Decoding WordPress wp-config.php

wp-config,php is one of the most important file of a WordPress installation. This file is located in the root of your WordPress file directory and contains your website’s base configuration details, such as database connection information. In this article we will try to understand all the settings that are done in wp-config.php and their usage.

Database Settings

  • DB_NAME: This will be the name of your WordPress database.
  • DB_USER: This will the username to access your database.
  • DB_PASSWORD: This will the password to access your database.
  • DB_HOST: This will the hostname of your database server. Most of the times its localhost. But if you are not sure you can ask you hosting company and they will provide you the database server information of your server. Below is a table of possible database hosts.
  • DB_CHARSET: This will define the character set used by your database.The default is utf8 which supports all languages, so it should not be changed unless absolutely necessary.
  • DB_COLLATE: Used to define the sort order of the database character set. if you are changing this value, make sure is is set to a UTF-8 character set, such as utf8_general_ci or utf8_spanish_ci
Hosting Company Possible DB_HOST values
1and1 db12345678
AN Hosting localhost localhost or real IP provided with activation mail.
A Small Orange localhost
BlueHost localhost
GoDaddy – Shared and 4GH Hosting In the Databases menu go to MySQL. To the right of the database name click on Actions and Details. The hostname is at the bottom of the window.
GoDaddy – cPanel Hosting localhost
GoDaddy – Plesk Hosting Use the IP address shown in the Databases Section in Plesk. Do not include :3306
HostGator localhost
HostICan localhost
ICDSoft localhost:/tmp/mysql5.sock
Infomaniak Network mysql.yourdomain
InMotion Hosting localhost
LaughingSquid localhost
MediaTemple Grid – (Replace “00000” with the actual site number)
MediaTemple DV localhost
MegnaHost localhost
NearlyFreeSpeech.Net username.db
NetworkSolutions mysqlv5
pair Networks localhost
Rackspace Cloud localhost for unmanaged servers, variable for Cloud Sites like where X,Y,A,B,N,Q are variables Power Hosting
Yahoo mysql
Hosts with cPanel localhost
Hosts with Plesk localhost
Hosts with DirectAdmin localhost

Table Prefix

The $table_prefix is the value placed in the front of your database tables. If you haven’t changed this while installing the WordPress, then most probably you are using the default wp_ as table prefix.  From security perspective, this is very unsafe and this should be changes as soon as possible. If you are an advance user you can change it manually by replacing wp_ by something random like aedc_ and then updating the database tables. But if you are not and advance user you can do it by using some security plugin such as iThemes Secutiry.

You can have multiple installations in one database if you give each a unique prefix.

 A second blog installation using the same database can be achieved simply by using a different prefix than your other installation.

Security Settings

A secret key is a password with elements that make it harder to generate options to break through you security barriers. All the keys are randomly auto-generated and should not be disclosed to anyone.

You can assign any random string to these keys or you can use the online generator to generate security keys.

These keys will be used to sign the cookies for your website.

  • AUTH_KEY: This key is used to sign auth cookies for the non-SSL. These can also be used to make changes on the blog.
  • SECURE_AUTH_KEY: It is used to sign an auth cookie for SSL admin and these cookie can be used to make changes on blog. (With the new version there will be two type of auth cookie one for SSL and other for non-SSL)
  • LOGGED_IN_KEY: It will be used to generate a cookie for a logged in user and this cookie can’t be used to make changes on the blog.
  • NONCE_KEY: It is used to sign the nonce key which protects the nonces from being generated, protecting you from certain forms of attacks where a hacker attempts to guess the nonce.

Salt is an addition to the secret keys. They work in combination with keys.


Defining them is not compulsory, but it is a good practice to have them in your wp-config.php file. If you don’t define those than WordPress will generate it automatically. These can also be a random complex string and you can define them either by yourself or through the online random key generator.

Language and Language Directory

  • WPLANG: It defines the name of the language translation (.mo) file.If your blog is in English, leave it blank. But if your blog is in a language other than English, you can look up your language code here: For example, for Spanish the code will be 
  • WP_LANG_DIR: This defines what directory the WPLANG .mo file resides. If WP_LANG_DIR is not defined WordPress looks first to wp-content/languages and then wp-includes/languages for the .mo defined by WPLANG file.

Debug Settings

  • WP_DEBUG: This option controls the reporting if errors and warnings. This is set to false by default. But if you wish to debug code you must set it to true.
  • CONCATENATE_SCRIPTS: This option will concatenate all the JavaScript into one for a faster Administrator area. This is set to true by default, but if the JavaScript is not working properly in your Administrator area you can set it to false.