Group Admins

  • Profile picture of Steve

WordPress Troubleshooting and Support

Public Group active 3 months, 3 weeks ago ago

WordPress support from our community

wp-config.php file question

This topic contains 1 reply, has 2 voices, and was last updated by  D.K. Smith 2 years, 9 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #3292

    Dawn Reel
    Participant

    Normally when I make a wp-config.php file I will just put:

    define( ‘WP_MEMORY_LIMIT’ , ‘256M’);

    Then I saw online I saw https://generatewp.com/wp-config/ and it included:

    <?php
    /**
    * Custom WordPress configurations on “wp-config.php” file.
    *
    * This file has the following configurations: MySQL settings, Table Prefix, Secret Keys, WordPress Language, ABSPATH and more.
    * For more information visit {@link https://codex.wordpress.org/Editing_wp-config.php Editing wp-config.php} Codex page.
    * Created using {@link http://generatewp.com/wp-config/ wp-config.php File Generator} on GenerateWP.com.
    *
    * @package WordPress
    * @generator GenerateWP.com
    */

    /* MySQL settings */
    define( ‘DB_NAME’, ‘database_name_here’ );
    define( ‘DB_USER’, ‘username_here’ );
    define( ‘DB_PASSWORD’, ‘password_here’ );
    define( ‘DB_HOST’, ‘localhost’ );
    define( ‘DB_CHARSET’, ‘utf8mb4’ );

    /* MySQL database table prefix. */
    $table_prefix = ‘wp_’;

    /* Authentication Unique Keys and Salts. */
    /* https://api.wordpress.org/secret-key/1.1/salt/ */
    define( ‘AUTH_KEY’, ‘put your unique phrase here’ );
    define( ‘SECURE_AUTH_KEY’, ‘put your unique phrase here’ );
    define( ‘LOGGED_IN_KEY’, ‘put your unique phrase here’ );
    define( ‘NONCE_KEY’, ‘put your unique phrase here’ );
    define( ‘AUTH_SALT’, ‘put your unique phrase here’ );
    define( ‘SECURE_AUTH_SALT’, ‘put your unique phrase here’ );
    define( ‘LOGGED_IN_SALT’, ‘put your unique phrase here’ );
    define( ‘NONCE_SALT’, ‘put your unique phrase here’ );

    /* PHP Memory */
    define( ‘WP_MEMORY_LIMIT’, ‘128M’ );

    /* Absolute path to the WordPress directory. */
    if ( !defined(‘ABSPATH’) )
    define(‘ABSPATH’, dirname(__FILE__) . ‘/’);

    /* Sets up WordPress vars and included files. */
    require_once(ABSPATH . ‘wp-settings.php’);

    I was thinking this would be so unsafe, what if someone hacked into this file! Why put all this info together, isn’t that unsafe?

    It would be an awesome short topic at a meeting to have code folks to put in their .htaccess file to make it safer. And what should wp-config.php and PHP.ini files have in them?

    Thank you for any answers or pointing to any trustworthy answers (I see diff answers online but don’t know who to trust).

    #3293

    D.K. Smith
    Participant

    Hi Dawn,

    LTNS! The default wp-config.php file includes the settings spec.

    A vast number of things can be configured/specified in wp-config. Basic example: you can disable post revisions by adding, define(‘WP_POST_REVISIONS’, false);

    PHP.ini files are typically protected by Apache server settings.

    Standard practice at WPSecurity.com is to move wp-config.php files up one level above the public_html folder, which makes wp-config quite hard to access from outside. WP auto-finds the file, no special code required.

    More can be done to secure wp-config however, that’s part of our secret sauce. Email me and I’ll share a bit, since thanks to you I’ve been wearing out my Garner vinyl, LOL!

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.