WordPress wp-config.php

In WordPress, the wp-config.php is the most important and dangerous file. In this file is, in plain text, the DB information (including passwords). If this file goes bad, the whole site is down.

If you're totally unfamiliar with this, read the article WordPress Codex: Editing wp-config.php first.

= Standard Content =

Certain settings are put in the wp-config.php by default. All of these must be there for the file to work.

Database Settings
define('DB_NAME', 'dreamhost_my_database'); define('DB_USER', 'dhwpuser'); define('DB_PASSWORD', 'totallyfreakinawesomehardtocrackpasswordnoteveninenglish'); define('DB_HOST', 'mysql.dreamhost.com'); define('DB_CHARSET', 'utf8'); define('DB_COLLATE', '');

Authentication Unique Keys and Salts
You can generate these using the WordPress.org secret-key service. Every site should have these. If someone complains about hacks, make them do this.

define('AUTH_KEY',        'hvKlL_)w&k{ybi{4cHV3G9x3t[]!@y$e*jW?Qt@bqkiRlr.Wy8]t6)/*`HlgC$UP0>-ix? Zak87'); define('NONCE_KEY',       'N{_@b|dS-L7~C2r*3LbHyx%r[i+z>j|~jY2pUc'); define('AUTH_SALT',       '5w%BS*,%rZ*|L?3sxCQ@-hFBM3aeN$Z0-^fPU1uU|O672X d|~4/I=5LLr.]*N8M'); define('SECURE_AUTH_SALT', 'o-O }+zw>[{8OUM)]UBcR_TTtwRtPTx+dN$K=zklG2:gJ!Z-{f,17(|65+odw(&6'); define('LOGGED_IN_SALT',  'rl45Nq@h|Va3P+ML? -r&7`xay)4$a+Zp (#pw!(4C^WV:7[i#jJ@J|JyZmA-NAX'); define('NONCE_SALT',      'Vnor?.uqj+/`KS+<r]$G_.)gBmbyxI4S|?1+t<jR|+wh[$i%+vvv|KA)E#g?jn.f');

Database Prefix
The default here is actually just  but if you use our one-click installer, the prefix will have some random letters and numbers. It must always end with an underscore, and it's best if the last letter is actually a letter and not a number. Ending with a number does funny things with Multisite.

$table_prefix = 'wp_2hdy121d_';

Language
Blank means English.

define('WPLANG', '');

Debug Mode
Default to off, but if you're debugging, it's not a bad thing.

define('WP_DEBUG', false);

= Adding Extra Defines =

If someone wants to add in extra lines, they should look for this:

/* That's all, stop editing! Happy blogging. */

NEVER put anything below that line. While it may work, it has a tendency to blow up in new and different ways.

Here are some of the commonly used defines:


 * Prevent anyone from editing plugins/themes from inside the Admin Dashboard:
 * Change the autosave interval for content:
 * Disable post revisions:
 * Change the number of revisions (default is unlimited):
 * Tell JavaScript not to mash all the files together:

= Rebuilding =

It the file has gone missing, you can actually rebuild it pretty easily. Get a copy of the sample from WordPress Core (direct link to the file). So long as you fill in the DB settings and the Authentication keys, they'll be able to log back in! You can figure out what DB is theirs by looking at the panel, same with passwords.