Tips for your wp-config.php file

The following is a collection of wp-config.php settings and changes that we regularly use and you may find useful. This is by no means exhaustive. See the WordPress Codex for more details.

References:

Set the WP HOME and SITEURL dynamically

This is particularly useful when moving your WordPress site from one domain to another, such as for a staging set up.

/* Custom WordPress URL */
define( 'WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME']);
define( 'WP_HOME', WP_SITEURL);

Set custom paths for wp-content and other WordPress directories

This can be a great security enhancement, but you need to check that all your theme and plugins work correctly.

/* WP directories */
define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); // no trailing slash, full paths only
define( 'WP_CONTENT_URL', WP_SITEURL . '/wp-content');
define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); //no trailing slash, full paths only
define( 'WP_PLUGIN_URL', WP_CONTENT_URL . '/plugins' );
define( 'UPLOADS', 'wp-content/uploads' ); // can not be absolute, always relative to ABSPATH, therefore does not require a leading slash

Completely disable XML-RPC

/*========== disable xmlrpc ==========*/
// This must be added at the very bottom of wp-config.php to work.
add_filter('xmlrpc_enabled', '__return_false'); // use this to completely disble XML-RPC functionality

Set WordPress to compress it's static files

/* Compression */
define( 'COMPRESS_CSS', true );
define( 'COMPRESS_SCRIPTS', true );
define( 'CONCATENATE_SCRIPTS', true );
define( 'ENFORCE_GZIP', true );

Force SSL

/* SSL */
define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );

Want a Trash for the Media Library?

/* Media Trash */
define( 'MEDIA_TRASH', true );

Set the cookie domain

/* Cookies */
define( 'COOKIE_DOMAIN', 'www.yourwebsite.com'); // cookie domain

Control the file editors within the WP Admin

/* Editing */
define( 'DISALLOW_FILE_EDIT', true); // disable the editing of theme and plugin files
define( 'DISALLOW_FILE_MODS', true); // disable installing new themes and plugins, and updating them

Debug stuff for developers

/* WordPress debug mode for developers */
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true );
define( 'SCRIPT_DEBUG', true );
define( 'SAVEQUERIES', true );

Don't get default themes from WordPress auto-updates

define( 'CORE_UPGRADE_SKIP_NEW_BUNDLED', true ); // skip wp-content when updating (no default theme updates)
Was this answer helpful? 4 Users Found This Useful (131 Votes)