One of the most important files in your WordPress installation is the wp-config.php file. This file is located in the root of your WordPress file directory and contains your website’s base configuration details, such as database connection information.
When you first download WordPress, the wp-config.php file isn’t included. The WordPress setup process will create a wp-config.php file for you based on the information you provide.
You can manually create a wp-config.php file by locating the sample file named wp-config-sample.php (located in the root install-directory), editing it as required, and then saving it as wp-config.php.
Note: The contents of the wp-config-sample.php file are in a very specific order. The order matters. If you already have a wp-config.php file, rearranging the contents of the file may create errors on your blog.
To change the wp-config.php file for your installation, you will need this information:
Database Name – Database Name used by WordPress
Database Username – Username used to access Database
Database Password – Password used by Username to access Database
Database Host – The hostname of your Database Server. A port number, Unix socket file path or pipe may be needed as well.
If your hosting provider installed WordPress for you, get the information from them. If you manage your own web server or hosting account, you will have this information as a result of creating the database and user.
Configure Database Settings #Configure Database Settings
Important: Never use a word processor like Microsoft Word for editing WordPress files!
Locate the file wp-config-sample.php in the base directory of your WordPress directory and open in a text editor.
Default wp-config-sample.php #Default wp-config-sample.php
Note: This is an example of a default wp-config-sample.php. The values here are examples to show you what to do.
// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define( ‘DB_NAME’, ‘database_name_here’ );
/** MySQL database username */
define( ‘DB_USER’, ‘username_here’ );
/** MySQL database password */
define( ‘DB_PASSWORD’, ‘password_here’ );
/** MySQL hostname */
define( ‘DB_HOST’, ‘localhost’ );
Note: Text inside /* */ are comments, for information purposes only.
Set Database Name #Set Database Name
Replace ‘database_name_here’, with the name of your database, e.g. MyDatabaseName.
define( ‘DB_NAME’, ‘MyDatabaseName’ ); // Example MySQL database name
Set Database User #Set Database User
Replace ‘username_here’, with the name of your username e.g. MyUserName.
define( ‘DB_USER’, ‘MyUserName’ ); // Example MySQL username
Set Database Password #Set Database Password
Replace ‘password_here’, with the your password, e.g. MyPassWord.
define( ‘DB_PASSWORD’, ‘MyPassWord’ ); // Example MySQL password
Set Database Host #Set Database Host
Replace ‘localhost’, with the name of your database host, e.g. MyDatabaseHost. A port number or Unix socket file path may be needed as well.
define( ‘DB_HOST’, ‘MyDatabaseHost’ ); // Example MySQL Database host
Note: There is a good chance you will NOT have to change it. If you are unsure, try installing with the default value of ‘localhost’ and see if it works. If the install fails, contact your web hosting provider.
MYSQL ALTERNATE PORT
If your host uses an alternate port number for your database you’ll need to change the DB_HOST value in the wp-config.php file to reflect the alternate port provided by your host.
For localhost:
define( ‘DB_HOST’, ‘127.0.0.1:3307’ );
or in some cases:
define( ‘DB_HOST’, ‘localhost:3307’ );
For specified server:
define( ‘DB_HOST’, ‘mysql.example.com:3307’ );
Replace 3307 with whatever port number your host gives you.
MYSQL SOCKETS OR PIPES
If your host uses Unix sockets or pipes, adjust the DB_HOST value in the wp-config.php file accordingly.
define( ‘DB_HOST’, ‘127.0.0.1:/var/run/mysqld/mysqld.sock’ );
// or define( ‘DB_HOST’, ‘localhost:/var/run/mysqld/mysqld.sock’ );
// or define( ‘DB_HOST’, ‘example.tld:/var/run/mysqld/mysqld.sock’ );
Replace /var/run/mysqld/mysqld.sock with the socket or pipe information provided by your host.
POSSIBLE DB_HOST VALUES
Different hosting companies use different network settings for their mysql databases. If your hosting company is listed below in the left column, the value on the right is similar to the correct value for DB_HOST. Contact your tech support and/or search your hosting companies online Documentation to be sure.
Database character set #Database character set
DB_CHARSET was made available to allow designation of the database character set (e.g. tis620 for TIS620 Thai) to be used when defining the MySQL database tables.
The default value of utf8 (Unicode UTF-8) is almost always the best option. UTF-8 supports any language, so you typically want to leave DB_CHARSET at utf8 and use the DB_COLLATE value for your language instead.
This example shows utf8 which is considered the WordPress default value:
define( ‘DB_CHARSET’, ‘utf8’ );
There usually should be no reason to change the default value of DB_CHARSET. If your blog needs a different character set, please read Character Sets and Collations MySQL Supports for valid DB_CHARSET values. WARNING: Those performing upgrades.
If DB_CHARSET and DB_COLLATE do not exist in your wp-config.php file, DO NOT add either definition to your wp-config.php file unless you read and understand Converting Database Character Sets. Adding DB_CHARSET and DB_COLLATE to the wp-config.php file, for an existing blog, can cause major problems.
Database collation #Database collation
DB_COLLATE was made available to allow designation of the database collation (i.e. the sort order of the character set). In most cases, this value should be left blank (null) so the database collation will be automatically assigned by MySQL based on the database character set specified by DB_CHARSET. An example of when you may need to set ”’DB_COLLATE”’ to one of the UTF-8 values defined in UTF-8 character sets for most Western European languages would be when a different language in which the characters that you entered are not the same as what is being displayed. (See also Unicode Character Sets in SQL Manual)
The WordPress default DB_COLLATE value:
define( ‘DB_COLLATE’, ” );
UTF-8 Unicode General collation
define( ‘DB_COLLATE’, ‘utf8_general_ci’ );
UTF-8 Unicode Turkish collation
define( ‘DB_COLLATE’, ‘utf8_turkish_ci’ );
There usually should be no reason to change the default value of DB_COLLATE. Leaving the value blank (null) will insure the collation is automatically assigned by MySQL when the database tables are created. WARNING: Those performing upgrades
If DB_COLLATE and DB_CHARSET do not exist in your wp-config.php file, DO NOT add either definition to your wp-config.php file unless you read and understand Converting Database Character Sets. And you may be in need of a WordPress upgrade.
Top ↑
Security Keys #Security Keys
You don’t have to remember the keys, just make them long, random and complicated — or better yet, use the online generator. You can change these at any point in time to invalidate all existing cookies. This does mean that all users will have to login again.
Example (don’t use these!):
define( ‘AUTH_KEY’, ‘t`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|’ );
define( ‘SECURE_AUTH_KEY’, ‘D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj’ );
define( ‘LOGGED_IN_KEY’, ‘MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^’ );
define( ‘NONCE_KEY’, ‘FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe’ );
define( ‘AUTH_SALT’, ‘7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G’ );
define( ‘SECURE_AUTH_SALT’, ‘I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #’ );
define( ‘LOGGED_IN_SALT’, ‘w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i’ );
define( ‘NONCE_SALT’, ‘a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%’ );
A secret key makes your site harder to successfully attack by adding random elements to the password.
In simple terms, a secret key is a password with elements that make it harder to generate enough options to break through your security barriers. A password like “password” or “test” is simple and easily broken. A random, long password which uses no dictionary words, such as “88a7da62429ba6ad3cb3c76a09641fc” would take a brute force attacker millions of hours to crack. A ‘salt is used to further enhance the security of the generated result.
The four keys are required for the enhanced security. The four salts are recommended, but are not required, because WordPress will generate salts for you if none are provided. They are included in wp-config.php by default for inclusiveness.
For more information on the technical background and breakdown of secret keys and secure passwords, see:
Ryan Boren – SSL and Cookies in WordPress 2.6
Wikipedia’s explanation of Password Cracking
Lorelle VanFossen – Protect Your Blog With a Solid Password
Instructables – Security Password Tips
Huffington Post – 17 Tips You Can Do Today to Protect Your Online Passwords