wp-config.php

The wp-config.php file is one of the most critical core files in any WordPress installation. It contains configuration settings for connecting to the database, defining WordPress constants, enabling debugging, and customizing performance or security-related behavior.

Location

Located in the root directory of your WordPress installation:
public_html/wp-config.php or /var/www/html/wp-config.php
It’s created during the installation process or can be manually configured.

What Does It Do?

wp-config.php sets up:

Database connection (name, user, password, host)
Table prefix
Security keys and salts
Debugging mode
Custom constants and overrides

Useful Constants

Constant	Purpose
`WP_DEBUG`	Enable/disable debugging
`WP_MEMORY_LIMIT`	Set max memory for WordPress
`WP_CACHE`	Enable caching
`FORCE_SSL_ADMIN`	Force HTTPS in admin
`DISALLOW_FILE_EDIT`	Disable file editing via admin
`AUTOSAVE_INTERVAL`	Set autosave frequency
`WP_POST_REVISIONS`	Limit or disable post revisions

Security Tips

Never leave this file writable (chmod 440 or 400 is ideal)
Move it one directory above the WordPress root for added security (WordPress can still find it)
Do not share it or upload to public repositories

Need Help Managing WordPress?

Keeping your site secure, fast, and up to date doesn’t have to be stressful. Explore our WordPress Support Plans and let our team handle updates, backups, and security while you focus on your business.

Learn more