Useful WordPress Configuration tricks that you may not know

wp-config.php is the single most important file in your entire WordPress installation. This file can be used to configure database functionalities, enhance performance, and improve security on all WordPress powered websites and blogs. In this article, we will share some of the most useful WordPress configuration tricks that you may not know yet.

By default, WordPress installation does not come with a file wp-config.php. The default install comes with a sample file known as wp-config-sample.php. You must use this file as a sample to create the actual wp-config.php before you can setup your blog. Most users never do this manually because WordPress lets you do it automatically from their installation setup. In that setup, you are adding/modifying key WordPress configurations. So first, we will walk you through what the default setup lets you do.

Database Host

The first step would be something like this:

There you enter some of the key information. The info there lets WordPress connect with a database. Anything you enter in the setup will be added in your wp-config.php as:

define('DB_NAME', 'database-name');
define('DB_USER', 'database-username');
define('DB_PASSWORD', 'database-password');
define('DB_HOST', 'localhost');

By default, the database host is localhost because it works with most hosts. But there are hosts that has different configuration, so you will need to modify this if you are using another one.

One of the coolest trick for wp-config.php was the ability to detect the database host:


Paste the code above, and it will most likely grab the database server. For this, you would have to manually edit the wp-config.php file though.

Security Keys

WordPress Security Keys is a set of random variables that improve encryption of information stored in the user’s cookies.

These can be added in the wp-config.php as so:

define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

You can grab the unique keys by going to this page.

Database Prefix

When you are installing WordPress using the wizard, one of the options is to select the Table prefix. That is stored in wp-config.php file as:

$table_prefix = 'wp_';

We recommend that you use something other than wp_ to add extra work for the hackers. Although if you already have WordPress setup, then don’t just change the prefix like this.

Language Configuration

By default, English is the localized language of WordPress, but it can be changed to your native language with these:

define('WPLANG', '');
define('LANGDIR', '');

The language translation file (.mo) must be placed in the default location which is assumed to be wp-content/languages (first) and then wp-includes/languages (second). As you can see in the function above, you can define your own language directory if you like. To find WordPress in your language, please check out the official WordPress Codex page.

Blog/Site Address

In your WordPress Settings, you specify the WordPress address and the site address. Those are added in your database, and every time the developer calls it in the template, it is running a database query. In WordPress 2.2, these two settings were introduced to override the database values without changing them:

define('WP_HOME', '');
define('WP_SITEURL', '');

By adding these in your wp-config.php, you are reducing the number of database queries thus increasing your site’s performance.

Override File Permissions

You can override file permissions, if your host has restrictive permissions for all user files. Most of you do not need this, but it exists for those who need it.

define('FS_CHMOD_FILE', 0644);
define('FS_CHMOD_DIR', 0755);

Post Revisions

In the recent versions of WordPress, there is a super awesome feature called Post Revisions. This function auto-saves posts just incase if your browser crash, or something else happen. It also allows users to restore back to previous versions if they don’t like the changes and so on. While a lot of us love this feature, some of us really hate it with a passion. This function has numerous configuration, so you can make it work just right for you.

The Auto-Save Configuration

By default WordPress saves post every 60 seconds, but if you think that is way too much, then you can modify it to your likings with this configuration:

define('AUTOSAVE_INTERVAL', 120); // in seconds

Some posts have 10s, 20s, or even 100 post revisions depending on the blog owner. If you think that feature annoys you, then you can limit the number of revisions per post.

define('WP_POST_REVISIONS', 5);

You can use any integer you like there.
If none of the settings above satisfies you, then you can simply disable the post revisions feature by adding this function:

define('WP_POST_REVISIONS', false);

WordPress Trash Feature

This feature works just like the recycling bin, so instead of deleting the post permanently, you would send it to the trash. This helped those users who accidently click on Delete button, and it can be any of us. The bad part about this trash feature is that you have to empty the trash regularly. By default the trash empties itself every 30 days. You can modify that by using the following function:

define('EMPTY_TRASH_DAYS', 7 ); //Integer is the amount of days

If you do not like this feature, then you can disable it by adding the function below:

define('EMPTY_TRASH_DAYS', 0 );

But remember, if you keep the value to 0, then WordPress would not ask for confirmation when you click on Delete Permanently. Any accidental click could cost you…

FTP/SSH Constants

By default, WordPress allow you to upgrade plugins, and WordPress core versions from within the backend. There are some hosts that requires an FTP or SSH connection everytime you try to upgrade, or install a new plugin. By using the codes below, you can set the FTP or SSH constants and never have to worry about it again.

// forces the filesystem method: "direct", "ssh", "ftpext", or "ftpsockets"
define('FS_METHOD', 'ftpext');
// absolute path to root installation directory
define('FTP_BASE', '/path/to/wordpress/');
// absolute path to "wp-content" directory
define('FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/');
// absolute path to "wp-plugins" directory
define('FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/');
// absolute path to your SSH public key
define('FTP_PUBKEY', '/home/username/.ssh/');
// absolute path to your SSH private key
define('FTP_PRIVKEY', '/home/username/.ssh/id_rsa');
// either your FTP or SSH username
define('FTP_USER', 'username');
// password for FTP_USER username
define('FTP_PASS', 'password');
// hostname:port combo for your SSH/FTP server
define('FTP_HOST', '');

Auto Database Optimization

To enable this feature, you would need to use the following function:

define('WP_ALLOW_REPAIR', true);

Once activated, you can see the settings on this page:

The user does not need to be logged in to access this functionality when this define is set. This is because its main intent is to repair a corrupted database, Users can often not login when the database is corrupt. So once you are done repairing and optimizing your database, make sure to remove this from your wp-config.php.

Increase PHP Memory Limit

There is a common WordPress Memory Exhausted Error that users have seen when activating some plugin. You can increase the PHP Memory Limit through wp-config.php file. Simply paste the code below:

define('WP_MEMORY_LIMIT', '128M');

Note: This feature may not work with some web hosts, so you would have to ask them (beg them) to increase your PHP Memory limit.

WordPress Error Log

For developers, it is useful to have an error log for a site. You can easily create a simple error log for a WordPress powered website by using wp-config.php file. First create a file called “php_error.log”, make it server-writable, and place it in the directory of your choice. Then edit the path in the third line of the following code:


Move your wp-content Directory

So you can move your wp-content directory. It helps with site security. You can do move your wp-content directory by adding the following code in your wp-config.php file:

define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' );
define( 'WP_CONTENT_URL', 'http://example/blog/wp-content');
define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' );
define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');

We have the plugin directory defined because some plugins might not work if you do not define it specifically.

Custom User / UserMeta Tables

By default, WordPress saves all user data in the tables wp_users and wp_usermeta. By using the function below, you can specify the table where you want your user information stored.

define('CUSTOM_USER_TABLE', $table_prefix.'my_users');
define('CUSTOM_USER_META_TABLE', $table_prefix.'my_usermeta');

Securing Your WP-Config File

As you can see, this file is SUPER IMPORTANT therefore it needs extra security. By default it is located in the root WordPress folder, but you can move it. It can be moved outside your public_html directory, so users cannot access it. WordPress knows by default to look in other directories, if the files is not found in the WordPress root folder. You can also use .htaccess file to limit access to this file.

Add the following code:

# Protect wp-config.php
<Files wp-config.php>
    order allow,deny
    deny from all

Enable Multi-Site Network

To enable the multi-site network functionality, you have to add the following code in your wp-config.php file.

define('WP_ALLOW_MULTISITE', true);

Once you add this code, there will be a new page in your wp-admin called “Network” located in Tools » Network.

You will have to follow the directions on that page to continue the setup of the MU Network.

Fix WordPress Issue “Sorry, this file type is not permitted for security reasons.” (eg: svg, fonts, etc.)

Sometimes in WordPress site you try to upload file and got the error message “Sorry, this file type is not permitted for security reasons.” as shown in the following screenshots which results in not allowing you to upload that file.
This happens because by default WordPress allows users to upload only any of the following file types and if you try to upload any other file types then you get the error message “Sorry, this file type is not permitted for security reasons.”.
You can find a full list of permitted files here
To allow file types to upload other than listed above, you can fix the issue to set


constant to ‘true’ – just add the line of the code above in the wp-config.php file of your WordPress installation which you will find in the root directory.

The End

And finally, always use the latest version of WordPress and all of your installed themes and plugins. Keep safe your login and password credentials which you are using and change them periodically.

Let’s Work Together


Every day, we strive to assist a websites of our clients in augmenting their brand’s online visibility, improving the work any parts of web resources, increasing reach & engagement with a target audience and eventually drive sales.