Knowledge Base
MilesWeb / WordPress FAQ

Everything You Need to Know About wp-config.php

Approx. read time : 5 min

The wp-config.php file plays a key role in your WordPress site as well as its security. But to manage the file you need to have some knowledge. This article provides the complete idea about WordPress configuration and the crucial benefits offered by it.

An Introduction to wp-config.php File

So, let’s first understand what wp-config.php is. Your database configuration is stored on your website by this file.

The information that is stored within the file includes your username, password, database names and database host.

The wp-config.php isn’t pre-built in WordPress but is created while the installation of WordPress is done. It is specifically developed for the user. You will find this file in the root directory of your website. Here, the location is displayed in /public_html.

For changing the wp-config.php, you will need an FTP (i.e. FileZilla) or MilesWeb File Manager. Then download the file to your hard drive.

Important: Change the wp-config.php only if required and remember to create a backup. If you mess it up it will cause problems.

For example, here we’ll use wp-config-sample.php as our source. This is the base version of wp-config.php located in your WordPress directory, so both files are not completely different. The code is mentioned in PHP constant and appears as below:

MySQL Settings for wp-config.php

You will find your database configuration written under MySQL settings in wp-config.php. It contains your database name, MySQL hostname, username, and password. You can change one of these when you migrate your website to another web host and decide to update MySQL details. Below is a snippet:

You can see this information with another method and that is by searching the web hosting control panel. Log in to your web hosting account, click the Database section, and select MySQL Databases.

Apart from this, you can change several things inside wp-config.php to enhance your website. It allows you to generate Authentication Key and Salts, change your table prefix, enable debugging mode, and move the file for security reasons. Let’s check them one by one.

Security Keys

You can create Authentication Keys and Salts inside the wp-config.php file. With this your website will remain secured with more advanced methods by encrypting the user’s information.

When you opt for this, you will need a series of strong passwords. These can be generated with the WordPress password generator. After you have your passwords, paste them one by one inside the apostrophe to replace ‘put your unique phrase here’.

You will find a strong effect after its implementation as all users will get logged out and current cookies will become invalid. In this way, hackers that are trying to hack your credentials will be forced to get out.

Database Table Prefix

Generally, WordPress sets a predefined table prefix in wp-config.php and allows you to add more layer of protection by modifying it. It reads as below:

So, we recommend you to change this prefix while the installation process for high security. When you replace the existing prefix, it will make harder for SQL injections to happen.

The wp prefix can be changed with something randomly but don’t forget that you can only use letters, numbers and underscores for this. Check it below:

It is best to opt for something complex. Or else, it will beat the intention of changing database table prefix in the first place.

Debugging Mode

By default, you will find the debugging mode turned off. You can turn it on if you want to learn about WordPress development.

The use of debugging mode is for notifying the developers after codes are being executed. This helps them to check for bugs on their website. However, if this function is considered, the debugging mode can still be useful for more general users.

You can turn on debugging mode in a simple way. You just need to find the line attached below, change debug mode to true as it is originally set to false.

Finding and Editing The wp-config.php File Location

It can be dangerous to change the wp-config.php location so it is important to perform a backup. But since it is risky, you can move your wp-config.php file to a new location so hackers won’t find it easily. It is always better to have one more safety measure.

For changing the wp-config.php location, select FTP application of your choice and follow the below instructions:

Find your wp-config.php in the root directory of your website (as shown earlier).

Place your wp-config.php to another location by drag-and-dropping it to your preferred directory. In this case, we will place it inside /public_html/wp-admin/user

When you are done with this process, your website won’t be accessible because it does not identify the location of the wp-config file that you just moved. So, you will have to create another wp-config.php in a text editor in your PC for your website to know where the actual file is now located. From our example, the new wp-config.php file should only contain:

Make sure you replace the directory above with the new location of your wp-config.php.
Then upload the new file to your root directory–the location where the original wp-config.php was located. If find your backup file still there, overwrite it.

That’s it! Your WordPress configuration file is now located in a safer place.


In this article, you have learned the importance of wp-config.php for WordPress. It comprises of sensitive information that should be kept away from the people having bad intentions. It’s fortunate that you can do several things to increase your website’s security and control. Don’t forget to be careful while editing it as you won’t be able to access the WordPress website if anything goes wrong.

Pallavi Godse
Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.