wp-config.php
WordPresswp-config.php is the core WordPress configuration file that defines how a site connects to its database and how key runtime settings are applied. It stores database credentials, table prefix, authentication salts, and optional constants that control debugging, caching, memory limits, and file permissions. Because it influences security and stability, it is typically protected from public access and edited carefully.
How It Works
wp-config.php lives in the root of a WordPress installation (or one directory above it) and is loaded very early in the WordPress bootstrap process. Before WordPress can read content or settings from the database, it uses values in this file to establish a database connection (DB_NAME, DB_USER, DB_PASSWORD, DB_HOST) and to determine the database table prefix ($table_prefix). If these values are wrong, WordPress cannot connect and the site may show database connection errors.
Beyond database access, wp-config.php can define constants that change WordPress behavior without using the admin dashboard. Common examples include enabling debugging (WP_DEBUG), controlling automatic updates, setting memory limits, forcing SSL for admin, configuring file system methods for updates, and integrating caching layers via drop-in plugins. Authentication keys and salts stored here help secure cookies and sessions; regenerating them logs users out and can mitigate certain security risks after an incident.
Why It Matters for Web Hosting
Hosting plans differ in how easily and safely you can manage wp-config.php. You may need SSH/SFTP access, a file manager, and correct PHP permissions to edit it, plus backups and staging to avoid downtime. Security features like WAF rules, malware scanning, and file integrity monitoring help protect it, while performance-oriented hosting may require adding caching or reverse-proxy settings. Understanding wp-config.php helps you evaluate control, support, and tooling in a WordPress hosting plan.
Common Use Cases
- Fixing database connection issues after a migration or host change by updating DB_* values
- Changing the database table prefix for security or when importing an existing site
- Enabling troubleshooting with WP_DEBUG and related logging settings during development
- Configuring caching or performance behavior required by a caching plugin or server setup
- Hardening security by updating authentication keys/salts and restricting file editing
- Adjusting operational settings such as memory limits, cron behavior, or forced HTTPS
wp-config.php vs .htaccess
wp-config.php controls WordPress application configuration in PHP, mainly database connectivity and WordPress runtime constants. .htaccess (on Apache and compatible setups) controls web server behavior such as redirects, rewrite rules, caching headers, and access restrictions. Many hosting changes involve both: wp-config.php for WordPress-level settings and .htaccess for server-level routing and security. On Nginx, .htaccess is not used, so equivalent rules are set in server configuration instead.