WordPress wp-config.php overview


In WordPress, the wp-config.php file is the most important file which, in plain text, contains the database information (including passwords). A misconfiguration of this file can cause a WordPress site to go down.

If you're unfamiliar with this, read the WordPress Codex: Editing wp-config.php article before you begin.

Where is the wp-config.php file located?

This file is located in your WordPress site's directory. For example, if you installed WordPress onto your site named example.com, the file would be located in the main example.com directory. In that folder, you'll see all of your WordPress files.

Standard content

Certain settings are put in the wp-config.php by default. All of these must be there for the file to work.

Database settings

Database credentials are found in the DreamHost panel. View the MySQL credentials article for further details.

The following lines are added to the wp-config.php file by default. These lines tell your installation where to find your database content which is responsible for loading your pages and posting content:

define('DB_NAME', ‘exampledatabase’);
define('DB_USER', 'exampledbuser');
define('DB_PASSWORD', ‘database password here’);
define('DB_HOST', 'mysql.example.com');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

Authentication unique keys and salts

WordPress uses security keys to protect logged in users. You can generate these using the WordPress.org secret-key API. If you don't see them in the file, you should add them. If you've been hacked, you can replace them. No data will be lost.

define('AUTH_KEY',         'hvKlL_)w&k{ybi{4cHV3G9x3t[]!@y$e*jW?Qt@bqkiRlr.Wy8]t6)/*<y1![S!P');
define('SECURE_AUTH_KEY',  'O=oxZd%3fks%6ne+w+-A|B.`X-YcTCjD`<aF_H-vbQ[vMd4d?C;u,X$@q|t-dE28');
define('LOGGED_IN_KEY',    'Gm#l.Z8{j/F$s0UqEbptEIi`Rl{ hmmA4]N$UxDw`6t>`HlgC$UP0>-ix? Zak87');
define('NONCE_KEY',        'N{_@b|dS-L7~C2r*3LbHyx%r[i+z>j|~jY<SN;rSr#QMhiQ.nwrISn!0y,H>2pUc');
define('AUTH_SALT',        '5w%BS*,%rZ*|L?3sxCQ@-hFBM3aeN$Z0-^fPU1uU|O672X d|~4/I=5LLr.]*N8M');
define('SECURE_AUTH_SALT', 'o-O }+zw>[{8OUM)]UBcR_TTtwRtPTx+dN$K=zklG2:gJ!Z-{f,17(|65+odw(&6');
define('LOGGED_IN_SALT',   'rl45Nq@h|Va3P+ML? -r&7`xay)4$a+Zp (#pw!(4C^WV:7[i#jJ@J|JyZmA-NAX');
define('NONCE_SALT',       'Vnor?.uqj+/`KS+<r]$G_.)gBmbyxI4S|?1+t<jR|+wh[$i%+vvv|KA)E#g?jn.f');

View the following link for further details:

Database prefix

The default here is actually just wp_ but if you use the DreamHost WordPress installer, the prefix includes some random letters and numbers. It must always end with an underscore, and it's best if the last letter is actually a letter and not a number. Ending with a number does funny things with Multisite:

$table_prefix = 'wp_2hdy121d_';

Language Definitions

WordPress is currently available in many languages besides English. When you install WordPress, you’re given a choice to select your language. If you need to change it later, you can edit your language by changing the define for WPLANG.

Blank means English:


For example, if you wanted to use Canadian English, it would be this:

define('WPLANG', 'en_CA');

You can find a full list at https://translate.wordpress.org/

Visit the following page for further information:

Debug mode

Debug mode defaults to off. View the 'Enabling the WordPress Debug log' article for instructions on how to enable and use this feature.

define('WP_DEBUG', false);

Adding extra defines

If you need to add in extra lines, look for this:

/* That's all, stop editing! Happy blogging. */

NEVER put anything below that line. While it may work, it has a tendency to cause problems.

Here are a few commonly used defines:

  • Prevents anyone from editing plugins/themes from inside the Admin Dashboard:
    define( 'DISALLOW_FILE_EDIT', true );
  • Changes the autosave interval for content:
    define('AUTOSAVE_INTERVAL', 160 );
  • Disables post revisions:
    define('WP_POST_REVISIONS', false );
  • Changes the number of revisions (default is unlimited):
    define('WP_POST_REVISIONS', 3);
  • Tells JavaScript not to mash all the files together:
    define('CONCATENATE_SCRIPTS', false);

Plugins can also add lines to the wp-config.php


/** Enable W3 Total Cache */
define('WP_CACHE', true); // Added by W3 Total Cache

/** Enable W3 Total Cache Edge Mode */
define('W3TC_EDGE_MODE', true); // Added by W3 Total Cache


It the wp-config.php file has gone missing, you can actually rebuild it pretty easily. Grab a copy of the sample from WordPress Core. Just fill in the database settings and the Authentication keys and you'll be able to log back in.

You do not have to use the same keys/salts, so don't worry about that. You can find your database information in the panel:

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?