11 Useful Tips and Tricks for Setting Up wp-config.php File

Posted by
Updated onJanuary 25, 2022

Not happy with your web hosting service provider?

wp-config.php Tips And Tricks
Approx. read time : 6 min

In the WordPress CMS, there are more than around 981 files and 95 folders. None of these files require manual changes, except the wp-config.php file. Of course, we do not need to edit the file, if we are satisfied with the standard WordPress configuration, but it is very important to learn to work with this file, to apply security measures, tricks to speed up the site and other things that we study in this article.

Backup First!

It is better to be safe than being sorry: Make a backup right now! Use the built-in export feature or the plugin, or make a backup through phpMyAdmin, but always make sure you have a backup of your website.

Your manipulation can affect the database, but they will not do anything to any files other than the file to which you will be working on, so make a backup of the wp-config.php file. If you did not make a copy of your files for more than a month, I would advise to do it, too. Frequent backups – it’s always good.

Ready? Go!
Speed: Disconnect the saved versions … Now!

The function of maintaining database versions is enabled by default but can lead to a significant “ballooning” of the database. Saved versions exist in order to enable you to roll back to a previous version of the database (if you need to). If you do not plan to use versioning to check the “early version” of your database, you should definitely disable this feature by adding this code in the wp-config.php:

define('WP_POST_REVISIONS', false );

However, if you are satisfied with the version, but you do not want to have an infinite number of copies of your modified entries, you can limit the number of versions stored for each post by using this line of code:

define('WP_POST_REVISIONS', 2 );
Speed: Set the Cookie for Domain

If you handle static content (e.g., downloading media) subdomain, a good idea would be to set “the cookie for the domain”.

define('COOKIE_DOMAIN', 'www.yourwebsite.com');

Tip: To process media download for a subdomain, just enter the last two text boxes in the Media Options page path (for example, / home / my_blog / the public_html / my_subdomain) and the URL (e.g., http://mysubdomain.myblog.com/) your subdomain.

Speed: Change the file system method

If you frequently install, update, or delete your plugins and themes, it is very likely that you hate to enter your FTP password each time you do something. The following code simplifies it for you, making the file system to use direct request via the PHP. In other words, you no longer need to enter the FTP login data.

define('FS_METHOD', 'direct');

Please note that this may not work with all web hosting providers, and even if triggered, can cause security problems on poorly configured hosting. So make sure you use it on a good server.

Safety: No access to the wp-config.php file

This trick does not require editing the wp-config.php file and the .htaccess file in your root folder. In fact, it prevents attackers from downloading yourblog.com/wp-config.php through the browser:

# protect wpconfig.php
<files wp-config.php>
    order allow,deny
    deny from all

Just add this to your .htaccess file and you’re done!

Safety: the SSL in the admin panel

Is SSL enabled on your server? Excellent! You can force WordPress to use a secure connection with the authorization by this line of code:

define('FORCE_SSL_LOGIN', true);

And if you are taking security on high priority (which is really good), you can force WordPress to use SSL on each admin page, everything is done through an encrypted connection:

define('FORCE_SSL_ADMIN', true);

For more information about how to configure SSL, you can find in the WordPress Codex page on the Administration over the SSL.

Security: Change database prefix

If you have a WordPress security loophole that allows attackers to use a hacking technique known as “SQL injection”, they can easily use standard table prefix of your WordPress database to remove them. But if you have a table prefix, different (wp_), they will not be able to guess them.

So, setting a new WordPress site, change the default value on the setup page, or change the following line in the wp-config.php file:

$table_prefix  = 'wooh00yeah_';

Note: If you want to make it work on an existing site, you cannot simply change the prefix in a wp-config.php file – you will get a connection error with the database. You need to use a plugin that will change the wp-config.php file, and database tables, and some of the values in the tables. I recommend using Change Prefix plugin.

Security: Add Security keys … Now!

Let’s just read WordPress Codex:

In simple words, the secret key is the password with the elements that complicate the selection of a sufficient number of options for hacking. Password type “password” or “test” is simple and can be easily hacked. To pick a random, unpredictable password type “88a7da62429ba6ad3cb3c76a09641fc” take years.

This is one of the most basic security measures for WordPress and it’s just a copy and paste that is randomly generated on this page content to your wp-config.php file. The hardest part is to insert a standard, blank value for these constants and their removal!

Other: Change Autosave interval

If you sometimes work on your article for 4 hours, it can be annoying that WordPress automatically saves the recording every 60 seconds. I think this is not a bad thing, but sometimes it is very, very annoying. In any case, if you want to set the autosave interval of a greater value, you can do this by setting the value in the wp-config.php file like this:

define('AUTOSAVE_INTERVAL', 240 ); // the value should be in seconds!
Other: Move your WordPress site easily

WordPress is full of surprises and this is one of them. If you need to move your site to another domain (or a new subdomain, or a new folder), define this constant in your wp-config.php file to transfer your files and databases:

define('RELOCATE',true); // We're not done yet!

After setting this value and transfer your files and database, log in with your data on WP yournewwebsite.com/login.php and then check whether the home has changed URL in the General Settings page. After confirming the changes, delete the file from your constant wp-config.php. This simple trick will save you from editing the database manually.

Tip: Although it literally “takes” your site, it does not affect the hard-coded links in your content. To change them, you should use the plugin type Search Regex and replace the old with new links.

Other: Disable editing of plugin files and themes

If you are a web designer and you use WordPress for your clients’ sites, you may want to disable the editing of files and plugins, add the following constant:


Moreover, you can also disable the installation of new themes and plugins, and updates:


Just remember that the updated theme and plugin is often very important when they fix security loopholes. So if you want to disable the update and install new plugins / themes, you need to check for updates by other means.

Other: Enabling the WP_DEBUG development

It’s simple: If you develop a plugin or a theme, it would be good to include the ability to debug in WordPress to see what notifications and alerts you get:


Sometimes it’s just wonderful to see what simple mistakes you can make in the development!


We have seen 11 different tricks and tips that can help you to update your wp-config.php file, but the tricks are of course not limited to these. If you have any good tips, we invite you to share them in the comment box!

A Journalist Specializing in Blogging, Social Networking and Community Management. As a constant learner, Pravin is always aiming towards new ideas and greater knowledge. When he is not doing research, reading, or writing for blogs, you can find him hanging around social media sites.

Trusted By Thousands of Clients & Big Businesses

We highly appreciate the kind and stellar feedback we receive from our customers. Delivering the best is our goal! MilesWeb is rated Excellent out of 5 based on reviews. Read more reviews.

Based on reviews
2 hours ago
Perfect and Valuable Server + ...
I am using MilesWeb Servers, The main thing which I getting are continuous support over everything w...
Gunjan Makwana
4 hours ago
Milesweb is superb Hosting pro...
Milesweb is superb Hosting provider ever, their Support team is amazing!!!...
Abhishek Singh
15 hours ago
Great support in great timing...
We need urgent assistance on changes in a primary domain on our client's Cpanel accounts and reached...
Riyaju Deen
21 hours ago
Best Website Hosting platform ...
I was new on MilesWeb. And needed help on multiple areas from setting up to getting started with cre...
1 days ago
Very quick and helpful assista...
Very quick and helpful assistance. Support person listened properly and provided a nice solution....
1 days ago
the team is very supportive th...
the team is very supportive though at times effort needs to be made to make understand the problem s...
Suree Sharma
1 days ago
I am using miles web for 3plus...
I am using miles web for 3plus years, very quick and perfect support by the team, they helped me man...
Sri Raghav
2 days ago
The service is good...
The service is good. They are answering with patience and doing the needful as soon as possible....
2 days ago
Perfect and Valuable Server + ...
I am using MilesWeb Servers, The main thing which I getting are continuous support over everything w...
Gunjan Makwana
3 days ago
Very quick and helpful assista...
Very quick and helpful assistance. Support person listened properly and provided a nice solution....
4 days ago
positively helped me with find...
positively helped me with finding insecure content on my website causing SSL to not work properly on...
Thaviraj Junglee
4 days ago
Exceptional support, Truly Pra...
I had opted for the basic wordpress hosting plan as I intended to experiment with various plug-ins. ...
Aseem Chandna