How to edit the WordPress configuration file (wp-config.php)

SkyStra
May 17, 2020

Sometimes, you’ll stumble upon a tutorial that asks you to edit the WordPress configuration file (wp-config.php), so here’s our article that helps explain how it works and how to edit it.

wp-config.php is part of the WordPress Core, and it’s automatically generated whenever you go through the setup of the new WordPress website. It stores various useful information that keeps your website up and running, for example:

  • Database connection information
  • Authentication keys
  • Database table prefix option
  • Debug mode

Here’s how the entire default wp-config.php file looks like:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );

/** MySQL database username */
define( 'DB_USER', 'username_here' );

/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );

/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://wordpress.org/support/article/debugging-in-wordpress/
 */
define( 'WP_DEBUG', false );

/* That's all, stop editing! Happy publishing. */

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

As you can see, the majority of the settings are defined using PHP Constants, in this format:

define( 'constant_name', 'value');

Each section is properly documented so you can understand what it is used for. 

To edit the wp-config.php file, you can either:

  • Download it via FTP; edit it on your computer, and then upload it back to your account.
  • Edit it directly via the FileManager option in your cPanel control panel > Files section.

Before proceeding, always make sure to create a backup of your WordPress database and folder.

Let’s explain what each part does!

MySQL configuration

The first section is related to your website’s database configuration, and to fill this section, you will need your database name, username, and password.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
 
/** MySQL database username */
define('DB_USER', 'username_here');
 
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
 
/** MySQL hostname */
define('DB_HOST', 'localhost');
 
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
 
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

Skystra automatically populates this information for you when a new WordPress installation is created on our Cloud. 

Authentication Keys

The wp-config.php file includes secret authentication security keys and salts, which are additional passwords that provide secure encryption. Together with cookies, they help verify the identity of logged-in site users and commenters. The authentication keys are almost impossible to break since they are long, random, and complicated. Here’s how this section looks:

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
 
/**#@-*/

These are generated in the wp-config.php file by default when you install WordPress. However, if you suspect that your website security could be compromised, you can create new WordPress security keys here and paste them in the authentication section. This action will log out all currently logged-in users on your site, and they will be required to log in again.

WordPress Database Table Prefix

WordPress automatically adds a wp_ prefix to all database tables created through it to differentiate them, and this setting can be changed in the wp-config.php file as well:

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';

However, it’s not recommended to change this value after the installation as it’s not straightforward. You’ll need to rename all your database tables to match the new prefix, and update options and usermeta tables.

Some advanced users like to change this setting to make it difficult for hackers to execute common SQL injection attacks.

Debugging Mode

WordPress hides errors and notices by default, and those don’t show on the website unless the debugging mode is enabled. Here’s how that setting looks in the configuration file:

define('WP_DEBUG', false);

You can force WordPress to show errors and warnings that can help you in theme and plugin debugging by changing the value to True. However, if you are working on a live site, you should consider disabling the debug mode for website security reasons. When the value is set to true, errors and warnings can be shown to anyone, which may give hackers sensitive information to find the vulnerability to exploit. The ‘false’ value is the default value and means that debug mode is disabled.

Absolute Path Settings

This section can be ignored as it’s already set up, and helps WordPress configure variables and included files via absolute path.

/* That's all, stop editing! Happy publishing. */  
  
/** Absolute path to the WordPress directory. */  
  
if ( ! defined( 'ABSPATH' ) ) {  
  
 define( 'ABSPATH', __DIR__ . '/' );  
  
}  
  
/** Sets up WordPress vars and included files. */  
  
require_onceABSPATH . 'wp-settings.php';

Advanced tips & tricks

You can also use some advanced wp-config settings to troubleshoot problems and fix some basic WordPress errors.

Upload directory

If you want to change your default upload directory for your media, you can do so by adding the following variable to the wp-config.php file:

define( 'UPLOADS', 'wp-content/media' );

Make sure to change wp-content/media to the desired directory name and location.

Disable automatic updates

Automatic updates are fantastic for security; however, in some cases – they can break websites as not all plugins and themes are updated for new WordPress versions immediately. You can disable automatic updates by adding the following line to your wp-config.php file:

define( 'WP_AUTO_UPDATE_CORE', false );

Make sure to keep your WordPress core and all plugins and themes updated to avoid potential security issues.

Change your website URL

If you want to move your website to the new domain, you need to configure WordPress for this as well. You can change your home and site URLs from your WordPress Dashboard > Settings > General page, but in case you’re not able to access it, you can also do this via wp-config.php file by adding the following lines:

define('WP_HOME','http://yourdomain.com');
define('WP_SITEURL','http://yourdomain.com');

Make sure to adjust yourdomain.com to your new domain name.

Adjust MySQL port and sockets

If you’re on one of our managed plans, you’ll never have to touch it, but if needed, you can adjust the database hostname and port like this via wp-config.php file:

define( 'DB_HOST', 'localhost:XXXX' );

(replace localhost and XXXX with the correct database server hostname and port)

Limit post revisions

WordPress keeps saves of your post/page edits in its revision system automatically, and if you have a big website – this could result in a massive amount of data. This makes it harder to operate and back up your website. You can limit the number of revisions WordPress keeps for each post via this line of code:

define( 'WP_POST_REVISIONS', 4 );

Replace the number 4 with the number of revisions you want to keep, and WordPress will automatically dismiss the older changes.