ZeroToWP

wp-config.php

Quick Definition

wp-config.php is the most important configuration file in WordPress. It contains your database credentials, security keys, and core settings that WordPress needs to connect to your database and run.

WordPress developer documentation for wp-config.php — the main configuration file

What Is wp-config.php?

According to the official WordPress documentation, wp-config.php is "one of the most important files in your WordPress installation." It contains your website's base configuration details — most critically, the information WordPress needs to connect to your MySQL database.

The file lives in the root directory of your WordPress installation. It's created during installation when you copy wp-config-sample.php and fill in your settings.

Core settings:

  • Database credentials: DB_NAME, DB_USER, DB_PASSWORD, DB_HOST
  • Security keys and salts — 8 unique random strings for cookie encryption
  • Table prefix — default wp_
  • DB_CHARSET — default utf8

wp-config.php in Practice

Powerful features you enable here:

  • WP_DEBUG — debug mode for troubleshooting
  • FORCE_SSL_ADMIN — forces HTTPS on admin
  • WP_ALLOW_MULTISITE — enables Multisite
  • DISALLOW_FILE_EDIT — disables theme/plugin editor (security)
  • WP_MEMORY_LIMIT — increases PHP memory

Never use a word processor to edit this file. Access via SFTP or file manager. A typo can take your site offline.

Why It Matters

wp-config.php holds your database password and controls critical features. See our security guide and file permissions guide.

Related Terms

MultisiteWordPress Multisite lets you run multiple independent WordPress sites from a single installation. All sites share the same codebase, plugins, and themes, but have their own content and settings.MySQLMySQL is the open-source database system that WordPress uses to store all your content — posts, pages, comments, settings, and user data. It works behind the scenes, managed by your hosting provider.PHPPHP is the server-side programming language that WordPress is built with. It processes your WordPress code on the server and generates the HTML pages that visitors see in their browser.

Related Articles

WordPress File Permissions — Security Best Practices ExplainedWrong file permissions are one of the most overlooked WordPress security holes. I've seen sites hacked because wp-config.php was world-readable. Here's exactly what every file and folder should be set to, and how to fix it.WordPress Security Guide: 12 Steps to Protect Your SiteWordPress doesn't get hacked because it's insecure — it gets hacked because people skip basic precautions. Here are the 12 security steps I follow on every site I build, ranked by importance.How to Migrate WordPress to a New Host — 3 Methods (Without Losing Anything)A step-by-step guide to migrating your WordPress site to a new host using All-in-One WP Migration, Duplicator, or manual FTP — with pre-migration checklists, post-migration verification steps, and fixes for the most common problems.
← Back to WordPress Glossary