Although WordPress is often considered as the website platform for beginners, it has lots of opportunities for advanced fine-tuning. These options are mostly hidden from a sight of most WordPress administrators just because a thoughtless manipulation with them can cause severe problems in the work of your website. There is no need to worry about your website safety, if you have done a back-up before customizing your WordPress configuration file.
Today we are talking about WP-Config file and its hidden opportunities to fine-tune your WordPress website. Most WordPress administrators had no experience with WP-Config because most hosting providers install it automatically to prevent any harm by inexperienced website owners to their own projects and to minimize the consequential damage.
The wp-config.php file has lots of opportunities not only for fine-tuning your WordPress options but also for troubleshooting and enchanting your website security. If you want to know more about WordPress platform from inside and seek to develop your website in a professional level, then this article will be very useful for you. Arm yourself with your website back-up and any of available FTP clients (FileZilla, for example) and hop into the world of extended WordPress configuration!
Basic WP-Config Settings
Basic settings for your WordPress website are usually set by a hosting provider without your participation. These settings include the most important data: database name, main user name, his or her password, database host address and table prefix. Whenever you want to change these options, you will need to access your wp-config.php file and find the following strings within it:
define('DB_NAME', 'database-name'); define('DB_USER', 'database-username'); define('DB_PASSWORD', 'database-password'); define('DB_HOST', 'localhost');
To make the changes, you need to download your wp-config.php file with the help of FTP client first. Then, after making the changes, you need to upload the new file and rewrite the old one. To avoid any harm to your website, make the back-up of the original WP-Config file on your local computer. If something will go wrong, just put the original file into your website`s FTP via file manager.
WordPress Table Prefix Change
As you could have mentioned, there are only 4 from 5 basic settings in the code strings above. It means that you should search in other place of wp-config.php file for table prefix change. It is important to mention, that the change of table prefix requires the appropriate change within your website`s database. That is why such changes should be performed for newly created websites beforehand. Otherwise it takes much more time and effort to change this setting and keep your WordPress website running smoothly.
The default “wp_” table prefix change is believed to strengthen the security level of your website. Although it is not yet proved, there are no excess means when it comes to website security. So, you need to look for the following string within your WP-Config file to change your default table prefix:
$table_prefix = 'wp_';
Security Keys Addition
Security keys are the very important method of protecting your WordPress website from hacking. It is strongly recommended to add security keys for all layers which are available within your WP-Config file. And it is also required to use strong (randomly generated) passwords for these keys. You need to find the following strings to enter your unique security keys to your WordPress website:
define( 'AUTH_KEY', 'enter your password here' ); define( 'SECURE_AUTH_KEY', 'enter your password here' ); define( 'LOGGED_IN_KEY', 'enter your password here' ); define( 'NONCE_KEY', 'enter your password here' ); define( 'AUTH_SALT', 'enter your password here' ); define( 'SECURE_AUTH_SALT', 'enter your password here' ); define( 'LOGGED_IN_SALT', 'enter your password here' ); define( 'NONCE_SALT', 'enter your password here' );
WordPress Debugging Service
WordPress provides additional options to show errors or hide them and run the special log while you are in the debugging mode. These options have become a comfortable addition for every WordPress developer so far. To fine-tune these settings, look for the following code strings within your WP-Config file:
define( 'WP_DEBUG', true ); define( 'WP_DEBUG_LOG', true ); define( 'WP_DEBUG_DISPLAY', false );
The first option turns the debugging mode on and off, the second one allow you to create the debugging log (which you can than find inside wp-content folder on your FTP client), and the third one turns the display of errors within the debugging mode on and off.
Post Revision Settings
WordPress has 2 comfortable features for post creation: content autosaving and multiple revisions` saving. Both features allow you to track and control the post creation process and step back to some previous stages if needed. WP-Config file offers the fine-tuning options for these features: autosave timer changing and quantity of revisions per post restriction. You can also turn off the revisions` option but it is not recommended. Look for the following strings within your WP-Config file to set the mentioned options:
define('AUTOSAVE_INTERVAL', 120); // in seconds define('WP_POST_REVISIONS', 10);
WordPress Trash Settings
WordPress recycling bin offers an administrator to store deleted posts for some time and restore them by demand. The default value for storing the deleted content is 30 days. WP-Config file gives an opportunity to change this setting to any number of days. It is also possible to deactivate the recycling bin by setting the days` value to 0. In this case your content will be deleted permanently without additional confirmation. This option can be found within the following string:
define( 'EMPTY_TRASH_DAYS', 30 ); // 30 days
PHP Memory Limit Increase
PHP memory is the important feature of any WordPress website. The exhaustion of PHP memory can cause lots of WordPress errors. Thus you should know the very simple solution to this problems: increasing the PHP memory limit. To set up the PHP limit manually you need to access your WP-Config file within the following string:
WP-Content Directory Relocation
WP-Content directory is also believed to be very weak for hacking. In such a situation you should think about the shift of WP-Content directory from its default location to make it less accessible for hackers. WP-Config file provide you with full control on your WP-Content directory location. To set up your unique path to WP-Content directory, find the following part o code within your WP-Config file:
define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' ); define( 'WP_CONTENT_URL', 'http://example/blog/wp-content'); define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' ); define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');
WordPress Configuration File Lock
As we have learned from this article, WP-Config file is crucial for your WordPress website security and overall working process. That is the main reason why you need to protect this file from unwanted intervention as much as you can. To forbid other users from reading and editing your WP-Config file, you need to access your .htaccess file (which is also available through FTP client) and enter the following code to it:
# Protect wp-config.php order allow,deny deny from all
WP-Config file provides you with nearly unlimited opportunities to fine-tune the work of a WordPress website. This is also a fine tool to protect your website with additional security measures. Use this knowledge to evolve your WordPress website today and share your tips and tricks to community within our comments!