Download a wp-config.php file

Since it is quite easy to know the default prefix and hack your site, You can change the default table prefix to save your site from the hackers.

So, we suggest you change this prefix during the installation process and use only numbers, letters and underscore for this. As we know, Debugging in WordPress is the process of identifying errors in code. When you have faced problems with your WordPress website, the debugging function will help you to find out the issue on your site.

By default, the settings mode is disabled in the wp-config. If you want to view all the error message on your site, you have to enable the debugging mode as change the function as true, as follows:. The last part of the wp-config. Furthermore, it defines the absolute path to your WordPress directory.

Here, we recommend you not to change anything about these settings. There are some additional settings may exist in your wp-config. So, Before making any changes, make sure that you understand those settings clearly. Yes No Compresses JavaScript. Concatenate Scripts Choose Forces gzip Compressoin Choose Yes No Forces gzip for compressoin of data sent to browsers.

Disable Cron Choose Yes No Disable the WordPress cron entirely. Alternate Cron Choose Yes No Set an alternate WordPress cron. You can also see a sample of this file here. Each section of wp-config. Almost all settings here are defined using PHP Constants. You will need your MySQL host, database name, database username and password to fill in this section.

Authentication unique keys and salts are security keys that help improve security of your WordPress site. These keys provide a strong encryption for user sessions and cookies generated by WordPress. See our guide on WordPress Security Keys for more information. You can generate WordPress security keys and paste them here. This is particularly useful if you suspect your WordPress site may have been compromised. Changing security keys will logout all currently logged in users on your WordPress site forcing them to login again.

It is recommended that you change your WordPress database table prefix to something random. This will make it difficult for hackers to guess your WordPress tables and will save you from some common SQL injection attacks. Please note that you cannot change this value for an existing WordPress site. Follow the instructions in our how to change the WordPress database prefix article to change these settings on an existing WordPress site. This setting is particularly useful for users trying to learn WordPress development, and users trying experimental features.

Simply setting the debug mode to true will show you these notices. This provides crucial information to developers to find bugs. The last part of wp-config file defines the absolute path which is then used to setup WordPress vars and included files. There are some other wp-config. You can also change these URLs using wp-config.

This comes handy if you are unable to access the WordPress admin area due to error too many directs issue. Simply add these two lines to your wp-config. You also need to keep in mind that search engines treat www.

If your site is indexed with www prefix then you need to add your domain name accordingly. If you want to store your media files in someother location then you can do so by adding this line of code in your wp-config.

Adding an absolute path here will not work. See out detailed guide on how to change default media upload location in WordPress for more information. WordPress introduced automatic updates in WordPress 3. It allowed WordPress sites to automatically update when there is a minor update available. While automatic updates are great for security, but in some cases they can break a WordPress site making it inaccessible.

Adding this single line of code to your wp-config. See our tutorial on how to disable automatic updates in WordPress for more information. WordPress comes with built-in autosave and revisions. See our tutorial on how to undo changes in WordPress with post revisions. However, if you run a large site revisions can increase your WordPress database backup size.

Add this line of code to your wp-config. Replace 3 with the number of revisions you want to store. WordPress will now automatically discard older revisions. However, your older post revisions are still stored in your database. See our tutorial on how to delete old post revisions in WordPress. We hope this article helped you learn how to edit wp-config. Leaving the value blank null will insure the collation is automatically assigned by MySQL when the database tables are created.

And you may be in need of a WordPress upgrade. You can change these at any point in time to invalidate all existing cookies. This does mean that all users will have to login again. A secret key makes your site harder to successfully attack by adding random elements to the password. In simple terms, a secret key is a password with elements that make it harder to generate enough options to break through your security barriers. The four keys are required for the enhanced security.

The four salts are recommended, but are not required, because WordPress will generate salts for you if none are provided. They are included in wp-config. For more information on the technical background and breakdown of secret keys and secure passwords, see:.

The following sections may contain advanced information and some changes might result in unforeseen issues. Please make sure you practice regular backups and know how to restore them before modifying these settings. Typically this is changed if you are installing multiple WordPress blogs in the same database, as is done with the multisite feature.

It is possible to have multiple installations in one database if you give each a unique prefix. Keep security in mind if you choose to do this. The value defined is the address where your WordPress core files reside.

Setting this value in wp-config. Adding this in can reduce the number of database calls when loading your site. Note: This will not change the database stored value. The URL will revert to the old database value if this line is ever removed from wp-config. Remember, you will also be placing an index. You can move the wp-content directory, which holds your themes, plugins, and uploads, outside of the WordPress application directory.

You cannot move the themes folder because its path is hardcoded relative to the wp-content folder:. See how to move the wp-content folder. This path can not be absolute. When editing a post, WordPress uses Ajax to auto-save revisions to the post as you edit. You may want to increase this setting for longer delays in between auto-saves, or decrease the setting to make sure you never lose changes.

The default is 60 seconds. Consequently, Pen-Testing a WordPress site has become essential in order to keep it secure from attacks. Penetration Testing is a simulated attack performed against a web application, network, or computer system to evaluate its security and find any vulnerabilities it has prior to an attacker thus helping in protecting it.

One of the different simulated attacks carried out while Pen-Testing a WordPress site would be to check for Directory Listing vulnerability that basically indexes sensitive directories such as wp-includes, wp-index. Tags: wordpress file permissions , Wordpress files , Wordpress firewall , Wordpress hacked , Wordpress security audit , wp-config.

This site uses Akismet to reduce spam. Learn how your comment data is processed. Hello really post, please i have a question. Hello Hendrick! We make security simple and hassle-free for thousands of websites and businesses worldwide. Our suite of security products include firewall, malware scanner and security audits to protect your site from the evil forces on the internet, even when you sleep.

All Rights Reserved. Privacy Policy Terms of Service Report a vulnerability. Find out in 15 seconds. Shikhil Sharma 13 mins read. This Blog Includes show. Are you next? We can help! See our Intelligent Firewall and Malware Scanner in action. Was this post helpful? Immediate Malware Cleanup Check out the demo. How to repair a hacked WordPress website. Malicious code found to be inserted in the index. An example of gibberish inserted into header.

Is your WordPress site hacked? Astra has helped thousands of WordPress sites get rid of hack in no time. Get Immediate Malware Removal.