The wp-config.php file is arguably the most important file in the WordPress core as it contains the connection details for your database. Anyone who has installed WordPress manually will know that the file is also used to define your database prefix, your authentication keys, and WordPress’s default language.
Wp-config.php can be used to modify WordPress in many more ways.
By default, WordPress is configured to do things in a specific way. The wp-config.php file allows you to change these default settings so that your website is tailored to your own needs.
In this article, I would like to share with you ten useful code snippets that you can add to your website’s wp-config.php file. These snippets will allow you to customize WordPress in a number of ways.
Before we move on, I would like to share a quick tip on how you can harden your wp-config.php file and make your website more secure.
All you have to do is add the following code to the .htaccess file that is located in the top level of your WordPress installation:
deny from all
The wp-config.php contains a lot of sensitive information about your database and website set up; therefore by protecting this file, you are making it more difficult for hackers to attack your website. Therefore, I encourage you all to add the above code to your .htaccess file and make wp-config.php more secure.
1. Empty Your Trash
When you delete a custom post type item in WordPress, such as a comment, post or page; it is not automatically deleted. Instead, the item is sent to the trash bin. After thirty days of sitting in trash, WordPress will permanently delete the item.
The feature works in the same way that the Recycle Bin works in Windows and Trash works in Mac OS. It is essentially a safe guard to stop items being accidentally deleted.
WordPress allows you to change the number of days that an item is stored in trash before deletion. When you consider that most people will realise an item has been deleted in error soon after they did it, decreasing the number of days an item stays in the trash bin makes sense.
Trash items take up space in your database. This is not a big problem if you are deleting a few posts or pages; however certain things, such as spam comments, could potentially take up thousands of rows in your database.
To reduce the time period that items stay in the trash bin to seven days, simply add the following code to your wp-config.php file:
define ('EMPTY_TRASH_DAYS', 7);
The trash system can be completed disabled by setting the number of days as zero:
define ('EMPTY_TRASH_DAYS', 0);
I would advise against disabling the trash system completely as it means that you will never get a second chance to recover posts and pages.
2. Reduce the Number of Post Revisions
By default, WordPress saves a copy of your articles every time you save your post or page. This can be very useful when you are writing long articles as it allows you to refer back to older drafts and add back ideas from content you had since removed.
The problem is that WordPress does not set a limit as to how many copies it saves. This means that a post that has been saved one hundred times will have one hundred drafts (i.e. post revisions) saved in your database. In effect, the post would be taking up one hundred times more storage in your database than is necessary.
WordPress allows you to reduce the number of post revisions it saves by adding some code to wp-config.php. I believe that two or three post revisions is sufficient as it does not add much weight to your database, but still allows you to refer back to two or three post versions. The space you will save by doing this is huge. I was able to reduce the size of my database by a whopping 59% by deleting old post revisions.
To do this, all you have to do is add the following code to your wp-config.php file:
define( 'WP_POST_REVISIONS', 3 );
Alternatively, you can disable the post revision feature completely by adding this code to wp-config.php:
define( 'WP_POST_REVISIONS', false );
3. Change the AutoSave Interval Time
Another feature that WordPress uses for posts and pages is Auto Save. It is used to automatically save your article every sixty seconds. This setting can be increased or decreased by adding the code below to your wp-config.php file. All you have to do is change the autosave interval value to suit your own needs.
define( 'AUTOSAVE_INTERVAL', 180 ); // Seconds
I recommend keeping the comment in the above code so that you will always remember that the value of Auto Save is seconds and not minutes.
4. Move Your WP-Content Folder
The wp-content folder contains all themes, plugins, uploads, and cache files. Hackers are aware that few people move the directory to another location; which makes it easy for them to find insecure directories.
One way to trip up hackers is to move your wp-content folder to another location. This can be done by changing the value of WP_CONTENT_DIR. You can change the wp-content folder location by defining the absolute path:
define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/anotherfolder/wp-content' );
Or by entering the full URL of your new wp-content folder:
define( 'WP_CONTENT_URL', 'http://www.yourwebsite.com/anotherfolder/wp-content' );
5. Increase Memory Allocation to PHP
WordPress will automatically try to increase the memory that is allocated to PHP to forty megabytes (when necessary). This limit can be increased higher by adding the following code to your wp-config.php file:
define( 'WP_MEMORY_LIMIT', '64M' );
Please note that many hosting companies, particularly shared hosting companies, place a limit on PHP memory. This is sometimes as low as two megabytes, though a limit of eight megabytes is more common. The above code is effectively useless if your host places such a limit on your website.
6. Disable the Plugin and Theme Editor
WordPress allows you to edit your theme files and plugin files directly through the WordPress admin area. It is a feature that I have used many times over the years to make small edits to PHP files and stylesheets.
While I do find the feature useful, I know firsthand that it is dangerous to edit important theme and plugin files through the admin area. All it takes is one misplaced semi-colon or bracket and your whole website can go down. It is not worth the risk.
To stop all users from editing theme and plugin files, simply add this code to your website’s wp-config.php file:
define( 'DISALLOW_FILE_EDIT', true );
7. Disable and Enable WordPress Core Updates
WordPress 3.7 introduced automatic background updates for WordPress users. By default, the feature allows WordPress to apply important security updates in the background. These are normally referred to as minor updates as they simply fix problems with the main core update.
Automatic updating can be completely disabled by adding this line of code to your website’s wp-config.php file:
define( 'AUTOMATIC_UPDATER_DISABLED', true );
Alternatively, you can disable all updates to the core using:
define( 'WP_AUTO_UPDATE_CORE', false )
As noted previously, since version 3.7, WordPress is configured to install minor updates to core files automatically (unless advised otherwise). You can enhance automatic updates so that both minor and major updates to the core are applied automatically.
define( 'WP_AUTO_UPDATE_CORE', true );
Please be aware that applying major updates to the core automatically can cause problems if the new version of WordPress clashes with your theme or with one of your activated plugins. It is therefore safer to install major updates to the core manually so that you can resolve any problems that occur right away (e.g. an automatic update performed during the night could place your website offline for several hours).
8. Enable Automatic Updates for Plugins and Themes
WordPress plugins and themes can also be updated automatically. To update plugins automatically, add this code to the wp-config.php file:
add_filter( 'auto_update_plugin', '__return_true' );
To update themes automatically, use this code:
add_filter( 'auto_update_theme', '__return_true' );
Like core updates, it can be very risky enabling automatic theme and plugin updates on a live website. All it takes is one small error and your website could crash; and this could happen when you are away from your computer for a few days. Be careful.
9. Define Your FTP Details
Many hosts do not allow you to save your FTP details within the admin area. You can get round this problem by defining your connection details within the wp-config.php file:
define('FTP_SSL', true); // If you can use a SSL connection set this to true
10. Define Your Website and Blog URL
The WP_HOME option overrides the wp_options table value for the WordPress Home URL found in general settings (i.e. www.yourwebsite.com/wp-admin/options-general.php). Overriding the value does not change the value stored in the database.
To use it, simply add this to your website’s wp-config.php file:
define('WP_HOME', 'http://www.yourwebsite.com'); // main url or blog url
The other URL you will find under the general settings area is Site Address. You can override the value defined in the database by adding this to your website’s wp-config.php file:
define('WP_SITEURL', 'http://www.yourwebsite.com'); // site url
I have heard many WordPress users state that defining these values in the wp-config.php file will reduce the number of queries to your database as themes and plugins do not need to get this information from the wp_options table. When I tested this myself using GTmetrix, I did not see a reduction in queries.
What this snippet is useful for is moving WordPress. When you migrate WordPress to a new domain, you can define the new URL in wp-config.php so that you do not have to change it manually through the database.
I hope you have all enjoyed this collection of wp-config.php snippets. If I have missed any good snippets for the wp-config.php file, please feel free to share it in the comment area.
Be sure to subscribe to WPHub too so that you never miss a post :)