The following is a collection of wp-config.php
settings and changes that we regularly use and you may find useful. This is by no means exhaustive. See the WordPress Codex for more details.
References:
- prex.wordpress.org/Editing_wp-config.php
- www.askapache.com/wordpress/advanced-wp-config-php-tweaks.html
Set the WP HOME and SITEURL dynamically
This is particularly useful when moving your WordPress site from one domain to another, such as for a staging set up.
/* Custom WordPress URL */
define( 'WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME']);
define( 'WP_HOME', WP_SITEURL);
Set custom paths for wp-content and other WordPress directories
This can be a great security enhancement, but you need to check that all your theme and plugins work correctly.
/* WP directories */
define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); // no trailing slash, full paths only
define( 'WP_CONTENT_URL', WP_SITEURL . '/wp-content');
define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' ); //no trailing slash, full paths only
define( 'WP_PLUGIN_URL', WP_CONTENT_URL . '/plugins' );
define( 'UPLOADS', 'wp-content/uploads' ); // can not be absolute, always relative to ABSPATH, therefore does not require a leading slash
Completely disable XML-RPC
/*========== disable xmlrpc ==========*/
// This must be added at the very bottom of wp-config.php to work.
add_filter('xmlrpc_enabled', '__return_false'); // use this to completely disble XML-RPC functionality
Set WordPress to compress it's static files
/* Compression */
define( 'COMPRESS_CSS', true );
define( 'COMPRESS_SCRIPTS', true );
define( 'CONCATENATE_SCRIPTS', true );
define( 'ENFORCE_GZIP', true );
Force SSL
/* SSL */
define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );
Want a Trash for the Media Library?
/* Media Trash */
define( 'MEDIA_TRASH', true );
Set the cookie domain
/* Cookies */
define( 'COOKIE_DOMAIN', 'www.yourwebsite.com'); // cookie domain
Control the file editors within the WP Admin
/* Editing */
define( 'DISALLOW_FILE_EDIT', true); // disable the editing of theme and plugin files
define( 'DISALLOW_FILE_MODS', true); // disable installing new themes and plugins, and updating them
Debug stuff for developers
/* WordPress debug mode for developers */
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true );
define( 'SCRIPT_DEBUG', true );
define( 'SAVEQUERIES', true );
Don't get default themes from WordPress auto-updates
define( 'CORE_UPGRADE_SKIP_NEW_BUNDLED', true ); // skip wp-content when updating (no default theme updates)