jump to navigation

A few notes About the WordPress wp_config File August 9, 2011

Posted by Tournas Dimitrios in Wordpress - 3.

WordPress has a central configuration file ( wp_config) that defines all it’s internal functionality . As part of the WordPress installation process , you must rename wp-config-sample.php to wp-config.php  and edit basic configuration options ( DB-host , DB-name , DB-username and  DB-password ) .These are the absolute minimum configurations required for a WordPress installation , and usually , most users don’t bother with other details .

Some extra steps , during the installation process , can customize and also secure this file .

  •   The default location of this file is the WordPress installation root , but a good practice (for security reasons ) is to move this file one directory up on your server . Say for example that your web include path for your server was /home/yourname/public_html/. You can actually save a file in the /home/yourname/ area and it won’t be web accessible (except the administrator and WordPress ) . Although most user feel more confident to just move a file , an alternative solution is to deny access  the file by directives in  the .httaccess file .
      # protect wpconfig.php
        <files wp-config.php>
      order allow,deny
        deny from all
  • Security Keys : Make the WordPress installation more secure by applying security keys . Just visit this on-line generator and copy / paste these key- codes into wp_config file .
  • Table prefix : The default  value placed in the front of your database tables is  ” wp_ ” , Change the value to wp_some-text  . A second blog installation using the same database can be achieved simply by using a different prefix than your other installations .

Now let’s list some configuration directives that change WordPress behavior .

  • Adding these configuration options  will disable theme editing and the plugin editor entirely . Including removing them from the WordPress admin menu and also disabling the ability to delete plugins .
    define( 'DISALLOW_FILE_EDIT', true );
    define( 'DISALLOW_FILE_MODS', true );
  • force the wordpres wp-admin to use SSL .
    define('FORCE_SSL_ADMIN', true);
  • set the number of seconds of the auto-save interval.
    define('AUTOSAVE_INTERVAL', 350);
  • limit / disable the number of post revisions.
    define('WP_POST_REVISIONS', 4);
    define('WP_POST_REVISIONS', false);
  • increase the memory limit to the specified amount.
    define('WP_MEMORY_LIMIT', '50M');
  • stop WordPress from making external requests to check for updates download RSS feeds etc.
    define('WP_HTTP_BLOCK_EXTERNAL', true);
  • enable the multisite features now available within WordPress 3.0 +
    define('WP_ALLOW_MULTISITE', true);
  • disable CRON services within WordPress.
    define('DISABLE_WP_CRON', true);
  • The WordPress application references two Hyperlink-values for navigating in the application’s directory structure (WordPress address (URL) — Site address (URL) ) . When these values are set incorrectly your website can’t function properly . Usually these values are modified when moving the WordPress installation to a different domain or directory . These changes are done via Dashboard->Settings->General or directly on the database’s wp_options table  .
    The following two options in the wp-config file over-ride the default settings , use them temporarily


    Note : Replace mydomain.com with your real domain .

  • Read more options on Codex.wordpress.org .


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s