Guide and tips for the wp-config.php file in WordPress
table of contents
wp-config.php file is one of the central files in a WordPress installation – it is responsible for defining all the important parameters of the site, from database connection data to security settings, languages, and internal process management. In this article, we will review ten tips that will help you improve, optimize, and ensure the health of your site by customizing and safely adjusting this file.
Database data
In every WordPress installation, the wp-config.php file contains the database connection information:
Database name
Username
Password
Server address (host)
The sample code looks like this:
define('DB_NAME', 'שם_מסד_הנתונים');
define('DB_USER', 'שם_משתמש');
define('DB_PASSWORD', 'סיסמה');
define('DB_HOST', 'localhost');
It is important to make sure all data is correct, especially when the database is on a separate server – which can add an extra layer of security to the site.
Changing the database prefix
When installing WordPress, the default prefix for database tables is wp_. It is recommended to change this to something unique so that attacks based on prefix discovery are less effective.
For example, instead of:
$table_prefix = 'wp_';
You can choose
$table_prefix = 'xyz123_';
If you are setting up a new site, it is recommended to change the prefix immediately. For existing sites, you can use plugins designed to change the prefix safely.
Language definition
In order to adapt the interface and display to the desired language, you can set the site language through the file:
define('WPLANG', 'he_IL'); // הגדרת האתר לעברית
define('LANGDIR', '/languages'); // מיקום קבצי השפה
This way you can ensure that the date, texts, and notifications are displayed correctly according to the Hebrew language.
Enabling Debug Mode
During website development or troubleshooting, enabling debug mode can help you discover and fix problems. Here are some of the options:
Enabling debugging:
define('WP_DEBUG', true); // הפעלת הדיבאג
define('WP_DEBUG_DISPLAY', true); // הצגת הודעות השגיאה על המסך
Logging error messages to a file:
define('WP_DEBUG_LOG', true); // שמירת הודעות שגיאה בקובץ debug.log
define('WP_DEBUG_DISPLAY', false); // מניעת הצגת הודעות ישירות למשתמש
@ini_set('display_errors', 0);
These settings allow developers to track errors without exposing sensitive information to site visitors.
Version management (Revisions)
WordPress automatically saves versions of your posts and pages, but sometimes the number of versions can grow and overload the database. You can control the number of versions:
Setting a save interval between versions:
define('AUTOSAVE_INTERVAL', 120); // שמירה אוטומטית כל 120 שניות
Limiting the number of versions:
define('WP_POST_REVISIONS', 5); // שמירת עד 5 גרסאות לכל פוסט/עמוד
Or completely disable versioning:
define('WP_POST_REVISIONS', false); // ביטול שמירת גרסאות
Think in advance about which option is best for your site to avoid unnecessary space in the database.
database repair
In cases where the database is corrupted or the site is not functioning properly, you can enable the WordPress repair tool:
define('WP_ALLOW_REPAIR', true); // הפעלת אפשרות תיקון ומיטוב מסד הנתונים
After adding the line, go to the link:
https://www.yoursite.com/wp-admin/maint/repair.php
Select the “Repair Database” or “Repair and Optimize” option.
After the repair, it is very important to remove the code and disable the option to prevent unauthorized access.
Increasing PHP memory
In cases of installing heavy plugins or when working with large websites, you may need to increase PHP memory:
define('WP_MEMORY_LIMIT', '512M'); // הגדלת זיכרון PHP 512MB
Please note that not all storage providers allow this manual change, and if necessary, it is recommended to consider switching to a storage provider with better performance.
Running a network of sites (Multisite)
WordPress allows you to run multiple websites from a single system. If you want to set up a network of websites – for example, a multilingual website or a blog network – you can enable this feature:
define('WP_ALLOW_MULTISITE', true); // הפעלת אפשרות רשת אתרים
After adding the code, you will see a new option in the control panel that allows you to set up and manage a network of websites.
Turning off the File Editor
WordPress comes with a built-in file editor, but using it can be dangerous – a small mistake in the code could bring down your site. It is recommended to turn off the editor:
define('DISALLOW_FILE_EDIT', true); // כיבוי עורך הקבצים
This way you can ensure that only access via FTP or professional file management tools will allow changes to the site’s source files and not from the control panel, which also adds an additional layer of protection to the site.
Trash management
WordPress stores deleted posts and pages in the Recycle Bin, and by default the Recycle Bin is emptied every 30 days. You can change this setting to suit your needs:
Setting a different time interval:
define('EMPTY_TRASH_DAYS', 7); // ריקון הסל כל 7 ימים
Or completely turning off the recycle bin:
define('EMPTY_TRASH_DAYS', 0); // כיבוי סל המחזור
Consider whether you need a recycling basket, and if necessary, adjust the settings to suit proper site management.
Security keys and switches
Adding keys and salts protects the information stored in cookies and user data:
define('AUTH_KEY', 'הכנסו פה מחרוזת ייחודית');
define('SECURE_AUTH_KEY', 'הכנסו פה מחרוזת ייחודית');
define('LOGGED_IN_KEY', 'הכנסו פה מחרוזת ייחודית');
define('NONCE_KEY', 'הכנסו פה מחרוזת ייחודית');
define('AUTH_SALT', 'הכנסו פה מחרוזת ייחודית');
define('SECURE_AUTH_SALT', 'הכנסו פה מחרוזת ייחודית');
define('LOGGED_IN_SALT', 'הכנסו פה מחרוזת ייחודית');
define('NONCE_SALT', 'הכנסו פה מחרוזת ייחודית');
You can generate keys here https://api.wordpress.org/secret-key/1.1/salt/
Changing content paths (Custom Content Directory)
The content directory (wp-content) can be moved to a different location for security and customization:
define('WP_CONTENT_DIR', dirname(__FILE__) . '/custom-content');
define('WP_CONTENT_URL', 'https://www.yoursite.com/custom-content');
This way you can hide sensitive information and organize your website files in a unique way.
WP_CRON Management
WordPress uses the internal cron system to manage scheduled tasks, but sometimes it’s better to rely on system tasks:
define('DISABLE_WP_CRON', true);
Then set up a task in the server’s cron to improve performance and reliability.
Limit automatic updates
Although automatic updates can be essential for security, it is advisable to control them manually:
define('AUTOMATIC_UPDATER_DISABLED', true);
This way you can make sure to perform a backup before updating.
Forcing SSL in the website manager
To ensure a secure connection to the admin area:
define('FORCE_SSL_ADMIN', true);
This line will ensure that all wp-admin access is done over an HTTPS connection.
XML-RPC prevention (security)
if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) {
header('HTTP/1.0 403 Forbidden');
exit;
}
This reduces the chance of attacks via XML-RPC.
Caution Pay attention
Before making any changes, it is important to perform a full backup of your site, so that you can always revert to a normal state in the event of a problem. Investing in proper file configuration can improve site performance and reduce future problems and glitches.
