Home > Backend Development > PHP Tutorial > Mastering the wp-config.php file - 11 essential tips

Mastering the wp-config.php file - 11 essential tips

王林
Release: 2023-09-03 12:22:02
Original
1497 people have browsed it

掌握 wp-config.php 文件 - 11 个基本技巧

The WordPress (v3.4.1) package comes with 981 files and 95 folders. With the exception of the wp-config.php file, none of these files require manual modification. Of course, we do not have to edit this file if we can use the default WordPress configuration, but we must understand how to conquer it in order to apply security precautions, speed tips and other things we will look at in this article .


First things first: backup!

Better safe than sorry: Back up your content now! Use the built-in export page or use a plugin or take a backup from phpMyAdmin, but you can always undo the actions you make when tweaking your site.

These operations may affect the database, but they will not do anything to any files other than the ones we want to use, so a backup of the wp-config.php file will suffice... But if you haven't backed up your files for more than a month, I recommend you do the same. It's always good to back up frequently.

Are you ready? OK, let's get started!


Speed: Disable revisions... now!

Revisioning of posts is enabled by default, but may cause severe database bloat. Revisions are there so you can revert to a previous version of your post if you want. If you are not going to use revisions to check for "earlier versions" of posts, then you should definitely disable this feature by adding the following line to your wp-config.php file:

define('WP_POST_REVISIONS', false );
Copy after login

However, if you can accept modifications but don't benefit from unlimited copies of your edited posts, you can limit the maximum number of modifications per post using the following line of code:

define('WP_POST_REVISIONS', 2 );
Copy after login

Speed:Set Cookie Domain

If you serve static content (i.e. your media uploads) from a subdomain, it's a good idea to set a "cookie domain". This way, the cookie is not sent every time static content is requested.

define('COOKIE_DOMAIN', 'www.yourwebsite.com');
Copy after login

Quick Tip: To serve media uploaded from a subdomain, simply point the last two text fields on the Media Options page to a path (e.g. /home/myblog/ public_html/mysubdomain ) and the URL of the subdomain (e.g. https://mysubdomain.myblog.com/).


Speed:Change file system method

If you frequently install, update, or remove plugins and themes, you probably hate entering your FTP password every time you work on them. The code below makes it easier for you by forcing the file system to use direct file I/O requests within PHP - in other words, you no longer need to enter your FTP credentials.

define('FS_METHOD', 'direct');
Copy after login

Please note that this method may not work with every hosting provider, and even if it works, it may cause security issues on poorly configured hosts. So make sure you use it on a good server.


Security:Restrict access to the wp-config.php file

This tip requires you to edit the .htaccess file in the root directory, not the wp-config.php file. It basically prevents someone with malicious intent from loading yourblog.com/wp-config.php:

directly using the browser.
# protect wpconfig.php
<files wp-config.php>
	order allow,deny
	deny from all
</files>
Copy after login

Just add this to your .htaccess file and you're good to go!


Security:Force SSL on admin panel

Is SSL enabled on your server? great! You can force WordPress to use a secure connection when logging in using the following line of code:

define('FORCE_SSL_LOGIN', true);
Copy after login

If you are particularly paranoid about security (which is indeed a good thing), you can have WordPress use SSL on every admin page so that everything you do in there is encrypted Completed connection:

define('FORCE_SSL_ADMIN', true);
Copy after login

You can find more information about setting up SSL on the WordPress Codex’s Administration Over SSL page.


Security:Change database prefix

If WordPress had a security vulnerability that allowed an evil person to use a hacking method called "SQL injection", they could easily use the default prefix on WordPress database tables to delete them. But if your table prefix is ​​different from the default (wp_) they won't be able to guess, right?

So when setting up a new WordPress website, change the defaults on the installation page or change the following line in the wp-config.php file:

$table_prefix  = 'wooh00yeah_';
Copy after login

NOTE: If you want to implement this functionality in an existing WordPress site, you cannot just change the prefix on the wp-config.php file - you will get a database connection error . You should use a plugin to change the wp-config.php file and database tables and some specific values ​​in these tables. I recommend the DB Prefix Change plugin.


Security:Add security key... now!

Let’s read the WordPress Codex:

简单来说,密钥是一个密码,其中包含的元素使得生成足够的选项来突破安全屏障变得更加困难。像“password”或“test”这样的密码很简单并且很容易被破解。随机的、不可预测的密码(例如“88a7da62429ba6ad3cb3c76a09641fc”)需要数年时间才能想出正确的组合。 “盐”用于进一步增强生成结果的安全性。

这是 WordPress 最基本的安全预防措施之一 - 只需将此页面随机生成的内容复制并粘贴到您的 wp-config.php 文件中即可。 最难部分是找到这些常量的默认空值并删除它们! :)


其他:更改自动保存间隔

如果您有时要花 4 个小时处理帖子,您可能会发现 WordPress 每 60 秒自动保存一次帖子的状态,这很烦人。我承认这不是一件坏事,但有时它真的非常非常烦人。无论如何,如果您想将自动保存间隔设置为更高的值,您可以通过在 wp-config.php 文件中定义它来实现,如下所示:

define('AUTOSAVE_INTERVAL', 240 ); // the value should be in seconds!
Copy after login

其他:轻松移动您的 WordPress 网站

WordPress 充满了惊喜,这就是其中之一。如果您需要将网站移动到新域(或新子域或新文件夹),请在移动文件和数据库之前在 wp-config.php 文件中定义此常量:< /p>

define('RELOCATE',true); // We're not done yet!
Copy after login

设置此选项并移动 FTP 和数据库后,使用您的 WP 凭据登录 yournewwebsite.com/login.php,然后在“常规选项”页面上检查主页 URL 是否已更改。确认已更改后,删除 wp-config.php 文件中的常量。 WordPress 的这个小技巧可以让您省去手动编辑数据库的负担。

提示:虽然这实际上是“移动”您的网站,但它不会影响您内容中的硬编码链接。要替换它们,您应该使用像 Search Regex 这样的插件,并用新链接更改旧链接。


其他:禁用插件和主题文件的编辑

如果您是一名网页设计师,并且在客户的网站上使用 WordPress,您可能需要通过添加以下常量来禁用主题和插件文件的编辑:

define('DISALLOW_FILE_EDIT',true);
Copy after login

更好的是,您还可以禁用安装新主题和插件以及更新它们:

define('DISALLOW_FILE_MODS',true);
Copy after login

请记住,主题和插件更新在修复安全漏洞时有时非常重要。因此,如果您要禁用更新和安装新插件/主题,则必须以不同的方式跟踪更新。


其他:开发时启用 WP_DEBUG

这很简单:如果您正在开发插件或主题,最好启用 WordPress 的调试功能以查看收到的通知和警告类型:

define('WP_DEBUG',true);
Copy after login

有时,您会惊奇地发现在开发过程中很容易犯错误! :)


结论

我们为您的 WordPress 网站选择了 11 个很棒的提示和技巧,但 wp-config.php 文件的技巧当然不限于这些。你有什么好的技巧可以分享吗?随时欢迎您提出宝贵意见!

The above is the detailed content of Mastering the wp-config.php file - 11 essential tips. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template