Tricks with wp-config to secure and boost WordPress site

As you are here and reading this article so i assume that you already installed WordPress by your self and played with it at-least some times. So, you know the wp-config.php file: this is the file where you set up your database connection info and define your site language or if you are multi-site user you define your site as multi-site here. Beside these You can do a lot more things with the wp-config.php file. In this article, I’ll show you some snippets using wp-config.php, to secure and boost your WordPress website.

Prevent WordPress Site from asking FTP credentials

Open your  wp-config.php file with your favorite Code editor then right after “/* That's all, stop editing! Happy blogging. */ ” line paste this code –

define('FS_METHOD', 'direct');

Please note that the code snippet provided above might not work on all hosting providers, and might even cause security issues if your host is badly configured, so avoid using it if you’re not sure about your hosting.

Tell WordPress to remember your FTP credentials

If the above method do not work on your server, or if you don’t want to implement it for some reason, here is another useful snippet. This one simple tells WordPress to remember your FTP credentials so you won’t be asked again when an upgrade is available.

define('FTP_HOST', '');
define('FTP_USER', 'Your_FTP_Username');
define('FTP_PASS', 'Your_FTP_password');
define('FTP_SSL', true); // If you can use a SSL connection set this to true


Disallow direct file edition

WordPress allows the site administrator to directly edit themes and plugins files through a built-in editor. This is very useful, but if you’re building a site for a client and who is newbie it is not a good idea to allow him to use this feature. Here’s a simple way to disallow direct file edition.


Automatically empty trash

If you want to define how often the trash should be automatically emptied, here’s the right way to do it:

define('EMPTY_TRASH_DAYS', 1);

Replace 1 by X to empty spam comments automatically every X days. That’s simple as that!


Increase WordPress memory limit

By default, WordPress is configured to limit the php memory it uses to 32M. If you receive a message such as “Allowed memory size of xxxxxx bytes exhausted”, you might want to increase this limit, as shown below:

define('WP_MEMORY_LIMIT', '96M');


Automatic database repair

From Version 2.9, there is automatic database optimization support, which you can enable by adding the following define to your wp-config.php file only when the feature is required.

define('WP_ALLOW_REPAIR', true);


Block external requests

Since version 2.8, WordPress allows you to define constants to control access to specific hosts from behind a proxy server.

define('WP_HTTP_BLOCK_EXTERNAL', true);

It will block external requests from that time on. Though, some plugins need external request to work properly. If you experience problems, you can define a whitelist by pasting the code below into wp-config.php. Don’t forget to replace  url by the one needed by the plugin, and note that you should allow access to in order to ensure proper functionality of core files and plugins.

define('WP_ACCESSIBLE_HOSTS', '');

Thats all for now. Hopefully you will find these snippets useful for your upcoming projects. If you have something to share feel free to

comment bellow and share with us.


Written by


No Description found!

Have something to say? Cancel Reply

Your email address will not be published.

Table of Contents