If you’ve installed a WordPress Theme before you’re familiar with the
wp-config.php file, located in the root of your WordPress install. This is the file where you set the database name, username, password, location and define your site language.
But what many users don’t know is that the
wp-config.php file may be used to specify a wide variety of configurational settings, enabling you to improve the functionality, performance, and tighten security of your WordPress-powered site. Once you get the basics of
wp-config.php, you can really do some awesome stuff.
The contents of the
wp-config.php file are in a specific order, the order matters. If you already have a
wp-config.php file, rearranging the contents of the file may create errors on your blog. But above all else, make sure to backup your database before making major optimization efforts or attempting to repair tables.
Now the first thing you want to do with your new
wp-config.php is to protect it. In an earlier article here you can find a great way to secure this file using .htaccess: .htaccess codes to secure your WordPress site.
WordPress Database Table prefix
The smartest way you can protect your database is by changing the default table prefix which is really easy to do on a site that you are setting up. But it takes a few steps to change the WordPress database prefix properly for your established site without completely messing it up.
The default value, as seen in your
wp-config.php file, is:
$table_prefix = 'wp_';
Changing it to something unique essentially immunizes it against automated attacks, malicious scripts and bad bots on anything prefixed with “
wp_”. The more random and unique, the better: “
name123_” could be a good example.
Note: Ending the string with an underscore or some other easily recognizable character is a good way to keep things readable and easy to use.
Tell WordPress to remember your FTP credentials
This snippet simply tells WordPress to remember your FTP credentials so you won’t be asked again when an upgrade is available.
define('FTP_HOST', 'ftp.yoursite.com'); define('FTP_USER', 'Your_FTP_Username'); define('FTP_PASS', 'Your_FTP_password'); define('FTP_SSL', true); // If you can use a SSL connection set this to true
WordPress Internal Caching and Cache Expiration
In case of a slow database server, it might be a good idea to store frequently used data in a serialized form on disk. WordPress has an integrated disk-cache which stores rarely changing data like categories and users in a special folder.
The first definition enables you to enable or disable the cache, while the second definition enables you to specify the cache expiration time.
define('WP_CACHE', true); // 'true' to enable the cache define('CACHE_EXPIRATION_TIME', 3600); // in seconds
Note: If you want to disable cache, then change
'false'. Make sure that the
wp-content/cache folder is writable!
Dealing with Post Revisions
WordPress provides a post-revisioning system that enables users to save different versions of their blog posts and even revert to previously saved versions if necessary. Regardless of how much you do or do not despise this amazingly awesome feature, you can limit the number of saved revisions by inserting:
define('WP_POST_REVISIONS', 3); // any integer
Note: If you want to disable the post-revisioning feature, change the integer to “
Specify the Autosave Interval
In a similar approach as the post-revisioning feature is WordPress’ actually useful Autosave functionality. By default, WordPress saves your work every 60 seconds, but you can totally modify this setting to whatever you want.
define('AUTOSAVE_INTERVAL', 160); // in seconds
Note: Don’t set the time to tight, unless you want to stress-out your server.
Automatically empty trash
By default WordPress deletes the Trash every 30 days, but you can set it to whatever you want by adding a line like this to
define('EMPTY_TRASH_DAYS', 1); // Empty spam comments automatically every day!
Note: Replace 1 by X to empty spam comments automatically every X days, you can disable the Trash feature by specifying a zero value.
Increase WordPress memory limit
If you are receiving error messages telling you that your “Allowed memory size of xxx bytes exhausted,” this setting may help resolve the issue. By default, WordPress is configured to limit the php memory it uses to 32M. If you receive a message such as “Allowed memory size of xxxxxx bytes exhausted”, you might want to increase this limit, as shown below:
Blog Address and Site Address
By default, these two configurational definitions are not included in the
wp-config.php file, but they should be added to improve performance. These two settings override the database value without actually changing them. Adding these two definitions in your site’s
wp-config.php file reduces the number of database queries and thus improves site performance. These settings should match those specified in your WordPress Admin.
define('WP_HOME', 'http://gonzoblog.nl'); define('WP_SITEURL', 'http://
Note: Do NOT include a trailing slash at the end of either URL!
Error Log Configuration
Here is an easy way to enable basic error logging for your WordPress-powered site. Create a file called
php_error.log, make it server-writable, and place it in the directory of your choice. Error logs are powerful tools for keeping an eye on things and expediently resolving issues. Then edit the path in the third line of the following code and place into your
@ini_set('log_errors','On'); @ini_set('display_errors','Off'); @ini_set('error_log','/logs/php_error.log');
Note: There’s a great article about monitoring your site’s PHP errors (see Method 1) on digwp.com
Override File Permissions
If your web host’s default file permissions are too restrictive, adding these definitions to your WordPress configuration file may help resolve the issue.
define('FS_CHMOD_FILE', 0644); define('FS_CHMOD_DIR', 0755);
Note: All files should be 644 or 640, and all directories should be 755 or 750. Read more about Changing File Permissions on Codex.
Force SSL usage on your wp-admin directory
If you’re running WordPress on a server that supports SSL, you might want to force SSL usage on all admin sessions. To do so, simply define the
FORCE_SSL_ADMIN constant in your
wp-config.php file, as shown below:
Automatic Database Repair
WordPress 2.9 and later has automatic database optimization support, which you can enable by adding the following define to your
wp-config.php file only when the feature is required:
After you have added the code in the
wp-config.php, you can repair your database anytime by visiting the URL:
Change your wp-content directory
Since WordPress 2.6 you can change your wp-content directory. Set
WP_CONTENT_DIR to the full local path of this directory but should not have a slash “/” at the end. Example:
define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/new_folder/wp-content' );
Note: Do NOT include a trailing slash “/” at the end.
WordPress debugging, the easy way
When developing or debugging, it is useful to display errors. But when your site is live, you might not want to show your potential errors to the entire world. Here is simple solution to display errors only when a
?debug=debug parameter is found on the url.
The first thing to do is to paste the following code into wp-config.php:
if ( isset($_GET['debug']) && $_GET['debug'] == 'debug') define('WP_DEBUG', true);
Now you can open any page, and if something goes wrong there, like a white screen of death, you add
?debug=debug to its URL and see what’s causing the trouble.
Note: As pointed out correctly in the comments by Sebastiaan Stok, it’s best practice to only use this snippet in the developers phase! After publishing this snippet should be deleted immediately!
There are some more tricks and snippets you could add to your
wp-config.php, for more information check out the WordPress Codex. On this page you’ll also find how to set Database Credentials, WordPress Localized Language and Authentication Unique Keys and Salts.
Next week I’m gonna write a new article with more tips and tricks to increase loadtime and therefore the general performance of your WordPress site, stay tuned!