp-content Folder

If you wish, you can move the wp-content folder to a new location, by adding the following code:

define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/custom-folder/wp-content' );
define( 'WP_CONTENT_URL', 'exampledomain.com/custom-folder/wp-content' );

In the first line, we redefine the WP_CONTENT_DIR constant that returns the location of the remote path, and in the second line, we should also redefine the WP_CONTENT_URL constant. Of course, the exampledomain.com should be replaced with yours.

Relocate the Plugins Folder

The following code snippet will move the plugins folder to a new custom location by redefining the WP_PLUGIN_DIR constant:

define( ‘WP_PLUGIN_DIR’, $_SERVER[‘DOCUMENT_ROOT’] . ‘/custom-folder/wp-content/plugins’ );

NOTE: Whenever making changes to the wp-config.php file it’s worth taking a copy of the existing code. If the changes you make don’t perform as expected, it’s then relatively easy to revert to a file that you know works.

How Pressidium Handles the wp-config.php File

Let’s take a quick look at how the Pressidium Platform handles the wp-config.php file when a new install is spun up.

Before you create a new install from the Pressidium Dashboard, you are asked to provide a desired unique installation name. After the vanilla WordPress install is ready, the database settings inside wp-config.php are auto-filled using the data you entered. In the example below, the installation name is “newtesty”.

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'db_newtesty' );

/** Database username */
define( 'DB_USER', 'newtesty' );

/** Database password */
define( 'DB_PASSWORD', 'wOqpEj42OXKaClZN0okf' );

/** Database hostname */
define( 'DB_HOST', '127.0.0.1' );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' ); 

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

Lastly, the $table_prefix variable is autofilled with a randomly generated strong ‘hard-to-guess’ table prefix for your new database.

Conclusion

We hope you’ve found this introduction to the WordPress wp-config.php file useful. As with any article, it’s hard to cover every possible usage or variable and, if you’re interested in maximizing your knowledge of the wp-config.php file then it’s well worth checking out the official WordPress documentation for more information.

Start Your 14 Day Free Trial

Try our award winning WordPress Hosting!

OUR READERS ALSO VIEWED:

See how Pressidium can help you scale
your business with ease.