wp-config.php is located in the root directory of your WordPress installation and it contains some important information.
Remeber that before making any changes to this file, create a backup of your website (files + database) pr at least create a copy of the wp-config.php itself. Also, it's safer if you keep the sample file there and don't delete it.
I assume that you know some basic PHP and you're familiar with WordPress concepts.
First of all, when you're trying to create a new WP website, it shows you a installer page like this:
I'm sure you're all familiar with it since it's the easy way to create the new website. But there is another way to set this information too. Actually this installer do that nasty work for us. If you open a freshly downloaded WordPress and look into it, you can see that there is no wp-config.php file, but there is a wp-config-sample.php and that installer, creates a copy of this file, change the name and then put your information into it. Information like databse name, user and password.
So if you don't want to use the visual installer, or you have some problems opening it, you can do this manually. Create a copy of wp-config-sample.php and rename it to wp-config.php and then change this databse information section:
Remeber that it's good to add all of your custom codes, between these two comment lines, except they already have a section in the file:
Permissions and access
The default permission for this file is 644 or as might see in other systems, rw-r--r--. This will only allows the WordPress to change this file and other codes won't be able to do so. In order to keep your website safe, make sure that the file never gete a greater number for the permission.
Ok, so let's see what is the use of this file?
WordPress debug mode
In WordPress, every error is handled the right way via PHP exceptions. For example this is an example of how an error is handled:
This code was grabbed from wp_insert_post documentation. You don't see these errors and warnings by default. So make sure that you're on a development or staging website, then turn the debug mode on to see the errors.
Moving folders
A good step to make your site more secure is to move your directories like wp-content, plugins or themes. Most of malwares try to find your content folder and then manipulate some files in that folder. If you change the address, they can still find it, but it would be harder for them.
For moving these directories, there are some constants that you can use.
Do php.ini things
Sometimes you want to change some things in the php.ini file, but you don't have access to that file. You can do some of these changes with config file.
All constants
There is a lot of constants that you can change on this file. This is a good reference to see a list of all the things that you can change on wp-config.php file.
There are of course other things that you can do with this file, let me know if there is any other important and cool one!
Top comments (0)