wp-config.phpThe file is a configuration file in the WordPress site that has nothing to do with the database. The installation settings of the WordPress website are all in this file. In this article, I will share with you some very practical configuration tips to help improve the security and performance of the WordPress website.
Keep your site database lean
In larger WordPress sites, it’s important to keep your database lean and clean, andWordPress databaseSome non-essential data is saved in it, such as cache and article versions.
We can very simply limit the number of article versions to prevent article versions from taking up too much database space and slowing down database performance. existwp-config.phpAdd the following line of code to the file to limit the number of historical versions of an article to 3. For websites that do not frequently modify articles, 3 historical versions of articles are enough.
define('WP_POST_REVISIONS', 3);If you feel that your site does not need this feature, you can use the following code to completely disable the article history version feature.
define( 'WP_POST_REVISIONS', false );WordPress saves articles, pages, attachments, and comments that are moved to the recycle bin in the database. By default, WordPress will automatically clean up the data in the recycle bin after 30 days. We can customize the time that these data are saved in the recycle bin. The following code sets this time to 1 day. One day after the data is moved to the recycle bin, it will be automatically cleaned.
define( 'EMPTY_TRASH_DAYS', 1 );When editing an image in the background, WordPress will create a copy of the original image so that we can restore it at any time. We can change this behavior through settings and let WordPress directly overwrite the original image when editing an image to save server space and directly define constants.IMAGE_EDIT_OVERWRITEThe value is TRUE.
define( 'IMAGE_EDIT_OVERWRITE', true );improveWordPress securitysex
If your host pays for SSL, in order to ensure that the login account password is not leaked, we should enable forced SSL login for WordPress to encrypt the username and password data during the login process.wp-config.phpThis function can be achieved by adding the following configuration to the file.
define('FORCE_SSL_LOGIN', true);At the same time, we can also set up the entire WordPress backend to use the SSL protocol.
define('FORCE_SSL_ADMIN', true);Prevent non-technical customers from accidentally damaging the program
When developing WordPress sites for customers who are not technical, there are often customers who accidentally modify the WordPress theme or plug-in code in the background, or even delete the theme or plug-in, causing damage to the site. In fact, for customers who do not understand technology, it is not necessary to allow them to modify the code or website program files in the background. It is also very dangerous. If the website is accidentally damaged, it will only cause unnecessary trouble for both parties. In order to solve this problem, WordPress provides us with a configuration that allows us to disable all functions of modifying program files in the background, including theme plug-in installation, modification, upgrade and other operations.
existwp-config.phpAdding the following code to the file will disable all background program file modification operations, and publishing articles and uploading files will not be affected.
define('DISALLOW_FILE_EDIT', true);
define('DISALLOW_FILE_MODS',true);Another mistake that causes WordPress sites to be insecure is that customers often do not take the initiative to upgrade the WordPress core, themes, and plug-ins, because customers may not know what they are used for and whether the upgrade will damage the website. In this case, it is our responsibility to ensure that WordPress is updated to the latest version at all times. Setting the following code can allow WordPress to automatically update to the latest version in time when a new version is available. WordPress themes and plugins update automatically by default.
define('WP_AUTO_UPDATE_CORE', true);FTP settings
When the PHP process does not have write permissions to the WordPress site directory, the WordPress site will prompt you to fill in the FTP credentials every time the site is updated. We can actually save a lot of time by using wp-config.php to remember the FTP login information. The following three constants will tell WordPress what your FTP host, username, and password are. This way we don’t have to submit this information every time we upgrade.
define('FTP_HOST', 'ftp.yoursite.com');
define('FTP_USER', 'Your_FTP_Username');
define('FTP_PASS', 'Your_FTP_password');Some quality hosting companies will provide us with SSL FTP. If our host supports SSL FTP, please make sure to turn on the SSL FTP connection to add extra security.
define('FTP_SSL', true);Program debugging
When an error occurs on our website, we can turn on the debug mode in wp-config.php to view the specific information of the error to facilitate troubleshooting.
define('WP_DEBUG', true);Since having errors displayed on your site affects visitor browsing, a more elegant way to debug is to use debug logging. In WordPress, implementing this functionality is easy: after setting WP_DEBUG to true, set WP_DEBUG_LOG to true, which will cause WordPress to save any PHP error or warning information to the wp-content directory.
define( 'WP_DEBUG_LOG', true );If the website’s database is damaged, we can set it up to allow WordPress to repair itself.WP_ALLOW_REPAIRfortrueThat’s it.
define( 'WP_ALLOW_REPAIR', true );Please note that the above constants are only used when debugging the site. Once you find and solve the problem, remember to set the above constant value tofalse!
Improve performance
wp-config.phpThe file allows us to tweak some tweaks to ensure better performance from WordPress. The first step is to increase the maximum memory allowed to be used by WordPress. Please note that this setting is useless if your hosting provider limits memory.
define('WP_MEMORY_LIMIT', '96M');If there are other programs running on our server at the same time, we can limit the amount of memory used by WordPress to prevent WordPress from using too much memory and affecting the work of other programs.
define( 'WP_MAX_MEMORY_LIMIT', '256M' );The above are the wp-config.php configuration tips I found while using WordPress, which are very useful. If I get other practical tips later, I will continue to update here.
