Search our site for answers
Help Docs Content Management Systems (CMS) WordPress Overview The wp-config.php in WordPress

The wp-config.php in WordPress

The wp-config.php file is vital for WordPress, controlling database settings, debugging, memory, security keys, URLs, and directory paths.
WordPress
4 min read

Understanding wp-config.php in WordPress

Introduction

The wp-config.php file is a vital part of every WordPress installation. It acts as the blueprint for how WordPress connects to the database and defines settings that control everything from memory usage to debugging, directory paths, and more.

You’ll find this file in the root directory of your WordPress install (same location as wp-login.php and wp-admin/). Many site-level optimizations, fixes, and customizations start here.

You can use a combination of WordPress constants and PHP configuration directives in this file:

WordPress constants use this format:

define('CONSTANT_NAME', 'value');

PHP values are set using:

@ini_set('php_setting', 'value');


There is a lot that can be included in this file. Below are a few of them.

Key Sections in wp-config.php

This section contains your WordPress database credentials. If your site throws an “Error establishing a database connection”, it’s the first place to check.

define('DB_NAME', 'your_db_name');
define('DB_USER', 'your_db_user');
define('DB_PASSWORD', 'your_db_password');
define('DB_HOST', 'localhost'); 
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
  • DB_HOST is typically localhost. If you’re using a remote DB, enter its IP or hostname.
  • DB_CHARSET is usually utf8 — best for universal character support.
  • DB_COLLATE is left blank so MySQL can manage it automatically.

Note: Double-check that quotes in this section are ' and not backticks or typographic quotes (like ' or ') — which can cause connection errors.

Table Prefix

$table_prefix = 'wp_';

This defines the prefix for all WordPress database tables. Change this if you’re running multiple installs in one database or want added security.

Debugging and Error Reporting

Enabling debug mode can help you troubleshoot issues. WordPress offers constants for logging and displaying errors.

define('WP_DEBUG', true);
define('WP_DEBUG_DISPLAY', true);
define('WP_DEBUG_LOG', true);
  • WP_DEBUG: Enables debug mode.
  • WP_DEBUG_DISPLAY: Shows errors in the browser.
  • WP_DEBUG_LOG: Saves errors to /wp-content/debug.log.

Tip: Turn these off (false) once you’re done debugging to avoid exposing sensitive info.

PHP Memory Limits

You can increase memory available to PHP via wp-config.php, which is helpful for large plugins, themes, or media-heavy pages.

@ini_set('memory_limit', '256M');
define('WP_MEMORY_LIMIT', '128M');
define('WP_MAX_MEMORY_LIMIT', '256M');

WP_MEMORY_LIMIT applies to frontend usage.
WP_MAX_MEMORY_LIMIT affects wp-admin/backend operations.

Site URL and Home

If you’re migrating or staging a WordPress site, you can override the site and home URLs without changing the database.

define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');

WP_HOME: The public-facing URL.
WP_SITEURL: Where WordPress core files live. These may differ if WordPress is installed in a subdirectory.

Custom Directory Paths

You can change default WordPress paths for themes, plugins, uploads, and more. Useful for custom setups or extra security.

Example – Move wp-content:

define('WP_CONTENT_DIR', dirname(__FILE__) . '/new-content');
define('WP_CONTENT_URL', 'https://yourdomain.com/new-content');

Plugin Directory:

define('WP_PLUGIN_DIR', dirname(__FILE__) . '/new-content/plugins');
define('WP_PLUGIN_URL', 'https://yourdomain.com/new-content/plugins');

Uploads Directory (relative to ABSPATH):

define('UPLOADS', 'custom-uploads');

Authentication Keys & Salts

This has to do with enhanced security for WordPress. It is all generated during installation, and if left blank WordPress should auto generate them. If a WordPress site gets hacked, it would be advisable to recreate and re salt the keys. WordPress has a auto generator for this.

define('AUTH_KEY', '...');
define('SECURE_AUTH_KEY', '...');
define('LOGGED_IN_KEY', '...');
define('NONCE_KEY', '...');
define('AUTH_SALT', '...');
define('SECURE_AUTH_SALT', '...');
define('LOGGED_IN_SALT', '...');
define('NONCE_SALT', '...');

Re-generating these can force logout for all users, this is useful after a hack or compromise.

File Edits and Plugin Installation Restrictions

Disable file editing from wp-admin:

define('DISALLOW_FILE_EDIT', true);

Disable all plugin/theme installations/updates:

define('DISALLOW_FILE_MODS', true);

DISALLOW_FILE_MODS also includes the functionality of DISALLOW_FILE_EDIT.

Database Repair and Optimization


You can enable WordPress’s built-in database repair tool:

define('WP_ALLOW_REPAIR', true);

Then visit:
https://yourdomain.com/wp-admin/maint/repair.php

You’ll see options to repair or repair and optimize the database.

Summary

The wp-config.php file is the core configuration file for your WordPress site, allowing you to control database access, enable debugging, set PHP memory limits, and define custom URLs and directory paths. It also lets you enhance security with authentication keys, restrict file editing, and configure update methods. Most changes take effect immediately, but syntax errors can cause site issues, so always back up the file before editing.

Was this article helpful?