Editing wp-config.php file in Wordpress [2024] 💥

Updated: April 8, 2024 | by: Martijn Assie, creating websites & shops since 20 years, also Linux-, Wordpress-,
Photoshop- and SEO expert. | NL DE

wp-config.php

The wp-config.php file contains very important information in a Wordpress website and so modifying the wp-config.php file is something that is often talked about and you should know what to do. In this article, we will show you how to properly edit the wp-config.php file in WordPress.

As the name suggests, this is a configuration file that is part of all self-hosted WordPress sites. Unlike other files, the wp-config.php file is not present in WordPress from the start, but is generated specifically for your website during the installation process.

Wordpress installation

WordPress stores your database information in the wp-config.php file. Without this information, your WordPress website will not work and you will get the error "Error creating a database connection". Aside from database information, the wp-config.php file also contains several other high-level settings. We will explain them later in this article.

Since this file contains a lot of sensitive information, it is recommended that you do not mess up this file unless you have absolutely no other choice. But since you are reading this article, it means you need to edit the wp-config.php file. Below are the steps to do it without confusing things.

Let's start

The best thing to do is to do a complete WordPress backup, but at the very least download the original wp-config.php to your PC. The wp-config.php file is so crucial to a WordPress site that one small mistake can make your site inaccessible. You need an FTP client or a hosting panel like Cpanel to connect to your website. An FTP client allows you to transfer files between a server and your computer and I recommend Mozilla's Filezilla for this (the builder of the Firefox browser, among others). The wp-config.php file is located in the root directory of your website with other directories such as /wp-content/. The root directory is called "public_html" on a Linux server and "httpdocs" on a Windows server.

Locatie wp-config.php

In case you need to work with FTP, just right click on the file and then select download from the menu. Your FTP client will now download the wp-config.php file to your computer. You can open it and edit it with a plain text editor like Notepad++ Edit. With a better type of hosting you will have a panel and there you can edit the file directly without having to download it. Right click the file and choose "edit".

Understanding the wp-config.php file

See here an example of wp-config.php before we start. It is important to understand the code. Each section of the wp-config.php file is well documented in the file itself. Almost all settings here are defined using PHP constants.

define( 'constant_name' , 'value');

Let's take a closer look at each section in the wp-config.php file.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

You can get your database information from the cPanel or possibly Pleskpanel or another panel of your web hosting account under the section called databases.

MySQL databases

If you can't locate your WordPress-database or MySQL-username and password, you'll need to contact your web host but in principle they should already be in wp-config.php. If you have installed Wordpress yourself, you should of course have this data stored somewhere.

Authentication Keys and Salts

Authentication unique keys and salts are security keys that help improve the security of your WordPress site. These keys provide strong encryption for user sessions and cookies generated by WordPress.

/**#@+
* Authentication Unique Keys and Salts.
*
* Edit these unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}<br>
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.<br>
*
* @since 2.6.0
*/
define('AUTH_KEY',         'post your unique phrase here');
define('SECURE_AUTH_KEY',  'post your unique phrase here');               
define('NONCE_KEY',        'post your unique phrase here');
define('LOGGED_IN_KEY',    'post your unique phrase here');
define('AUTH_SALT',        'post your unique phrase here');
define('SECURE_AUTH_SALT', 'post your unique phrase here');
define('LOGGED_IN_SALT',   'post your unique phrase here');
define('NONCE_SALT',       'post your unique phrase here');

/**#@-*/

You can Generate WordPress security keys and paste them here. This is especially useful if you suspect that your WordPress site may have been compromised. Changing the security keys will log out all currently logged in users on your WordPress site, forcing them to log in again.

WordPress Database Table Prefix

WordPress adds wp_prefix to all tables created by WordPress by default. It is recommended that you change your WordPress database table prefix to something arbitrary. This makes it difficult for hackers to guess your WordPress tables and prevents some common SQL injection attacks from succeeding.

/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix  = 'wp_';

Note that you cannot change this value for an existing WordPress site, at least not directly via wp-config.php, it is of course possible to change the database prefix in PHPmyAdmin or on your PC after downloading it there .

WordPress Debugging-mode

This setting is especially useful for users who want to learn WordPress development and users who try experimental features. By default, WordPress hides posts generated by PHP when executing code. If you simply set the debug mode to true, these messages will be displayed. This provides crucial information for developers to find bugs.

define('WP_DEBUG', false);

Absolute path settings

The latter part of the wp-config file determines the absolute route which is later used for setting WP-vars & included files. You don't need to change anything here.

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

Useful wp-config.php Hacks and Settings

There are some other wp-config.php settings that can help you troubleshoot and fix common WordPress errors.

Customize MySQL Port and Sockets in WordPress

If your WordPress hosting provider uses different ports for MySQL host, you will need to change your DB_HOST value to include the port number. Note that this is not a new line but you will need to edit the existing DB_HOST value.

define( 'DB_HOST', 'localhost:5067' );

Don't forget to change port number 5067 to whatever port number is provided by your web host. If you are using host sockets and pipes for MySQL, you need to add it like this:

define( 'DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock' );

Changing WordPress URLs using the wp-config.php file

You may need to change WordPress URLs when moving a WordPress site to a new domain name or web host. You can change these URLs on the Settings » General page.

WP urls

You can also change these URLs using the wp-config.php file. This comes in handy if you can't access the WordPress admin area due to an error that can cause too many directors. Add these two lines to your wp-config.php file:

define('WP_HOME','http://your-website.com');
define('WP_SITEURL','http://your-website.com');

Don't forget to replace je-site.nl with your own domain name. You should also keep in mind that search engines treat www.je-site.nl and je-site.nl as two different locations (www vs non-www). If your site is indexed with the www prefix, you'll need to add your domain name accordingly. Of course, also use https if your website has an SSL certificate.

Change the upload directory using wp-config.php

By default, WordPress stores all media uploads in the /wp-content/uploads/ directory.

define( 'UPLOADS', 'wp-content/media' );

Note that the upload folder path is relative to the ABSPATH set automatically in WordPress. Adding an absolute path here will not work.

Disable automatic updates in WordPress

WordPress introduced automatic updates in WordPress 3.7. This allowed WordPress sites to update automatically whenever a minor update was available. While auto-updates are great for security, in some cases they can cause errors in a WordPress website causing it to be inaccessible. Adding this line of code to your wp-config.php file will disable all automatic updates on your WordPress site.

define( 'WP_AUTO_UPDATE_CORE', false );

Post revision restriction in WordPress

WordPress comes with built-in automatic saves and revisions. However, if you are doing a major site overhaul, you can increase the backup size of your WordPress database. Add this line of code to your wp-config.php file to limit the number of revisions saved for a post.

define( 'WP_POST_REVISIONS', 4 );

Replace 4 with the number of revisions you want to save. WordPress now automatically removes older revisions. However, your older post revisions are still stored in your database.