Mastering WordPress Configuration – wp-config.php
Mastering wp-config.php -- An IntroductionAs the name suggests, wp-config.php is the file that contains the configuration related settings of WordPress. Database name, username, password, and so on -- if the data is related to the smooth functioning of your WP site, chances are that it gets a mention under wp-config.php. Beyond that, many themes and plugins also tend to add their own constants and configuration settings to this file. Oh, and the file has its share of trivia curve as well: it is not there in the downloadable versions of WordPress, and as mentioned above, it contains a good deal of your database settings. We will by-pass all of that information -- if you still need it, you can find it in the Codex. With that said, let us now dive straight in to tweaking wp-config.php
Tweaks Related to Security
1. Restrict Access to wp-config.phpNaturally, if a file is so important, should it not have limited access? After all, the internet is not the safest place on earth. The following code will ensure that your wp-config.php is not publicly accessible (for instance, at www.yourwebsite.com/wp-config.php).
deny from all
</files>Just a note, though: you will need to add the above code to your .htaccess file, not the wp-config.php file.
2. Force SSL on Admin PagesIf you have SSL access on your server, you can force WordPress to employ it for the admin pages:
define (‘FORCE_SSL_ADMIN’, true);More info about this tweak here.
3. Change Database PrefixGenerally, the common trend is to employ ‘wp_’ as the database prefix for WordPress databases. It is quite easy for a malicious hacker to guess that prefix, and many people prefer using a different database prefix:
$table prefix = ‘yo’;For newer WP installations, though, you can also specify this value directly at the time of installation. Also, for an existing installation, simply heading to the wp-config.php file and changing the prefix value will break your installation: instead, you should consider employing a plugin such as this.
4. Disable Editing Plugins and ThemesIf you are worried about your theme or plugin files being compromised (or, for example, accidentally edited by a non-geek client), use the following constant:
define (‘DISALLOW_FILE_EDIT’, true);Similarly, to disable newer theme or plugin installations, use the following:
define (‘DISALLOW_FILE_MODS’, true);
Tweaks Related to Speed and Productivity
1. Move Your WP BlogYes, if you have tried to move your WP installation across servers (especially across domains) without the comfort of XML exports/imports, you must have found the process annoying. To save yourself from the annoyance, you can use this constant prior to moving the website:
define (‘RELOCATE’, true);Now, move your WP site to the new domain. Once you login there, you will find your home URL changed. However, this method will not alter any hard-coded links of yours. For that purpose, you can make use of any proper plugin.
2. Use a Cookie DomainThis tweak is useful if you serve your media uploads and other similar content from a different location (for example, a sub-domain of your site). The following constant will ensure that WP cookies are not sent each time your media content is requested from the concerned location:
define (‘COOKIE_DOMAIN’, ‘www.url.com’);
3. Disable Post RevisionsBy default, the Post Revisions feature is enabled in WordPress. Now, not many people use it to go back to earlier versions of their posts, and if you are one of them, you can happily turn it off to save yourself from unnecessary database transactions which only end up making your database a bloat.
define (‘WP_POST_REVISIONS’, false);Alternatively, you can also limit the number of such revisions (because, after all, who uses infinite post revisions?):
define (‘WP_POST_REVISIONS’, 3);
4. Turn On CachingTo turn on the native caching mechanism, use this constant:
define (‘WP_CACHE’, true);
5. Modify Autosave IntervalYou can configure the frequency of autosaves as under (in seconds):
define (‘AUTOSAVE_INTERVAL’, 180);