Codex : Editing wp-config.php
WARNING: Before editing this page.
Please, do not edit this Codex Page with the settings for your own server as you are giving the world access to your website's MySQL password, and will not make your install work. Thanks.
As part of the WordPress installation, you must modify the
wp-config.php file to define the WordPress configuration settings required to access your MySQL database.
This file,
wp-config.php, does not exist in a downloaded copy of WordPress; you need to create it. The
wp-config-sample.php file is provided as an example to work from. Advanced settings and examples are provided below.
To change the
wp-config.php file for your installation, you will need this information :
- Database Name
- Database Name used by WordPress
- Database Username
- Username used to access Database
- Database Password
- Password used by Username to access Database
- Database Host
- The hostname of your Database Server
If your hosting provider installed WordPress for you, get the information from them. If you manage your own
web server or hosting account, you will have this information as a result of
creating the database and user.
Configure Database Settings
Important: never use a word processor like Microsoft Word for editing WordPress files!
Locate the file
wp-config-sample.php in the base directory of your WordPress directory and open in a
text editor.
NOTE: Since Version 2.6, wp-config.php can be moved to the directory directly above the WordPress application directory.
Default wp-config-sample.php
This is an example of a default
wp-config-sample.php. The values here are
examples to show you what to do. You need to make changes on your own web site
not here. If you make changes here by using the edit button, they will
not work and you will be showing your password details to the world.
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME',
'putyourdbnamehere');
/** MySQL database username */
define('DB_USER',
'usernamehere');
/** MySQL database password */
define('DB_PASSWORD',
'yourpasswordhere');
/** MySQL hostname */
define('DB_HOST',
'localhost');
NOTE: Text inside /* */ are comments, for information purposes only.
NOTE: Do not change these details here by editing this page, change them on your web server.
Set Database Name Replace
putyourdbnamehere, with the name of your database, e.g.
MyDatabaseName.
define('DB_NAME', 'MyDatabaseName'); // Example MySQL database name
Set Database User
Replace
usernamehere, with the name of your username e.g.
MyUserName.
define('DB_USER', 'MyUserName'); // Example MySQL username
Set Database Password
Replace
yourpasswordhere, with the your password, e.g.
MyPassWord.
define('DB_PASSWORD', 'MyPassWord'); // Example MySQL password
Set Database Host
Replace
localhost, with the name of your database host, e.g.
MyDatabaseHost.
define('DB_HOST', 'MyDatabaseHost'); // Example MySQL Database host NOTE: There is a good chance you will NOT have to change it. If you are unsure, try installing with the default value of 'localhost' and see if it works. If the install fails, contact your web hosting provider.
Possible DB_HOST values
Different hosting companies use different network settings for their mysql database's. If your hosting company is listed below in the left column, the value on the right is similar to the correct value for DB_HOST. Contact your tech support and/or search your hosting companies online Documentation to be sure.
| Hosting Company | DB_HOST Value Guess |
| 1and1 | db12345678 |
| AN Hosting | localhost |
| A Small Orange | localhost |
| BlueHost | localhost |
| DreamHost | mysql.example.com |
| GoDaddy | h41mysql52.secureserver.net |
| HostGator | localhost |
| HostICan | localhost |
| ICDSoft | localhost:/tmp/mysql5.sock |
| LaughingSquid | localhost |
| MediaTemple GridServer | internal-db.s44441.gridserver.com |
| one.com | localhost |
| pair Networks | dbnnnx.pair.com |
| Rackspace Cloud | mysql50-01.wc1.dfw1.stabletransit.com |
| Yahoo | mysql |
| Hosts with cPanel | localhost |
| Hosts with Plesk | localhost |
| Hosts with DirectAdmin | localhost |
| Tophost.it | sql.your-domain-name.it |
MySQL Alternate Port
If your host uses an alternate port number for your database you'll need to change the
DB_HOST value in the
wp-config.php file to reflect the alternate port provided by your host.
For localhost
define('DB_HOST', 'localhost:3307');Other
define('DB_HOST', 'mysql.example.com:3307');Replace
3307 with whatever port number you host gives you.
Database character set
As of WordPress Version 2.2,
DB_CHARSET was made available to allow designation of the database character set (e.g. tis620 for TIS620 Thai) to be used when defining the MySQL database tables.
The default value of
utf8 (Unicode UTF-8) is almost always the best option. UTF-8 supports any language, so you typically want to leave DB_CHARSET at
utf8 and use the DB_COLLATE value for your language instead.
This example shows utf8 which is considered the WordPress default value:
define('DB_CHARSET', 'utf8');WARNING: Those performing new installations
There usuallly should be no reason to change the default value of DB_CHARSET. If your blog needs a different character set, please read Character Sets and Collations MySQL Supports for valid DB_CHARSET values.
WARNING: Those performing upgrades (especially blogs that existed before 2.2)
If DB_CHARSET and DB_COLLATE do not exist in your
wp-config.php file,
DO NOT add either definition to your
wp-config.php file unless you read and understand Converting Database Character Sets. Adding DB_CHARSET and DB_COLLATE to the
wp-config.php file, for an existing blog, can cause major problems.
Database collation
As of WordPress Version 2.2,
DB_COLLATE was made available to allow designation of the database collation (i.e. the sort order of the character set). In most cases, this value should be left blank (null) so the database collation will be automatically assigned by MySQL based on the database character set specified by DB_CHARSET. Set
DB_COLLATE to one of the UTF-8 values defined in UTF-8 character sets for most Western European languages.
The WordPress default DB_COLLATE value:
define('DB_COLLATE', ); UTF-8 Unicode General collation
define('DB_COLLATE', 'utf8_general_ci');UTF-8 Unicode Turkish collation
define('DB_COLLATE', 'utf8_turkish_ci');WARNING: Those performing new installations
There usually should be no reason to change the default value of DB_COLLATE. Leaving the value blank (null) will insure the collation is automatically assigned by MySQL when the database tables are created.
WARNING: Those performing upgrades (especially blogs that existed before 2.2)
If DB_COLLATE and DB_CHARSET do not exist in your
wp-config.php file,
DO NOT add either definition to your
wp-config.php file unless you read and understand Converting Database Character Sets. And you may be in need of a WordPress upgrade.
Security Keys
In Version 2.6, three (3) security keys,
AUTH_KEY,
SECURE_AUTH_KEY, and
LOGGED_IN_KEY, were added to insure better encryption of information stored in the user's cookies. (These collectively replaced a single key introduced in Version 2.5.) In Version 2.7 a fourth key,
NONCE_KEY, was added to this group. When each key was added, corresponding salts were added:
AUTH_SALT,
SECURE_AUTH_SALT,
LOGGED_IN_SALT, and
NONCE_SALT.
You don't have to remember the keys, just make them long, random and complicated -- or better yet, use the the online generator. You can change these at any point in time to invalidate all existing cookies. This does mean that all users will have to login again.
Example (don't use these!):
define('AUTH_KEY', 't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|');
define('SECURE_AUTH_KEY', 'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj');
define('LOGGED_IN_KEY', 'MGKi8Br(&{H*~&0s;{k0
define('NONCE_KEY', 'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe');
define('AUTH_SALT', '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G');
define('SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #');
define('LOGGED_IN_SALT', 'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i');
define('NONCE_SALT', 'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<`}.py(wTP%%');
A
secret key makes your site harder to hack and access harder to crack by adding random elements to the password.
In simple terms, a secret key is a password with elements that make it harder to generate enough options to break through your security barriers. A password like "password" or "test" is simple and easily broken. A random, unpredictable password such as "88a7da62429ba6ad3cb3c76a09641fc" takes years to come up with the right combination. A '
salt is used to further enhance the security of the generated result.
The four keys are required for the enhanced security. The four salts are recommended, but are not required, because WordPress will generate salts for you if none are provided. They are included in wp-config.php by default for inclusiveness.
For more information on the technical background and breakdown of secret keys and secure passwords, see:
Article Of Wordpress.org
