Using WordPress’s Main Configuration Settings - dummies

Using WordPress’s Main Configuration Settings

After Your WordPress configuration file (wp-config.php) is nice and secure, you need to know what’s stored within it so you can reference it and understand how WordPress communicates with the database you configured and set up. Open the wp-config.php file by using your default text editor and have a look inside.

Database information

The database information section of the wp-config.php file contains the database credentials that are required for WordPress to connect to your database. During installation, the WordPress installation script populates this data after you input the database name, username, password, and host in the installation form.

Secret keys enhance WordPress security through user authentication with the placement of a cookie in the user’s web browser. Secret keys in your wp-config.php file make your site harder for outside sources to gain access to because they add random keys to the user password.

These keys aren’t populated during the WordPress installation, so after the installation is complete, you need to visit the wp-config.php file to set the keys so that your WordPress installation has unique keys that are different from any other installation. By default, the code in the file looks like this:

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these with the {@link secret-key service}. You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
* @since 2.6.0
define(‘AUTH_KEY’,     ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’,  ‘put your unique phrase here’);
define(‘NONCE_KEY’,    ‘put your unique phrase here’);
define(‘AUTH_SALT’,    ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’,  ‘put your unique phrase here’);
define(‘NONCE_SALT’,    ‘put your unique phrase here’);

Follow the directions in the file and visit the WordPress secret-key service web page ( and be sure to refresh this page a few times to make sure that you get unique keys. Copy the keys from the web page and then replace the eight lines of default (blank) keys in your wp-config.php file.

Default language

English is the default language for every WordPress installation; however, you can use any of the language translations currently available for WordPress by changing the WPLANG parameter in the wp-config.php file. By default, the WPLANG parameter looks like this:

* WordPress Localized Language, defaults to English.
* Change this to localize WordPress. A corresponding MO file for the chosen language must be installed to wp-content/languages. For example, install to wp-content/languages and set WPLANG to ‘de’ to enable German language support.
define (‘WPLANG’, ‘‘);

You can find the specifics at the WordPress Codex page (, which lists all the languages you have access to, including the language code. If you want WordPress translated into French, for example, look up the language code on the Codex page. You can see that the code is fr_FR. To use French rather than English, you change the WPLANG parameter to:

define (‘WPLANG’, ‘fr_FR’);

Then save the file and upload it to your server. Your WordPress Dashboard displays in the French language, rather than the default English.

Database table prefix

By default, when installing WordPress, you’re asked for the database table prefix and given the wp_ default prefix. This is how the tables in the database are defined and called by the different WordPress functions in the code.


Here’s how the database table prefix definition looks in the wp-config.php file:

* WordPress Database Table prefix.
* You can have multiple installations in one database if you give each a unique prefix. Only numbers, letters, and underscores please!
$table_prefix = ‘wp_’;

During the installation process, you can change the default wp_ prefix to anything you want. In fact, most security experts recommend that you change the database prefix because WordPress is a big target for hacking (malicious scripts, spam, and so on). Web bots and spiders can be set to look for the usual WordPress default settings and attempt to exploit them.

Absolute WordPress path

The configuration file defines the absolute path, or the full directory path on your web server, to the WordPress files on your web server. This is called once when WordPress is executed and tells the web server where, within your directory, it needs to look for the core files to successfully run WordPress on your site. The code that defines the absolute path in the wp-config.php file looks like this:

/** Absolute path to the WordPress directory. */
if ( !defined(‘ABSPATH’) )
define(‘ABSPATH’, dirname(__FILE__) . ‘/’);
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . ‘wp-settings.php’);