The most important file in any WordPress installation is the wp-config.php file.

The wp-config.php file was originally named wp-config-sample.php. Renaming the file to wp-config.php is one of the first steps to installing WordPress. The wp-config file is typically stored in the root directory of WordPress. Alternatively, you can move the wp-config file out of the WordPress root directory and into the parent directory. So if your WordPress directory is located here, /public_html/my_website/wp-config.php
you can safely move the file to here:

WordPress looks for the wp-config file in the root directory first, and if it can’t find that file it looks in the parent directory. This happens automatically so no settings need to be changed for this to work.

Some options in WordPress are stored as constants and these can be seen in the wp-config.php file.The constraints all have the same format:

define( 'OPTION_NAME', 'value' );

When adding new options to the wp-config.php file, it’s important the options are added above the line that reads:

/* That's all, stop editing! Happy blogging. */



When you install WordPress, make sure DB_NAME, DB_USER, and DB_PASSWORD options are correctly set for your database server.

Also, verify that the DB_HOST name is set to the correct host for your server. Typically, this is set to localhost, but some hosting companies configure WordPress packages with web servers and MySQL servers on different machines, necessitating a hosting company-specific configuration option to locate the MySQL database.

You can change the database character set (charset) by changing the DB_CHARSET option value. By default, this is set to utf8 (Unicode UTF-8), which supports any language, and is almost always the best option.

Since WordPress 2.2, the DB_COLLATE option has allowed the designation of the database collation, that is, the sort order of the character set. (A character set is a collection of symbols that represents words in a language. The collation determines the order to use when sorting the character set, usually alphabetical order.) This option, by default, is blank and should typically stay that way. If you would like to change the database collation, just add the appropriate value for your language.




Another security feature included in wp-config.php is the ability to define the database table prefix for WordPress. By default, this option value is set to wp_. You can change this value by setting the $table_prefix variable value to any prefi x, like so:

$table_prefix = ‘onlinestore_’;


WordPress security can be strengthened by setting secret keys in your wp-config.php fi le. A secret key is a hashing salt, which makes your site harder to hack by adding random elements (the salt) to the password you set. These keys aren’t required for WordPress to function, but they add an extra layer of security on your website.

If you want to stop the WordPress from automatic update:

require_once ABSPATH . 'wp-settings.php';
define( 'WP_AUTO_UPDATE_CORE', false );


WordPress Troubleshooting

define( ‘WP_DEBUG’, false );


/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );


Advanced wp-config Options


You can set additional advanced options in your wp-config file. These options are not in the wp-config file by default so you will need to manually add them to the file. To set your WordPress address and blog address, use the following two options:

define( 'WP_SITEURL', '' );
define( 'WP_HOME', '' );

The WP_SITEURL option allows you to temporarily change the WordPress site URL. This does not alter the database option value for siteurl, but instead temporarily changes the value. If this option is removed, WordPress reverts back to using the siteurl database setting. The WP_HOME option works the exact same way, letting you temporarily change the home value for WordPress. Both values should include the full URL including http://.


Version 2.6 introduced an option that allows you to move the wp-content directory. The two required options are:

define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] .'/wordpress/blog/wp-content' );
define( 'WP_CONTENT_URL', '');

The WP_CONTENT_DIR option value is the full local path to your wp-content directory. The WP_CONTENT_URL is the full URI of this directory. Optionally, you can set the path to your plugins directory like so:

define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' );
define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');

WP_PLUGIN_DIR and WP_PLUGIN_URL are options used by plugin developers to determine where your plugin folder resides. If a plugin developer is not using these constants, there is a very good chance their plugin will break if you move your wp-content directory.