11 Useful Tips and Tricks for Setting Up wp-config.php File

Updated on 25 January 2022 6 min Read
wp-config.php Tips And Tricks

In the WordPress CMS, there are more than around 981 files and 95 folders. None of these files require manual changes, except the wp-config.php file. Of course, we do not need to edit the file, if we are satisfied with the standard WordPress configuration, but it is very important to learn to work with this file, to apply security measures, tricks to speed up the site and other things that we study in this article.

Backup First!

It is better to be safe than being sorry: Make a backup right now! Use the built-in export feature or the plugin, or make a backup through phpMyAdmin, but always make sure you have a backup of your website.

Your manipulation can affect the database, but they will not do anything to any files other than the file to which you will be working on, so make a backup of the wp-config.php file. If you did not make a copy of your files for more than a month, I would advise to do it, too. Frequent backups – it’s always good.

Ready? Go!
Speed: Disconnect the saved versions … Now!

The function of maintaining database versions is enabled by default but can lead to a significant “ballooning” of the database. Saved versions exist in order to enable you to roll back to a previous version of the database (if you need to). If you do not plan to use versioning to check the “early version” of your database, you should definitely disable this feature by adding this code in the wp-config.php:

define('WP_POST_REVISIONS', false );

However, if you are satisfied with the version, but you do not want to have an infinite number of copies of your modified entries, you can limit the number of versions stored for each post by using this line of code:

define('WP_POST_REVISIONS', 2 );
Speed: Set the Cookie for Domain

If you handle static content (e.g., downloading media) subdomain, a good idea would be to set “the cookie for the domain”.

define('COOKIE_DOMAIN', 'www.yourwebsite.com');

Tip: To process media download for a subdomain, just enter the last two text boxes in the Media Options page path (for example, / home / my_blog / the public_html / my_subdomain) and the URL (e.g., http://mysubdomain.myblog.com/) your subdomain.

Speed: Change the file system method

If you frequently install, update, or delete your plugins and themes, it is very likely that you hate to enter your FTP password each time you do something. The following code simplifies it for you, making the file system to use direct request via the PHP. In other words, you no longer need to enter the FTP login data.

define('FS_METHOD', 'direct');

Please note that this may not work with all web hosting providers, and even if triggered, can cause security problems on poorly configured hosting. So make sure you use it on a good server.

Safety: No access to the wp-config.php file

This trick does not require editing the wp-config.php file and the .htaccess file in your root folder. In fact, it prevents attackers from downloading yourblog.com/wp-config.php through the browser:

# protect wpconfig.php
<files wp-config.php>
    order allow,deny
    deny from all
</files>

Just add this to your .htaccess file and you’re done!

Safety: the SSL in the admin panel

Is SSL enabled on your server? Excellent! You can force WordPress to use a secure connection with the authorization by this line of code:

define('FORCE_SSL_LOGIN', true);

And if you are taking security on high priority (which is really good), you can force WordPress to use SSL on each admin page, everything is done through an encrypted connection:

define('FORCE_SSL_ADMIN', true);

For more information about how to configure SSL, you can find in the WordPress Codex page on the Administration over the SSL.

Security: Change database prefix

If you have a WordPress security loophole that allows attackers to use a hacking technique known as “SQL injection”, they can easily use standard table prefix of your WordPress database to remove them. But if you have a table prefix, different (wp_), they will not be able to guess them.

So, setting a new WordPress site, change the default value on the setup page, or change the following line in the wp-config.php file:

$table_prefix  = 'wooh00yeah_';

Note: If you want to make it work on an existing site, you cannot simply change the prefix in a wp-config.php file – you will get a connection error with the database. You need to use a plugin that will change the wp-config.php file, and database tables, and some of the values in the tables. I recommend using Change Prefix plugin.

Security: Add Security keys … Now!

Let’s just read WordPress Codex:

In simple words, the secret key is the password with the elements that complicate the selection of a sufficient number of options for hacking. Password type “password” or “test” is simple and can be easily hacked. To pick a random, unpredictable password type “88a7da62429ba6ad3cb3c76a09641fc” take years.

This is one of the most basic security measures for WordPress and it’s just a copy and paste that is randomly generated on this page content to your wp-config.php file. The hardest part is to insert a standard, blank value for these constants and their removal!

Other: Change Autosave interval

If you sometimes work on your article for 4 hours, it can be annoying that WordPress automatically saves the recording every 60 seconds. I think this is not a bad thing, but sometimes it is very, very annoying. In any case, if you want to set the autosave interval of a greater value, you can do this by setting the value in the wp-config.php file like this:

define('AUTOSAVE_INTERVAL', 240 ); // the value should be in seconds!
Other: Move your WordPress site easily

WordPress is full of surprises and this is one of them. If you need to move your site to another domain (or a new subdomain, or a new folder), define this constant in your wp-config.php file to transfer your files and databases:

define('RELOCATE',true); // We're not done yet!

After setting this value and transfer your files and database, log in with your data on WP yournewwebsite.com/login.php and then check whether the home has changed URL in the General Settings page. After confirming the changes, delete the file from your constant wp-config.php. This simple trick will save you from editing the database manually.

Tip: Although it literally “takes” your site, it does not affect the hard-coded links in your content. To change them, you should use the plugin type Search Regex and replace the old with new links.

Other: Disable editing of plugin files and themes

If you are a web designer and you use WordPress for your clients’ sites, you may want to disable the editing of files and plugins, add the following constant:

define('DISALLOW_FILE_EDIT',true);

Moreover, you can also disable the installation of new themes and plugins, and updates:

define('DISALLOW_FILE_MODS',true);

Just remember that the updated theme and plugin is often very important when they fix security loopholes. So if you want to disable the update and install new plugins / themes, you need to check for updates by other means.

Other: Enabling the WP_DEBUG development

It’s simple: If you develop a plugin or a theme, it would be good to include the ability to debug in WordPress to see what notifications and alerts you get:

define('WP_DEBUG',true);

Sometimes it’s just wonderful to see what simple mistakes you can make in the development!

Conclusion

We have seen 11 different tricks and tips that can help you to update your wp-config.php file, but the tricks are of course not limited to these. If you have any good tips, we invite you to share them in the comment box!

The Author

I am an experienced technical content writer with a proven ability to translate complex information into clear, concise prose. I have extensive experience writing for various technical audiences, including software engineers, IT professionals, and product managers. I approaches each writing project with a customer-centric mindset, focusing on understanding the audience's needs and pain points.