wp-config.php
The wp-config.php file is one of the most critical core files in any WordPress installation. It contains configuration settings for connecting to the database, defining WordPress constants, enabling debugging, and customizing performance or security-related behavior.
Location
- Located in the root directory of your WordPress installation:
public_html/wp-config.phpor/var/www/html/wp-config.php - It’s created during the installation process or can be manually configured.
What Does It Do?
wp-config.php sets up:
- Database connection (name, user, password, host)
- Table prefix
- Security keys and salts
- Debugging mode
- Custom constants and overrides
Useful Constants
| Constant | Purpose |
|---|---|
WP_DEBUG | Enable/disable debugging |
WP_MEMORY_LIMIT | Set max memory for WordPress |
WP_CACHE | Enable caching |
FORCE_SSL_ADMIN | Force HTTPS in admin |
DISALLOW_FILE_EDIT | Disable file editing via admin |
AUTOSAVE_INTERVAL | Set autosave frequency |
WP_POST_REVISIONS | Limit or disable post revisions |
Security Tips
- Never leave this file writable (
chmod 440or400is ideal) - Move it one directory above the WordPress root for added security (WordPress can still find it)
- Do not share it or upload to public repositories