wp-config.php Builder — Toggle WordPress Constants

9 lines of PHP generated

Turn on debug mode. Leave off in production.

Hide the built-in theme/plugin file editors.

Force SSL for admin and login pages.

Limit stored post revisions to keep the database lean.

Autosave posts every 2 minutes instead of every 60 seconds.

Increase the PHP memory limit for WordPress processes.

Disable WP-Cron and run cron via system scheduler instead.

Disable all automatic updates (core, plugins, translations).

Auto-empty trash after 7 days instead of 30.

Enable the database repair page at /wp-admin/maint/repair.php.

wp-config.php lives at the root of every WordPress install and is one of the first files WordPress loads. It defines the database connection, security keys, the table prefix, and a long list of optional constants that change core behavior. Changes apply on the next PHP request — no database migration or cache rebuild needed.

Where to put your additions

Add new define() calls above the /* That's all, stop editing! */ comment. Constants defined below that line are ignored because WordPress has already pulled in wp-settings.php. Keep credentials and salts at the top of the file and your custom tweaks grouped below them for readability.

Common toggles worth knowing

Debug constants — WP_DEBUG enables PHP notices, WP_DEBUG_LOG writes them to wp-content/debug.log, and WP_DEBUG_DISPLAY should be false on any site that real users can visit.
Revision control — WP_POST_REVISIONS caps stored revisions and keeps the wp_posts table from ballooning on long-lived sites.
Security hardening — DISALLOW_FILE_EDIT hides the built-in code editors and FORCE_SSL_ADMIN forces HTTPS in wp-admin.
Performance — DISABLE_WP_CRON lets you run cron from the real system scheduler, which is much more reliable than triggering it on every page view.

Don't forget the salts

The eight authentication keys and salts (AUTH_KEY and friends) are used to sign cookies. Rotating them logs every user out and invalidates every session cookie — useful after a compromise, annoying if you do it by accident. Generate new values from the official WordPress salt generator.

9 lines of PHP generated

Turn on debug mode. Leave off in production.

Hide the built-in theme/plugin file editors.

Force SSL for admin and login pages.

Limit stored post revisions to keep the database lean.

Autosave posts every 2 minutes instead of every 60 seconds.

Increase the PHP memory limit for WordPress processes.

Disable WP-Cron and run cron via system scheduler instead.

Disable all automatic updates (core, plugins, translations).

Auto-empty trash after 7 days instead of 30.

Enable the database repair page at /wp-admin/maint/repair.php.

Where to put your additions

Common toggles worth knowing

Debug constants — WP_DEBUG enables PHP notices, WP_DEBUG_LOG writes them to wp-content/debug.log, and WP_DEBUG_DISPLAY should be false on any site that real users can visit.
Revision control — WP_POST_REVISIONS caps stored revisions and keeps the wp_posts table from ballooning on long-lived sites.
Security hardening — DISALLOW_FILE_EDIT hides the built-in code editors and FORCE_SSL_ADMIN forces HTTPS in wp-admin.
Performance — DISABLE_WP_CRON lets you run cron from the real system scheduler, which is much more reliable than triggering it on every page view.

wp-config.php Toggle Builder

About wp-config.php

Where to put your additions

Common toggles worth knowing

Don't forget the salts

About wp-config.php

Where to put your additions

Common toggles worth knowing

Don't forget the salts