Thiết Kế Website
SEO tổng thể
Sáng Tạo Nội Dung
Bộ nhận diện thương hiệuHướng Dẫn A-Z, Kiến Thức Wordpress
How to Edit wp-config.php File in WordPress (Step by Step)
During your WordPress journey, you will often come across tutorials that ask you to edit the ‘wp-config.php’ file. This file is important because it controls critical WordPress settings, making it a powerful tool for managing your site.
Over the years, we have worked with countless WordPress setups. This experience has shown us how crucial the wp-config.php file is, especially for security, performance, and troubleshooting.
In this article, we will teach you how to edit the wp-config.php file in WordPress. We will also share some of the best practices we’ve developed over the years.
Here is a list of topics we will cover in this guide:
- What Is the wp-config.php File?
- Getting Started
- Accessing and Editing the wp-config.php File
- Understanding the wp-config.php File
- MySQL Settings in wp-config.php File
- Authentication Unique Keys and Salts
- WordPress Database Table Prefix
- WordPress Debugging Mode
- Absolute Path Settings
- Useful wp-config.php Hacks and Settings
- Changing MySQL Port and Sockets in WordPress
- Changing WordPress URLs Using wp-config.php File
- Changing Uploads Directory Using The wp-config.php File
- Disable Automatic Updates in WordPress
- Limit Post Revisions in WordPress
What Is the wp-config.php File?
As the name suggests, it is a configuration file that is part of all self-hosted WordPress sites.
Unlike other core WordPress files, the wp-config.php file does not come built-in with WordPress.
Instead, it’s explicitly generated for your site during the installation process.
WordPress stores your database information in the wp-config.php file. Without this information, your WordPress website will not work, and you will get the ‘error establishing database connection‘ error.
The wp-config.php file contains several other high-level settings in addition to database information. We will explain them later in this article.
Regular WordPress users might not need to edit the wp-config.php file frequently. However, understanding how to do it can make you more proficient in managing your WordPress site.
Since this file contains a lot of sensitive information, it is recommended that you don’t mess with it unless you have absolutely no other choice.
But since you’re reading this article, you need to edit the wp-config.php file. Below are the steps to do it without messing things up.
Getting Started
The wp-config.php file is so important to a WordPress site that a tiny mistake can make your website inaccessible.
That’s why, before making any critical changes to your WordPress website, you should always create a complete WordPress backup.
This ensures that your WordPress data and settings are backed up and can be restored if something goes wrong.
We recommend using Duplicator. It is the best WordPress backup plugin and allows you to easily back up your website.
Note: There is also a free version of Duplicator available. However, we recommend upgrading to the paid plan to unlock more features.
Accessing and Editing the wp-config.php File
The wp-config.php file is found on your WordPress hosting server.
You can access it by connecting your website using an FTP client or the File Manager app in your hosting account control panel.
An FTP client allows you to transfer files between a server and your computer. Windows users can install FileZilla, WinSCP, or SmartFTP, while Mac users can choose from FileZilla, Transmit, or CyberDuck.
First, you need to connect to your website using an FTP client. You will need FTP login information, which you can get from your web host. If you don’t know your FTP login information, you can contact your hosting provider’s support team.
The wp-config.php file is usually located in the root folder of your website with other folders like wp-includes, wp-content, and wp-admin.
Simply right-click on the file and select ‘Download’ from the menu.
Your FTP client will now download the wp-config.php file to your computer. You can open and edit it using a plain text editor app like Notepad or Text Edit.
Once you have finished editing it you can simply upload it back to your website using FTP.
You will then see a message that the file already exists with a bunch of options. Select ‘Overwrite’ and click ‘OK’.
Understanding the wp-config.php File
Before you start, let’s examine the full code of the default wp-config.php file. You can also see a sample of this file here.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
<span style="font-size: 115%; color: #000000;"><?php /** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the installation. * You don't have to use the website, you can copy this file to "wp-config.php" * and fill in the values. * * This file contains the following configurations: * * * Database settings * * Secret keys * * Database table prefix * * ABSPATH * * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/ * * @package WordPress */ // ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'database_name_here' ); /** Database username */ define( 'DB_USER', 'username_here' ); /** Database password */ define( 'DB_PASSWORD', 'password_here' ); /** Database hostname */ define( 'DB_HOST', 'localhost' ); /** Database charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8' ); /** The database collate type. Don't change this if in doubt. */ define( 'DB_COLLATE', '' ); /**#@+ * Authentication unique keys and salts. * * Change these to different unique phrases! You can generate these using * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}. * * You can change these at any point in time to invalidate all existing cookies. * This will force all users to have to log in again. * * @since 2.6.0 */ define( 'AUTH_KEY', 'put your unique phrase here' ); define( 'SECURE_AUTH_KEY', 'put your unique phrase here' ); define( 'LOGGED_IN_KEY', 'put your unique phrase here' ); define( 'NONCE_KEY', 'put your unique phrase here' ); define( 'AUTH_SALT', 'put your unique phrase here' ); define( 'SECURE_AUTH_SALT', 'put your unique phrase here' ); define( 'LOGGED_IN_SALT', 'put your unique phrase here' ); define( 'NONCE_SALT', 'put your unique phrase here' ); /**#@-*/ /** * WordPress database table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_'; /** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the documentation. * * @link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/ */ define( 'WP_DEBUG', false ); /* Add any custom values between this line and the "stop editing" line. */ /* That's all, stop editing! Happy publishing. */ /** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } /** Sets up WordPress vars and included files. */ require_once ABSPATH . 'wp-settings.php'; </span> |
Each section of the wp-config.php file is well documented in the file itself. Almost all settings here are defined using PHP constants.
|
1 2 |
<span style="font-size: 115%; color: #000000;">define( 'constant_name' , 'value'); </span> |
Let’s take a closer look at each section in the wp-config.php file.
MySQL Settings in wp-config.php File
Your WordPress database connection settings appear in the ‘Database Settings’ section of the wp-config.php file.
You will need your MySQL host, database name, database username, and password to complete this section.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<span style="font-size: 115%; color: #000000;">// ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'database_name_here' ); /** Database username */ define( 'DB_USER', 'username_here' ); /** Database password */ define( 'DB_PASSWORD', 'password_here' ); /** Database hostname */ define( 'DB_HOST', 'localhost' ); /** Database charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8' ); /** The database collate type. Don't change this if in doubt. */ define( 'DB_COLLATE', '' ); </span> |
Here is a list of the constants in this section and what they do.
| Constant Name | Description |
|---|---|
| DB_NAME | The name of the database for WordPress. |
| DB_USER | The username used to access the WordPress database. |
| DB_PASSWORD | The password for the database username. |
| DB_HOST | The hostname of the database server (usually ‘localhost’). |
| DB_CHARSET | The hostname of the database server (usually ‘localhost’). |
| DB_COLLATE | The collation type for the database (usually left blank). |
To fill in these values, you will need database information, which you can find in your web hosting account’s control panel.
Depending on your hosting provider, your control panel may look slightly different than the screenshots below. In that case, you need to look for the ‘Databases’ section in your hosting account.
For instance, if you are using Bluehost, first log in to your hosting account. Then, click ‘Settings’ under your website.
This will show you different settings for your website.
Switch to the Advanced tab and then click ‘Manage’ next to the ‘cPanel’ section.
It will open the cPanel interface in a new browser tab.
From here, you need to scroll to the Databases section and click ‘MySQL Databases.’
On the MySQL Databases page, you will find the list of your current database, username, and password.
If you cannot find your WordPress database or MySQL username and password, then you need to contact your web host.
What Are DB_CHARSET and DB_COLLATE in wp-config.php File?
The ‘DB_CHARSET’ setting specifies the character set for your WordPress database tables. The default is utf8, which supports most languages and ensures broad compatibility.
The ‘DB_COLLATE’ setting defines how the database sorts and compares characters.
We recommend leaving it blank and letting MySQL use the default collation for the specified character set (utf8_general_ci for utf8).
Authentication Unique Keys and Salts
Authentication keys and salts are security features in the wp-config.php file. They add extra protection to your WordPress installation by ensuring strong encryption of information stored in user cookies.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
<span style="font-size: 115%; color: #000000;">/**#@+ * Authentication unique keys and salts. * * Change these to different unique phrases! You can generate these using * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}. * * You can change these at any point in time to invalidate all existing cookies. * This will force all users to have to log in again. * * @since 2.6.0 */ define( 'AUTH_KEY', 'put your unique phrase here' ); define( 'SECURE_AUTH_KEY', 'put your unique phrase here' ); define( 'LOGGED_IN_KEY', 'put your unique phrase here' ); define( 'NONCE_KEY', 'put your unique phrase here' ); define( 'AUTH_SALT', 'put your unique phrase here' ); define( 'SECURE_AUTH_SALT', 'put your unique phrase here' ); define( 'LOGGED_IN_SALT', 'put your unique phrase here' ); define( 'NONCE_SALT', 'put your unique phrase here' ); /**#@-*/ </span> |
There are eight different keys and salts in total. Each key and salt pair is a random, long string of text numbers and special characters.
Here is what each key does:
| Constant Name | Description |
|---|---|
| AUTH_KEY | Authenticate cookies and ensure data integrity. |
| SECURE_AUTH_KEY | Secure the authentication cookie when using SSL. |
| LOGGED_IN_KEY | Validate logged-in cookies. |
| NONCE_KEY | Protect nonces (numbers used once) from being guessed. |
| AUTH_SALT | Adds extra security to the authentication process. |
| SECURE_AUTH_SALT | Adds extra security to the authentication process. |
| LOGGED_IN_SALT | Adds extra security to the logged-in process. |
| NONCE_SALT | Adds extra security to the nonce creation and verification process. |
You can generate new keys by visiting the WordPress.org secret keys generator. You can also change them later if you suspect someone is attempting to access your WordPress admin area.
For more information, take a look at our guide on WordPress security keys.
WordPress Database Table Prefix
By default, WordPress adds the ‘wp_’ prefix to all the tables it creates in the database.
It is recommended that you change your WordPress database table prefix to something random during installation.
This will make it difficult for hackers to guess your WordPress tables and will save you from some common SQL injection attacks.
|
1 2 3 4 5 6 7 8 |
<span style="font-size: 115%; color: #000000;">/** * WordPress database table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_'; </span> |
Important ⚠️: Please note that you cannot change this value for an existing WordPress site. To change these settings on an existing WordPress site, follow the instructions in our article on how to change the WordPress database prefix.
WordPress Debugging Mode
This setting is particularly useful for users learning WordPress development or troubleshooting errors.
By default, WordPress hides notices generated by PHP when executing code. Simply setting the debug mode to ‘true’ will show you these notices.
This provides crucial information for developers to find bugs. It will also help if you are trying to troubleshoot issues on a WordPress site.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
<span style="font-size: 115%; color: #000000;">/** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the documentation. * * @link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/ */ define( 'WP_DEBUG', false ); </span> |
Alternatively, you can also choose to keep a log of errors and notices.
For more detailed instructions, check out our tutorial on enabling debug mode in WordPress.
Absolute Path Settings
The last part of the wp-config file defines the absolute path. This instruction tells WordPress where to find the core WordPress files.
After this instruction, the ABSPATH is used to load the wp-settings.php file.
|
1 2 3 4 5 6 7 8 |
<span style="font-size: 115%; color: #000000;">/** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } /** Sets up WordPress vars and included files. */ require_once ABSPATH . 'wp-settings.php'; </span> |
Both these settings are not meant to be changed.
To understand how WordPress loads files, take a look at our explainer on how WordPress works behind the scenes. It will give you a step-by-step breakdown of how WordPress core software works.
Useful wp-config.php Hacks and Settings
We have covered the default wp-config.php settings so far. Now, let’s examine some additional settings.
These settings are optional and can be used when needed. They can help you troubleshoot errors and solve many common WordPress errors.
Changing MySQL Port and Sockets in WordPress
If your WordPress hosting provider uses alternate ports for MySQL host, then you will need to change your DB_HOST value to include the port number.
Note: This is not a new line, but you must edit the existing DB_HOST value.
|
1 2 |
<span style="font-size: 115%; color: #000000;">define( 'DB_HOST', 'localhost:5067' ); </span> |
Don’t forget to change the port number 5067 to whatever port number is provided by your web host.
If your host uses sockets and pipes for MySQL, then you will need to add it like this:
|
1 2 |
<span style="font-size: 115%; color: #000000;">define( 'DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock' ); </span> |
Changing WordPress URLs Using wp-config.php File
You may need to change WordPress URLs when moving a WordPress site to a new domain name.
You can change these URLs by visiting the Settings » General page.
You can also change these URLs using the wp-config.php file. This comes in handy if you are unable to access the WordPress admin area due to the error too many directs issue.
Simply add these two lines to your wp-config.php file:
|
1 2 3 |
<span style="font-size: 115%; color: #000000;">define('WP_HOME','http://example.com'); define('WP_SITEURL','http://example.com'); </span> |
Don’t forget to replace example.com with your domain name.
You also need to keep in mind that search engines treat www.example.com and example.com as two different locations (See www vs non-www – Which one is better for SEO?).
If your site is indexed with a www prefix, then you need to add your domain name accordingly.
Changing Uploads Directory Using The wp-config.php File
By default, WordPress stores all your media uploads in the/wp-content/uploads/ directory.
If you want to store your media files in a different location, you can add this line of code in your wp-config.php file:
|
1 2 |
<span style="font-size: 115%; color: #000000;">define( 'UPLOADS', 'wp-content/media' ); </span> |
Note that the uploads directory path is relative to the ABSPATH automatically set in WordPress. Adding an absolute path here will not work.
See our detailed guide on how to change the default media upload location in WordPress for more information.
Disable Automatic Updates in WordPress
WordPress has automatic updates enabled by default. This allows WordPress sites to automatically update when a minor update is available.
For instance, if your site is running WordPress 6.6 and a security update 6.6.1 is released, then WordPress will automatically install the update.
However, when WordPress 6.7 is released, you will be asked to initiate the update.
While automatic updates are critical for security, many users fear that they can also break their website, making it inaccessible.
Adding this single line of code to your wp-config.php file will disable all automatic updates on your WordPress site:
|
1 2 |
<span style="font-size: 115%; color: #000000;">define( 'WP_AUTO_UPDATE_CORE', false ); </span> |
See our tutorial on how to disable automatic updates in WordPress for more information.
Limit Post Revisions in WordPress
WordPress comes with built-in autosave and revisions. See our tutorial on how to undo changes in WordPress with post revisions.
Revisions take up little space on most websites. However, we noticed a significant increase in database backup size for some of our larger websites.
If you run a large website, then you can limit the number of revisions you want to keep in the database.
Simply add this line of code to your wp-config.php file to limit the number of revisions stored for a post:
|
1 2 |
<span style="font-size: 115%; color: #000000;">define( 'WP_POST_REVISIONS', 3 ); </span> |
Replace 3 with the number of revisions you want to store.
WordPress will now automatically discard older revisions. However, your older post revisions are still stored in your database. See our tutorial on how to delete old post revisions in WordPress.
We hope this article helped you learn how to edit the wp-config.php file in WordPress and all the cool things you can do with it. You may also want to see our article on password-protecting the WordPress admin directory or our tips for using the WordPress admin bar.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.