A few notes About the WordPress wp_config File August 9, 2011Posted by Tournas Dimitrios in Wordpress - 3.
WordPress has a central configuration file ( wp_config) that defines all it’s internal functionality . As part of the WordPress installation process , you must rename wp-config-sample.php to wp-config.php and edit basic configuration options ( DB-host , DB-name , DB-username and DB-password ) .These are the absolute minimum configurations required for a WordPress installation , and usually , most users don’t bother with other details .
Some extra steps , during the installation process , can customize and also secure this file .
- The default location of this file is the WordPress installation root , but a good practice (for security reasons ) is to move this file one directory up on your server . Say for example that your web include path for your server was /home/yourname/public_html/. You can actually save a file in the /home/yourname/ area and it won’t be web accessible (except the administrator and WordPress ) . Although most user feel more confident to just move a file , an alternative solution is to deny access the file by directives in the .httaccess file .
# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>
- Security Keys : Make the WordPress installation more secure by applying security keys . Just visit this on-line generator and copy / paste these key- codes into wp_config file .
- Table prefix : The default value placed in the front of your database tables is ” wp_ ” , Change the value to wp_some-text . A second blog installation using the same database can be achieved simply by using a different prefix than your other installations .
Now let’s list some configuration directives that change WordPress behavior .
- Adding these configuration options will disable theme editing and the plugin editor entirely . Including removing them from the WordPress admin menu and also disabling the ability to delete plugins .
define( 'DISALLOW_FILE_EDIT', true ); define( 'DISALLOW_FILE_MODS', true );
- force the wordpres wp-admin to use SSL .
- set the number of seconds of the auto-save interval.
- limit / disable the number of post revisions.
define('WP_POST_REVISIONS', 4); define('WP_POST_REVISIONS', false);
- increase the memory limit to the specified amount.
- stop WordPress from making external requests to check for updates download RSS feeds etc.
- enable the multisite features now available within WordPress 3.0 +
- disable CRON services within WordPress.
- The WordPress application references two Hyperlink-values for navigating in the application’s directory structure (WordPress address (URL) — Site address (URL) ) . When these values are set incorrectly your website can’t function properly . Usually these values are modified when moving the WordPress installation to a different domain or directory . These changes are done via Dashboard->Settings->General or directly on the database’s wp_options table .
The following two options in the wp-config file over-ride the default settings , use them temporarily
Note : Replace mydomain.com with your real domain .
- Read more options on Codex.wordpress.org .