Skip to content

14 WordPress configuration file tricks

WordPress configuration file holds many mysteries. Most of the WordPress users use it just to change database credentials and security keys.

Yes, if you haven’t heard of WordPress security keys, go and read some tips on WordPress security and then continue reading.

But wp-config file is very powerful.

Move your wp-config.php file

First tip is a security one. WordPress, from version 2.6, looks for a wp-config file in it’s root and if it is not there, it will look for it one folder above.

So, you simply move your wp-config.php file one folder above WordPress root and this way nobody without FTP or SSH access will not be able to access it and WordPress will work like a charm.

Database credentials

Ok, these are the most known, but I have to mention them:

[code lang=”php”]
define(‘DB_NAME’, ‘database-name’);
define(‘DB_USER’, ‘database-username’);
define(‘DB_PASSWORD’, ‘database-password’);
define(‘DB_HOST’, ‘localhost:3307’);

Pretty straightforward.

Security keys

These keys are used to improve WordPress installation security with better encryption of information stored in the user’s cookies:

[code lang=”php”]
define(‘AUTH_KEY’, ‘t`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|’);
define(‘SECURE_AUTH_KEY’, ‘D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj’);
define(‘LOGGED_IN_KEY’, ‘MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^’);
define(‘NONCE_KEY’, ‘FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe’);
define(‘AUTH_SALT’, ‘7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G’);
define(‘SECURE_AUTH_SALT’, ‘I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #’);
define(‘LOGGED_IN_SALT’, ‘w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i’);
define(‘NONCE_SALT’, ‘a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%’);

You can use online generator to generate random keys and copy/paste them into your wp-config file.

Oh, and if you are using an installer for installing WordPress, these keys are auto generated, but it could be handy if you changed them from time to time.


If you want some other translation of WordPress rather than English, you need to set the language configuration:

[code lang=”php”]
define(‘WPLANG’, ”);
define(‘LANGDIR’, ”);

WordPress URLs

Sometimes you need to override wp_options value for site url, or do that dynamically:

[code lang=”php”]
define(‘WP_SITEURL’, ‘’);

You can use $_SERVER variable to dynamically set the URL (for security reasons, use SERVER_NAME as it is server generated and static):

[code lang=”php”]
define(‘WP_SITEURL’, ‘http://’ . $_SERVER[‘SERVER_NAME’] . ‘/path/to/wordpress’);

Another handy constant is, so called, blog home URL:

[code lang=”php”]
define(‘WP_HOME’, ‘’);


While in development, you can turn on WordPress debug with this constant (it is turned off by default):

[code lang=”php”]
define(‘WP_DEBUG’, true);

You can also save all database queries for further analysis using:

[code lang=”php”]
define(‘SAVEQUERIES’, true);

After that, you can add this line inside your theme file where you want to see your queries:

[code lang=”php”]
if (current_user_can(‘level_10’)) {
global $wpdb;
echo "<pre>";
echo "</pre>";

This will print the queries only to an admin user. Quite handy.

Remember to turn these debug features off when you deploy your site in production.

Post revisions

As much as post revisions are handy, they will often fill your database with data you will never need. There are several things to do.

Autosave interval

You can adjust the autosave interval to higher value:

[code lang=”php”]
define(‘AUTOSAVE_INTERVAL’, 300); // in seconds

You can adjust the maximum number of post revision WordPress should keep:

[code lang=”php”]
define(‘WP_POST_REVISIONS’, 7);

Or, if you want, you can turn off the post revisions (though I don’t recommend it):

[code lang=”php”]
define(‘WP_POST_REVISIONS’, false)

If you want to delete your old revisions from database, you can run this query directly on the database:

[code lang=”sql”]
DELETE a,b,c
FROM wp_posts a
LEFT JOIN wp_term_relationships b ON (a.ID = b.object_id)
LEFT JOIN wp_postmeta c ON (a.ID = c.post_id)
WHERE a.post_type = ‘revision’


You can also configure how many days to keep items in WordPress Trash:

[code lang=”php”]
define(‘EMPTY_TRASH_DAYS’, 7 );

FTP/SSH credentials

Some hosts require you to have FTP or SSH credentials every time you upgrade or install something to WordPress, you can enter those credentials in WordPress configuration file:

[code lang=”php”]
define(‘FS_METHOD’, ‘ftpext’);
//absolute path to root installation directory
define(‘FTP_BASE’, ‘/path/to/wordpress/’);
//absolute path to "wp-content" directory
define(‘FTP_CONTENT_DIR’, ‘/path/to/wordpress/wp-content/’);
//absolute path to "wp-plugins" directory
define(‘FTP_PLUGIN_DIR ‘, ‘/path/to/wordpress/wp-content/plugins/’);
//absolute path to your SSH public key
define(‘FTP_PUBKEY’, ‘/home/username/.ssh/’);
//absolute path to your SSH private key
define(‘FTP_PRIVKEY’, ‘/home/username/.ssh/id_rsa’);
//either your FTP or SSH username
define(‘FTP_USER’, ‘username’);
//password for FTP_USER username
define(‘FTP_PASS’, ‘password’);
//hostname:port combo for your SSH/FTP server
define(‘FTP_HOST’, ‘’);

You can always try to force direct method by using just:

[code lang=”php”]
define(‘FS_METHOD’, ‘direct’);

This will allow you to update/install stuff directly from admin (if your host allows it).

Auto repair database

Database tables can become corrupted. If they are corrupted in a way that you can not even log in, add this to your WordPress configuration file:

[code lang=”php”]
define(‘WP_ALLOW_REPAIR’, true);

and point your browser to: {YOUR_DOMAIN}/wp-admin/maint/repair.php

After the script is finished, you can remove the entry from configuration file.

Custom user tables

This is nice security feature, you can rename your user and user_meta tables:

[code lang=”php”]
define(‘CUSTOM_USER_TABLE’, $table_prefix.’my_users’);
define(‘CUSTOM_USER_META_TABLE’, $table_prefix.’my_usermeta’);

Increase memory limit

If you are getting “memory exhausted” errors, try increasing the memory limit:

[code lang=”php”]
define(‘WP_MEMORY_LIMIT’, ’64M’);

Disable file edit in backend

Sometimes you want to disable direct file edit for themes and plugin in WordPress back end. You can do this by simply adding this into your WordPress configuration file:

[code lang=”php”]

Disable JavaScript concatenation

In WordPress back end all JavaScript files are concatenated into one URL, you can disable that:

[code lang=”php”]
define(‘CONCATENATE_SCRIPTS’, false);

I hope that this will help you find your way in the WordPress configuration file and that you will find it useful. Share your thoughts in comments below.