Last Updated 5 Jul 2024
|

How To Edit wp-config.php in WordPress (Step by Step Guide)

Quick Summary ↪ Learn how to safely edit your WordPress wp-config.php file. Its key sections include MySQL settings, authentication keys, database table prefix, debugging mode, and absolute path settings. Discover how to locate the file using cPanel, FTP, or plugins. Always back up before making changes!

How to edit WP config file

The wp-config file is a powerful core WordPress file that can be used for a range of purposes. While it’s vital for running your website, you will also need to edit it.

That’s what this post is all about.

For example, you may need to change the default configuration of your site to add an extra layer of security. If you get the common “error establishing database connection” error message, you’ll also need to modify the wp-config.php file.

Whatever your reason for wanting to learn more about the wp-config.php file, this article is the perfect place to get started.

Before we get started, take note: editing the wp-config file is delicate work. A single error can break your website.

But don’t worry, if you follow all the steps we’ll show you, you’ll be a pro by the end!

What Is the wp-config File in WordPress?

Every WordPress installation consists of a series of files that determine how it works. The wp-config file is one of the most important of these files.

The wp-config file includes core configuration settings essential for the functioning of WordPress. That includes where to find the database, login credentials and other essential information.

The file can also store essential information for plugins.

When a user takes any action on a WordPress website, WordPress must communicate with the website’s database in order to process the request.

It uses the wp-config file to do that.

For example, if you use web caching, the cache plugin will store essential information in wp-config. If you use encryption, the file contains the default security keys for your WordPress website.

While most important WordPress files are created by default once a new WordPress installation is created, the wp-config file is not.

Instead, a fresh WordPress installation will come with a file named wp-config-sample.php.

As you set up your fresh WordPress installation, the data you provide will be used to create the wp-config.php file. Alternatively, you can skip this step by creating your wp-config file manually.

To do this, you will need to locate the wp-config-sample.php file and paste in the relevant details.

We’ll show you how to do that in a little while.

Where Is the wp-config File in WordPress?

To make changes to your wp-config.php or wp-config-sample.php file, you need to find it first!

This is easy to do using either cPanel or File Transfer Protocol (FTP).

We’ll walk you through both methods.

Before you begin, you must do what every professional WordPress user should. Create a backup!

Regularly updated backups of your website and its contents means that even if you inadvertently break your website, you can bring it back to life with the click of a button.

There are several ways to create a backup, which we have covered in detail previously.

As we are only modifying a single file, it makes sense to back up that file rather than your entire website.

Locating wp-config Using cPanel

If you would like to do this using cPanel, your web hosting service will likely have sent you a link to your cPanel in your welcome email.

Log into cPanel and then navigate to File Manager and then to the public_html folder. You will see a series of files.

Go to cPanel file manager

Look for wp-config.php and click on it. The file won’t open when you click on it, but you can open it by navigating to the menu bar and clicking edit or right clicking the file.

Before you make any changes to wp-config, make a copy.

  1. Right click the file and select Copy
  2. Name it wp-config.bak and save the file
  3. Select your original wp-config file again
  4. Once you have clicked on edit from the menu bar, a popup should appear with yet another Edit button. Click on this to get started.

Now that you know how to find the wp-config.php file using cPanel, we’ll walk you through another method of finding it, and then we’ll show you how to edit it safely.

If anything goes wrong, delete the edited wp-config file and rename wp-config.bak to wp-config. Your website should begin working again right away.

Locating wp-config Using FTP

FTP is the other way for webmasters to upload content onto their web server.

WordPress and other Content Management Systems have made content management much simpler, completely bypassing the need for FTP in uploading or downloading content from your website.

That said, there are still some occasions when FTP comes in handy.

A good example is when you’re faced with a need to edit your wp-config.php file. To use FTP for this, you’re going to need to download an FTP client. This is a simple piece of software designed specifically for it.

The most popular FTP client, and one that we recommend, is Filezilla.

Begin by installing Filezilla on your computer.

To connect with your server, you will need your server’s IP address, as well as your FTP username and password. Your hosting service provider will usually provide you with these details.

Once you have Filezilla installed, click on Site Manager > New Site > My Website Name.

Here, you will enter the name of your website.

Filezilla interface

Once this is done, you will need to enter the following details:

  • Host: Your server IP address
  • Port: 21
  • User: your cPanel username

You won’t need to bother with the other settings. Go ahead and click Connect.

Then enter your password and click Ok.

You should then connect with your server where you will find your wp-config file in the public_html folder.

How to Edit the wp-config File Safely

Once you have found wp-config using either cPanel or FTP, your next step will be safely editing it.

As we pointed out previously, even a slight error in the wp-config file can lead to a broken website so be careful.

Here’s what the wp-config file should look like ordinarily:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/Editing_wp-config.php
 *
 * @package WordPress
 */
 
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
 
/** MySQL database username */
define('DB_USER', 'username_here');
 
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
 
/** MySQL hostname */
define('DB_HOST', 'localhost');
 
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
 
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
 
/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');
 
/**#@-*/
 
/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';
 
/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define('WP_DEBUG', false);
 
/* That's all, stop editing! Happy blogging. */
 
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');
 
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

If you look closely, you’ll see that the wp-config file is made up of several sections. These are:

MySQL

wp config mysql setting

MySQL is a database administration system that uses Structured Query Language (SQL) to manage databases. One of the main uses of the wp-config file is for configuring the database connection. These details will be configured in the MySQL portion of the wp-config file.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

Authentication Keys and Salts

authentication keys and salts

Authentication keys and Salts can be used by WordPress to provide layers of encryption. They ensure the integrity of user sessions and WordPress-generated cookies.

/**#@+
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

WordPress Database Table Prefix

wpconfig table prefix

This section of the wp-config file provides additional security options. One way hackers commonly target WordPress websites is by injecting malicious code into exposed WordPress databases.

You can make your database harder to attack by changing the default wp_prefix in the wp-config file to something random.

/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';

WordPress Debugging Mode

WordPress debugging mode

WordPress debugging mode is a useful feature that helps with troubleshooting common WordPress errors. By default, PHP, the core language that powers WordPress, provides detailed error messages, but these are silenced in the wp-config.php file.

To turn them back on, you can do this in numerous ways such as by using a plugin, by manually editing the wp-config file in cPanel, or through FTP.

/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', false );

To turn WordPress debugging mode on, simply add this line of code to the wp-config file:

define(‘WP_DEBUG’, true);

Once you are done with troubleshooting, you can switch debugging mode off with the following line of code:

define(‘WP_DEBUG’, false);

Absolute Path Settings

WP Config absolute path settings

An absolute path is simply the place on a computer or server where a particular directory or folder is stored. You typically shouldn’t edit this portion of your wp-config file.

Creating Your Own wp-config File

Now that you know how to get into the wp-config file and what to expect when you get there, your next steps depend on your objectives.

For users trying to manually create the wp-config file, one of the most important things to do is configure the database settings in the MySQL section of the wp-config file.

You’ll need certain details. These will be unique to your website and hosting provider.

They are:

  • Database Name
  • Database Username
  • Database Password
  • Database Host

These details can be provided by your hosting service. You can also find them in cPanel.

To do this, log into cPanel using the steps we previously described.

Navigate to Databases and then click on MySQL Databases. You should find the relevant database values within.

Once you have these details ready, navigate to your wp-config file and take these steps:

Set Database Name

Using the details collected from your hosting service provider, find ‘database_name_here’ and replace it with the name of the database. You will do something similar for the other three values as shown below.

Set Database User

Replace ‘username_here’ with the username provided by your hosting service.

Set Database Password

Replace ‘password_here’ with the username provided by your hosting service.

Set Database Host

Replace ‘localhost’ with the username provided by your hosting service.

There is one additional step to take when editing or creating the database host name. If your hosting provider uses alternate ports, you need to specify the port number or the Unix socket file path in use.

Ports and file paths are really just what their names imply. They are channels that allow for the flow of traffic over the internet.

Each port is assigned a number and is dedicated to specific types of information.

If your hosting service uses an alternate port, you will want to edit the Database Host value like this:

define( 'DB_HOST', 'mysql.example.com.3307’);

Replace 3307 with the number provided by your hosting service.

If your hosting service uses Unix sockets or pipes, edit this line like so:

define( 'DB_HOST', '127.0.0.1:/var/run/mysqld/mysqld.sock' );
// or define( 'DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock' );
// or define( 'DB_HOST', 'example.tld:/var/run/mysqld/mysqld.sock'

You will need to replace /var/run/mysqld/mysqld.sock with the information provided by your hosting service

Using a Plugin to Edit the wp-config File

If you would rather avoid the hassle of editing the wp-config file manually, there is a simpler way to get the job done.

You can use a plugin like Wp Config File Editor. This plugin will allow you to edit all the sections of the wp-config file from your WordPress backend.

To begin, download and install the plugin from the WordPress repository.

WP config file editor plugin

Once installed, you can access the plugin from the side menu on the dashboard.

Hover over WPCF Editor and select Raw Editing to access the wp-config file.

You’re Ready to Edit Your wp-config File Like a Pro!

There you have it! If you follow these instructions carefully, you will be able to find and edit the wp-config file of your WordPress website.

If you have to modify the file to make changes or correct anything, you now have everything you need to safely edit the file.

As long as you always take a copy of the file before you begin, any change you make to wp-config can be undone in seconds. We would always recommend making changes on a test site first but if you need to change it on live, you can.

Now you’re well on your way to mastering WordPress! Don’t forget to back your website up before you begin!

Have you tried editing the wp-config file of your WordPress website in the past? If you did, we’d love to hear what method you used, and how it all worked out!

Article by
Pratik Chaskar
LinkedInTwitter

Pratik Chaskar holds the pivotal role of CTO at Brainstorm Force, serving as the backbone of the company. Renowned for his organizational skills, strategic thinking, problem-solving attitude, and expertise in leading and executing plans, Pratik plays a crucial role in the BSF’s technological landscape.

Disclosure: This blog may contain affiliate links. If you make a purchase through one of these links, we may receive a small commission. Read disclosure. Rest assured that we only recommend products that we have personally used and believe will add value to our readers. Thanks for your support!

2 comments
  1. Bryan Philips Profile Pic

    Wp Config File Editor is “closed.” Can you recommend another alternative? Or do we need to access via the other methods mentioned above?

  2. Jamie Profile Pic

    I think wp is trying to keep us from tools inside the dash that could screw things up. Use ssh or ftp to connect and use codeanywhere or another IDE / editor to change it.

Leave a Comment

Your email address will not be published. Required fields are marked *

Join 1,653,898+ Happy Site Owners Using Astra

Whether you are a beginner, small business owner, or professional web developer, Astra provides all the tools you need to easily build your beautiful WordPress website.

Scroll to Top