The wp-config.php file is one of the most powerful single WordPress files. It stores your database connection, Unique Keys and Salts, and more.
There are quite a few things that we can add in order to make WordPress a little extra secure.
Download your wp-config.php file and open it in your favorite text editor. Find the last entry that will look like this…
/** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php');
The code we’ll be adding will go right before this line.
The entire code block is available at the end of the article, however let’s take a look at each line to find out what each is doing.
Let’s Break It Down
WordPress’s Built-In Database Optimization and Repair
// Uncomment and go to http://example.com/wp-admin/maint/repair.php. Don't forget to re-comment when done. #define('WP_ALLOW_REPAIR', true);
The first thing you’ll want to do is change example.com with your actual domain name. For example, if I were to run it on this site, it would be:
http://wpdoityourself.com/wp-admin/maint/repair.php When you want to run this code, remove the pound sign (AKA hash tag) from the line that reads
#define('WP_ALLOW_REPAIR', true);. Upload the revised wp-config.php file and go to that URL to run a database repair and optimization.
When you’ve done this, re comment the line by adding the pound sign back so that other users are unable to run it and re upload the wp-config.php file.
Let’s Control The WordPress Core Auto Update
The next section informs WordPress to automatically upgrade critical security updates without you having to do anything. By default WordPress will now automatically upgrade all versions which may cause problems for your website. This will keep your site safe while still allowing you to manually upgrade WordPress’s feature upgrades.
// Disable Automatic WordPress Updating define( 'WP_AUTO_UPDATE_CORE', minor );
Set Post Revisions Quantity
By default WordPress will save all Post Revisions. As nice as this sounds, most of those old revisions aren’t needed and only serve to bloat your database. The code here limits the revisions to five. If you need a different number of Post Revisions, simply change
WP_POST_REVISIONS to a different number that meets the needs of your web site.
// Limit the number of saved revisions define('WP_POST_REVISIONS', 5); // Limit to 5
Disable the Plugin and Theme Editor
Prevent overzealous users from being able to edit sensitive files and potentially crash the site. Disabling these also provides an additional layer of security if a hacker gains access to a well-privileged user account.
// Disable the plugin and theme editors in the WordPress admin define( 'DISALLOW_FILE_EDIT', true );
Wrapping It All Up
Here it is all together for you to copy and paste into your wp-config.php file.
// Uncomment and go to http://example.com/wp-admin/maint/repair.php. Don't forget to re-comment when done. #define('WP_ALLOW_REPAIR', true); // Disable Automatic WordPress Updating define( 'WP_AUTO_UPDATE_CORE', minor ); // Limit the number of saved revisions define('WP_POST_REVISIONS', 5); // Limit to 5 // Disable the plugin and theme editors in the WordPress admin define( 'DISALLOW_FILE_EDIT', true );