14 Hacks To Boost Your WordPress WP-config For Speed And Security

Updated: November 4, 2017 / Home » Web Hosting and Wordpress » Tutorials, Optimization, Hack and SEO

The wp-config.php file is like the ‘setting’ list of your WordPress site, it is the bridge between your file system and your MySQL database. It contains important information such as username and password.

Don’t Click ➤ 7 Must Use SQL Queries To Clean And Optimize WordPress MySQL Database

Simple Method to Speed Up WordPress with wp-config.php Hack

Here are a few of the ways you can better utilize your wp-config file via a plain text editor. Here are some of my favorites WordPress hacks, also known as simple tricks that improves WordPress’s speed, function and features. In this article, we will share 13 of the most useful WordPress configuration tricks and hacks that you may not know yet.

↓ 01 – Move Your wp-config.php File

Generally, WordPress looks for wp-config file in its web root. If it’s not available there, then it will automatically look one level above. So, just move this file one folder above the web-root folder. By doing so, nobody will be able to access it without SSH or FTP access. If you’re moving your wp-config file to a unique location, it is recommended to create another wp-config file in the root folder that will point to the ‘real’ wp-config.php

define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . '../path/to/wp-config.php');

↓ 02 – Post Revisions

By default, WordPress will automatically saves every revisions. As useful as this feature may be, this feature will make the MySQL Database bloated with unnecessary data, eventually it will be too big to the extend where it takes too much resources to process it, thus slowing down the site.

define( 'WP_POST_REVISIONS', 2 );
define( 'WP_POST_REVISIONS', false );

Depending on your needs, you can either limit it to any number of revisions or disable it all together. Personally, I think 2 revisions is good enough.

↓ 03 – Modify AutoSave Interval

When editing a post, WordPress uses Ajax to auto-save revisions to the post as you edit. You may want to increase this setting for longer delays in between auto-saves, or decrease the setting to make sure you never lose changes. The default is 60 seconds.

define( 'AUTOSAVE_INTERVAL', 160 ); // Seconds

↓ 04 – Cleanup Image Edits

You can skip this if you do not use the image editor in WordPress. For those that have the habit of using the image editor, do not that every time you edit an image, alternate copies are created on top of the existing image. Because WordPress itself will create 3 copies of Thumbnail size, Medium size and Large Size by default, this does not include the settings for the theme. Together, there could be a total of 6 or 7 copies and so on.

define( 'IMAGE_EDIT_OVERWRITE', true );

With this definition, WordPress will only keep the original set of files plus the most recent set of edited versions, not all edited versions.

↓ 05 – Require SSL for Admin and Logins

Secure your admin area with this easy SSL definition. This feature is useful for when you want to secure logins and the admin area so that both passwords and cookies are never sent in the clear. Useful for those that login to their WordPress via public wifi.

define( 'FORCE_SSL_ADMIN', true );

↓ 06 – Disable File Editing / Plugin Theme Updates

This will block users being able to use the plugin and theme installation/update functionality from the WordPress admin area. Setting this constant also disables the Plugin and Theme editor.

define( 'DISALLOW_FILE_EDIT', true );

In addition, you can also prevent unauthorized users from updating and installing themes and plugins, and updating WordPress via admin panel.

define( 'DISALLOW_FILE_MODS', true );

↓ 07 – Increasing Memory Allocated To PHP

This option allows you to specify the maximum amount of memory that can be consumed by PHP. This setting may be necessary in the event you receive a message such as “Allowed memory size of bytes exhausted”. If PHP has been allocated 64MB, there is no need to set this value to 64M as WordPress will automatically use all 64MB if need be.

define( 'WP_MEMORY_LIMIT', '128M' );

Administration tasks require much memory than usual operation. When in the administration area, the memory can be increased or decreased from the WP_MEMORY_LIMIT by defining WP_MAX_MEMORY_LIMIT.

define( 'WP_MAX_MEMORY_LIMIT', '256M' );

↓ 08 – Set Cookie Domain

If you use a CDN, such as MaxCDN or JetPack Photon to serve your images, you can set the cookie domain to only your non-static domain to prevent WordPress cookies from being sent with each request to static content on your subdomain. This will reduce unnecessary bytes required for the end user to download, therefore slightly speeding up the site.

define( 'COOKIE_DOMAIN', 'www.example.com' );

↓ 09 – Disable Cron and Cron Timeout

Every time a visitor visits your site, it acts like a pingger and pings your server for a list of things to do. If there is a schedule to be performed, the ping trigger the task such as scheduled posts, delete expired cache, update comment count list and more. Disable Cron if you do not need it.

define( 'DISABLE_WP_CRON', true );

If you have a site with high traffic, you can reduce the server resources by limiting the ping frequency. Make sure a cron process cannot run more than once every WP_CRON_LOCK_TIMEOUT seconds.

define( 'WP_CRON_LOCK_TIMEOUT', 60 );

↓ 10 – Automatic Database Optimizing

There is automatic database optimization support, which you can enable by adding the following define to your wp-config.php file only when the feature is required.

define( 'WP_ALLOW_REPAIR', true );

↓ 11 – Override File Permissions

You can override file permissions, if your host has restrictive permissions for all user files. Most of you do not need this, but it exists for those who need it.

define('FS_CHMOD_FILE', 0644);
define('FS_CHMOD_DIR', 0755);

↓ 12 – Block External Requests

If you need to prevent WordPress from making external requests, add this snippet to wp-config.php:

define('WP_HTTP_BLOCK_EXTERNAL', true);

This will prevent things from happening that normally happen, like updates, dashboard feeds, and data reporting. Fortunately, it’s easy to whitelist (allow access) anything that is needed. Here is an example where we grant access to wordpress.org:

define('WP_ACCESSIBLE_HOSTS', 'wordpress.org');

↓ 13 – Lockdown wp-config.php

As we all know that wp-config.php is one of the most important WordPress files. It is therefore important to make it inaccessible for hackers to manipulate. If your blog is running on Apache Web Server, you can add the following directives to the .htaccess file.

< files wp-config.php>
order allow,deny
deny from all
< /files>

↓ 14 – Change Database Table Prefix

WordPress uses the wp_ table prefix by default. Because it is the default prefix for every site, hackers can guess their way in when there is a bug. If you want a more secure database you can choose a more complicated table prefix. Change the table prefix line from wp_ to something else like this wp_dfah87_.

$table_prefix = 'dfah87_';

Important! Only change the table prefix for a new site, not advisable on a production site.


Leave a Reply

Your email address will not be published. Required fields are marked *