Thursday, March 27, 2014

11 tips on setting up wp-config.php file in WordPress

In the distribution of the most popular package for WordPress blogs delivered more than 900 files and 100 folders without small. None of these files does not require manual changes, except the configuration file wp-config.php. Thus, if you are satisfied with the default setting, then edit this file and do not need, but should get to safety tricks your blog to be fully prepared. 





Backup! Backup

Better safe than sorry: make a backup, right now! Use the built-in export page or use the plugin, or make a backup via phpMyAdmin, but always give yourself the opportunity to cancel the made when setting up your website.
Your manipulation can affect the database, but they will not do anything with any files except the file with which you will be working, so make a backup of wp-config.php, but if you did not make a copy of your files more than a month, I would advise to do it too. Frequent backups - it's always good.

Ready? Let's go!

Speed: Disable saved versions ... Now!

The function of maintaining versions of records is enabled by default, but can lead to significant "inflate" the database. Saved versions exist in order to enable you to rollback to a previous version of the record, if you need to. If you do not plan to use the save versions to check the "early version" of your records, you just need to disable this feature by adding this code in wp-config.php:

define ('WP_POST_REVISIONS', false);


However, if you are satisfied with the version, but you do not have an infinite number of copies of your modified records, you can limit the amount of
saved versions for each post using this line of code:

define ('WP_POST_REVISIONS', 2);


Speed: Set Cookie Domain

If you handle static content (such as downloaded media) subdomain, a good idea to install the «cookie domain».If you do this, cookies will not be sent whenever requested static content.

define ('COOKIE_DOMAIN', 'www.yourwebsite.com');


Tip: To download the media to handle subdomain, simply fill in the last two text fields on the page Media Options path (for example, / home / myblog / public_html / mysubdomain) and URL (eg http://mysubdomain.myblog.com/) your subdomain.


Speed: Modify the file system

If you frequently install, update or delete your plugins and themes, it is very likely that you hate entering your FTP password each time you do something. The following code makes it for you, making the file system to use direct request via PHP - in other words, you no longer need to enter the FTP login details.

define ('FS_METHOD', 'direct');


Please note that this may not work with all web hosting providers, and even if the work can cause security problems on a poorly tuned hosting. So make sure that you use it on a good server.

Safety: Denying access to the file wp-config.php

This trick does not require editing the file wp-config.php, and the file. Htaccess in your root folder. In fact, it prevents attackers upload yourblog.com / wp-config.php through the browser:

# Protect wpconfig.php
<files wp-config.php>
order allow, deny
deny from all
</ Files>


Just add it to your. Htaccess file and you're done!

Security: SSL in the admin panel

SSL is enabled on your server? Excellent! You can get WordPress to use a secure connection for authorization using this line of code:

define ('FORCE_SSL_LOGIN', true);


And if you are very suspicious of the security (which is actually good), you can get WordPress to use SSL on each page administrator to all that you are doing there, done over an encrypted connection:

define ('FORCE_SSL_ADMIN', true);


For more information about how to configure SSL, you can find in the WordPress Codex page Administration Over SSL.

Safety: Changing the database prefix

If WordPress has a security hole that allows attackers to use the hack, known as «SQL injection", they can easily use standard table prefixes your WordPress database to remove them. But if you have table prefixes are different from the standard (wp_), they will not be able to guess them, is not it?
So, setting a new site WordPress, change the default value on the installation page or change the following line in your wp-config.php:

$ Table_prefix = 'wooh00yeah_';


Note: If you want to make it work on an existing site, you can not just change the prefix in the file wp-config.php - you get a connection error with the database. You need to use a plugin that will change the wp-config.php file and database tables, and some of the values ​​in the tables. Recommended plugin DB Prefix Change .


Security: Add security keys ... Now!

Let's just read on WordPress Codex:
In simple words, the secret key - the password with elements that complicate the selection of a sufficient number of options for hacking. Password like "password" or "test" simple and can be easily hacked. To pick a random, unpredictable password type «88a7da62429ba6ad3cb3c76a09641fc» take years.


This is one of the necessary security measures for WordPress - and it's just copy and paste randomly generated on the page content in your file wp-config.php. The hardest part - is to insert a standard, blank value of these constants and their removal!

Other: Change the autosave interval

If you sometimes work on your record 4:00, you can irritate that WordPress automatically saves a record every 60 seconds. I think this is not a bad thing, but sometimes it's very, very annoying. In any case, if you want to set the autosave interval greater value, you can do this by setting the value in the file wp-config.php like this:

define ('AUTOSAVE_INTERVAL', 240); / / the value should be in seconds!


Other: Transfer your WordPress site easily

WordPress is full of surprises and this is one of them. If you ever need to move your site to another domain (or a new subdomain or folder), define this constant in your wp-config.php file before transferring your files and databases:

define ('RELOCATE', true); / / We're not done yet!


After installation of this magnitude and transfer your files and database log in with your data on WP yournewwebsite.com / login.php and then check whether the changed home page URL on the General settings.After confirming the changes, remove the constant from your file wp-config.php. This simple trick to WordPress will save you from editing the database manually.

Tip: although it is literally "transfer" your site, it does not affect the hard-coded links in your content. To change them, you must use a plug type Search Regex to replace the old and new links.


Other: Disable file editing plugin and theme

If you are a web designer and sites using WordPress for your customers, you may want to disable file editing themes and plugins by adding the following constant:

define ('DISALLOW_FILE_EDIT', true);


Moreover, you can also disable the installation of new themes and plugins, and their update:

define ('DISALLOW_FILE_MODS', true);


Just remember that the theme and plugin update often very important when they fix security holes. So if you want to disable the update and install new plugins / themes, you need to check for updates in another way.

Other: Including the development WP_DEBUG

It's simple: if you are developing a plugin or theme, it will be good to include the ability to debug in WordPress to see what notifications and warnings you get:

define ('WP_DEBUG', true);


Sometimes it's just great to see what simple mistakes you can make when designing!

0 comments:

Post a Comment

Blogger Widgets