WordPress wp-config.php File: What It Is All About

[Guest post by Mike Swan from MarkUpCloud]

Many WordPress users consider editing configuration files a daunting task such as wp-config.php file. But what if you want to make changes to your WordPress’s install configuration details such as database connection information or any other such change? In that case you’ll need to tweak the wp-config.php file.

This post will provide you a good understanding of wp-config.php file and what all you can achieve with the WordPress configuration file. This will help make the configuration file work well according to your WP site needs.

wp-config.php: What is it and Where it is located?

wp-config

The wp-config.php file is the most important file in your WP install that contains database information like username, password etc. This information is crucial for your WordPress site, as it lets you communicate with the database. You can find the wp-config.php file in your website root directory.

What’s more?

On downloading the WordPress software, you won’t find any wp-config.php file. Instead this file is created during the WordPress set up on the basis of the information that you provide.

In addition, a wp-config.php file can be created by advanced WordPress users manually, by finding wp-config-sample.php file in the root install-directory. After locating the wp-config-sample.php file edit it according to your needs, and then rename it as wp-config.php.

Understanding the Nitty-Gritty of wp-config.php File

Let’s now look at some of the most important tweaks you can make using the WordPress config file, such as:

Database Configuration

WordPress stores you all your website data including posts and other vital pieces of data in a database. The database consists of six settings that gets added to your wp-config.php file, but in order to create a database connection you require to know only about: a username, a password, a host (typically localhost) and a database name.

define('DB_NAME', 'database_name');
define('DB_USER', 'database_username');
define('DB_PASSWORD', 'database_password');
define('DB_HOST', 'database_localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

As you can see in the code above, the first four lines define the four settings that we have just discussed above. The rest of the two settings charset and collate are concerned about languages and how special characters are stored. In our case, we are using UTF8 that contains specific characters like “ő” and others. On the other hand, collation helps us understand the process of comparing strings in the database.

Note: Make sure to leave the last two settings untouched, till you are familiar with them.

Security Keys

Since, the login URL of most of the WP sites is “/wp-login.php” and the default username is admin. And so, hackers only need to crack your password to access your website. That is why it becomes essential for you to use a strong password. Security keys (also known as Secret keys) make it difficult to hack your password, by adding some random elements to it. These keys help strengthen encrypted information stored in the user’s cookies.

Before the release of WordPress version 3.0, Security keys had to be installed in the wp-config.php file manually. However, with the launch of WordPress version 3.0, the security keys can be automatically installed in your wp-config.php (except that you should be using an install wizard). Prior to WordPress 3.0, we had only four security keys, but after the version was rolled out we have eight security keys in total.

The security keys are added in the wp-config.php file and looks something like:

define('AUTH_KEY', 'put your unique phrase here');

define('SECURE_AUTH_KEY', 'put your unique phrase here');

define('LOGGED_IN_KEY', 'put your unique phrase here');

define('NONCE_KEY', 'put your unique phrase here');

define('AUTH_SALT', 'put your unique phrase here');

define('SECURE_AUTH_SALT', 'put your unique phrase here');

define('LOGGED_IN_SALT', 'put your unique phrase here');

define('NONCE_SALT', 'put your unique phrase here');

Table Prefix Setting

While installing WordPress, you are required to choose the Table prefix, which is located in your wp-config.php file as:

$table_prefix = 'wp_';

Changing the default table prefix to an obscure one helps to protect your site against attacks. For instance, you can change your table prefix wp_postmeta with a complex one such as “Jdh6h_postmeta”. You can change the prefix as per your own needs.

Debugging WordPress

By default, all the error messages in a WordPress install are hidden. But you might want to see the error messages while coding or debugging. For doing so, you simply need to set the WP_DEBUG constant function to true, as follows:

define(‘WP_DEBUG’, false); // disable debugging mode by default
define(‘WP_DEBUG’, true); // enable debugging mode

Note: Make sure to avoid using the WP_DEBUG PHP constant or any other debug tools on a live website; they should only be used local testing.

Overriding Default File Permissions

In case you encounter a problem where your host provides you with a set of restrictive file permissions to all the files, and does not permit you to access files that belongs to the group, then you will need to override the default file permissions. For doing so, you will need to use FS_CHMOD_DIR and FS_CHMOD_FILE constants.

define(‘FS_CHMOD_DIR’, 0755);
define(‘FS_CHMOD_FILE’, 0644);

An End Note!

The WordPress configuration file (wp-config.php) provide you with ample number of opportunities to make changes to your site. From setting up a database connection, to protecting your site, you can do a lot more with the help of the wp-config.php file.

You can add any valid PHP code to the wp-config.php file, but make sure to make the additions only when required. Lastly, carefully tweak the configuration file as making any edits incorrectly could stop your site from functioning.

Subscribe to our mailing list

Our Personalization Solution


Want to increase conversions and sales of your eCommerce Website? Discover our 360º eCommerce Personalization Solution and Try it for Free!


  1. I have always woundered about those security keys. Now i knw thanks for sharing

Post your thoughts