14 WordPress configuration file tricks


WordPress configuration file holds many mysteries. Most of the WordPress users use it just to change database credentials and security keys.

Yes, if you haven’t heard of WordPress security keys, go and read some tips on WordPress security and then continue reading.

But wp-config file is very powerful.

Move your wp-config.php file

First tip is a security one. WordPress, from version 2.6, looks for a wp-config file in it’s root and if it is not there, it will look for it one folder above.

So, you simply move your wp-config.php file one folder above WordPress root and this way nobody without FTP or SSH access will not be able to access it and WordPress will work like a charm.

Database credentials

Ok, these are the most known, but I have to mention them:

define('DB_NAME', 'database-name');
define('DB_USER', 'database-username');
define('DB_PASSWORD', 'database-password');
define('DB_HOST', 'localhost:3307');

Pretty straightforward.

Security keys

These keys are used to improve WordPress installation security with better encryption of information stored in the user’s cookies:

define('AUTH_KEY',         't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|');
define('SECURE_AUTH_KEY',  'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj');
define('LOGGED_IN_KEY',    'MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^');
define('NONCE_KEY',        'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe');
define('AUTH_SALT',        '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G');
define('SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #');
define('LOGGED_IN_SALT',   'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i');
define('NONCE_SALT',       'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%');

You can use online generator to generate random keys and copy/paste them into your wp-config file.

Oh, and if you are using an installer for installing WordPress, these keys are auto generated, but it could be handy if you changed them from time to time.


If you want some other translation of WordPress rather than English, you need to set the language configuration:

define('WPLANG', '');
define('LANGDIR', '');

WordPress URLs

Sometimes you need to override wp_options value for site url, or do that dynamically:

define('WP_SITEURL', 'http://mydomain.com/wordpress_folder');

You can use $_SERVER variable to dynamically set the URL (for security reasons, use SERVER_NAME as it is server generated and static):

define('WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME'] . '/path/to/wordpress');

Another handy constant is, so called, blog home URL:

define('WP_HOME', 'http://example.com');


While in development, you can turn on WordPress debug with this constant (it is turned off by default):

define('WP_DEBUG', true);

You can also save all database queries for further analysis using:

define('SAVEQUERIES', true);

After that, you can add this line inside your theme file where you want to see your queries:

if (current_user_can('level_10')) {
	global $wpdb;
	echo "<pre>";
	echo "</pre>";

This will print the queries only to an admin user. Quite handy.

Remember to turn these debug features off when you deploy your site in production.

Post revisions

As much as post revisions are handy, they will often fill your database with data you will never need. There are several things to do.

Autosave interval

You can adjust the autosave interval to higher value:

define('AUTOSAVE_INTERVAL', 300); // in seconds

You can adjust the maximum number of post revision WordPress should keep:

define('WP_POST_REVISIONS', 7);

Or, if you want, you can turn off the post revisions (though I don’t recommend it):

define('WP_POST_REVISIONS', false)

If you want to delete your old revisions from database, you can run this query directly on the database:

DELETE a,b,c
FROM wp_posts a
LEFT JOIN wp_term_relationships b ON (a.ID = b.object_id)
LEFT JOIN wp_postmeta c ON (a.ID = c.post_id)
WHERE a.post_type = 'revision'


You can also configure how many days to keep items in WordPress Trash:

define('EMPTY_TRASH_DAYS', 7 );

FTP/SSH credentials

Some hosts require you to have FTP or SSH credentials every time you upgrade or install something to WordPress, you can enter those credentials in WordPress configuration file:

define('FS_METHOD', 'ftpext');
//absolute path to root installation directory
define('FTP_BASE', '/path/to/wordpress/');
//absolute path to "wp-content" directory
define('FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/');
//absolute path to "wp-plugins" directory
define('FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/');
//absolute path to your SSH public key
define('FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub');
//absolute path to your SSH private key
define('FTP_PRIVKEY', '/home/username/.ssh/id_rsa');
//either your FTP or SSH username
define('FTP_USER', 'username');
//password for FTP_USER username
define('FTP_PASS', 'password');
//hostname:port combo for your SSH/FTP server
define('FTP_HOST', 'ftp.example.org:21');

You can always try to force direct method by using just:

define('FS_METHOD', 'direct');

This will allow you to update/install stuff directly from admin (if your host allows it).

Auto repair database

Database tables can become corrupted. If they are corrupted in a way that you can not even log in, add this to your WordPress configuration file:

define('WP_ALLOW_REPAIR', true);

and point your browser to: {YOUR_DOMAIN}/wp-admin/maint/repair.php

After the script is finished, you can remove the entry from configuration file.

Custom user tables

This is nice security feature, you can rename your user and user_meta tables:

define('CUSTOM_USER_TABLE', $table_prefix.'my_users');
define('CUSTOM_USER_META_TABLE', $table_prefix.'my_usermeta');

Increase memory limit

If you are getting “memory exhausted” errors, try increasing the memory limit:

define('WP_MEMORY_LIMIT', '64M');

Disable file edit in backend

Sometimes you want to disable direct file edit for themes and plugin in WordPress back end. You can do this by simply adding this into your WordPress configuration file:


Disable JavaScript concatenation

In WordPress back end all JavaScript files are concatenated into one URL, you can disable that:

define('CONCATENATE_SCRIPTS', false);

I hope that this will help you find your way in the WordPress configuration file and that you will find it useful. Share your thoughts in comments below.

About the author

Zvonko Biškup

A passionate web developer with more than 13 years experience in PHP and other web related technology. My main interest is WordPress and new PHP frameworks.
Owner of Influendo Programming.
Enjoys exploring new stuff and possibilities, using new technologies and just having fun developing awesome stuff.

By Zvonko Biškup