The file is located in the root directory of your WordPress installation (usually public_html or www ). It executes before the rest of the WordPress core loads, making it the ideal place to define global constants and system rules. Core Database Configuration
: Always use the WordPress Salt Generator to fill the AUTH_KEY section. This salts your passwords and cookies. 3. Debugging & Maintenance Handy "pieces" for when things go wrong.
WordPress uses security keys and salts (like AUTH_KEY , SECURE_AUTH_KEY , LOGGED_IN_KEY , NONCE_KEY , and their salts) to encrypt information stored in user cookies, making it much harder for hackers to compromise login credentials. You can generate a completely new set of random, unique keys and salts from the WordPress.org secret-key service.
<?php // ** Database settings - You can get this info from your web host ** // define( 'DB_NAME', 'your_database_name' ); define( 'DB_USER', 'your_database_user' ); define( 'DB_PASSWORD', 'your_database_password' ); define( 'DB_HOST', 'localhost' ); wp config.php
If your site experiences the "Fatal Error: Allowed Memory Size Exhausted" error due to resource-heavy plugins, you can raise the maximum PHP memory limit directly:
If your site handles heavy processes, complex plugins (like WooCommerce), or page builders, you may encounter a "Memory Exhausted" error. You can manually boost the memory limit allotted to WordPress:
Never invent these keys yourself. Instead, visit the official WordPress.org Secret Key Generator to generate a random, high-entropy set of keys, and paste them directly into your file. The file is located in the root directory
// Enable debugging, log to file, but hide from screen define( 'WP_DEBUG', true ); define( 'WP_DEBUG_LOG', true ); define( 'WP_DEBUG_DISPLAY', false );
A single missing semicolon ( ; ) or quotation mark ( ' ) will trigger a White Screen of Death (WSD) on your website. 4. Anatomy of a Standard wp-config.php File
A few lines of code can help keep your database lean and your site fast: This salts your passwords and cookies
define( 'FORCE_SSL_ADMIN', true );
wp-config.php is small but mighty. Understanding its constants separates casual WordPress users from professionals who can optimize, secure, and debug with confidence. Treat it like you would an SSH private key: keep it secret, keep it safe, and know exactly what each line does.
You can add specific define constants to wp-config.php to change how WordPress behaves. These must be added above the line that says /* That's all, stop editing! Happy publishing. */ .
