Wp config php ada dimana?

Salah satu cara yang paling sering digunakan pada kasus hack cms WordPress adalah metode XSS (Cross-Site Scripting), dimana hacker mendapatkan akses membuka file wp-config.php dan mempunyai informasi akses database yang bisa digunakan untuk memanipulasi data website, termasuk mengubah password admin.

Artikel ini adalah salah satu cara untuk mengamankan file wp-config.php dengan cara memindahkan ke folder lain yang lebih aman, yaitu didalam folder etc.

Berikut langkah-langkah untuk memindahkan file wp-config.php ke folder etc.

1. Copy file wp-config.php ke folder /etc, dengan cara klik kanan – copy
   
   
2. Pastikan file wp-config.php sudah terkopi di folder /etc
   
3. Ubah file wp-config.php asli yang sudah disalin sebelumnya, dengan kode berikut:

   <?php
   include('/home/usernamecpanel/etc/wp-config.php');

   Sesuaikan usernamecpanel dengan username cPanel domain Anda.

   
   

4. Selesai

Kesimpulan: Ini hanyalah salah satu cara tips meningkatkan keamanan WordPress. Alangkah baiknya Anda menambahkan keamanan lainya, seperti pada artikel Tips meningkatkan keamanan CMS WordPress.

Did you read a tutorial that asks you to edit your wp-config file, and you have no idea what it is? Well we’ve got you covered. In this article, we will show you how to properly edit the wp-config.php file in WordPress.

What is wp-config.php File?

As the name suggests, it is a configuration file that is part of all self-hosted WordPress sites.

Unlike other files, wp-config.php file does not come built-in with WordPress rather it’s generated specifically for your site during the installation process.

WordPress stores your database information in the wp-config.php file. Without this information your WordPress website will not work, and you will get the ‘error establishing database connection‘ error.

Apart from database information, wp-config.php file also contains several other high-level settings. We will explain them later in this article.

Since this file contains a lot of sensitive information, it is recommended that you don’t mess with this file unless you have absolutely no other choice.

But since you’re reading this article, it means that you have to edit wp-config.php file. Below are the steps to do it without messing things up.

Video Tutorial

Subscribe to WPBeginner

If you don’t like the video or need more instructions, then continue reading.

Getting Started

First thing you need to do is to create a complete WordPress backup. The wp-config.php file is so crucial to a WordPress site that a tiny mistake will make your site inaccessible.

You will need an FTP client to connect to your website. Windows users can install WinSCP or SmartFTP and Mac users can try Transmit or CyberDuck. An FTP client allows you to transfer files between a server and your computer.

Connect to your website using the FTP client. You will need FTP login information which you can get from your web host. If you don’t know your FTP login information, then you can ask your web host for support.

The wp-config.php file is usually located in the root folder of your website with other folders like /wp-content/.

Simply right click on the file and then select download from the menu. Your FTP client will now download wp-config.php file to your computer. You can open and edit it using a plain text editor program like Notepad or Text Edit.

Understanding wp-config.php file

Before you start, let’s take a look at the full code of the default wp-config.php file. You can also see a sample of this file here.

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

Each section of wp-config.php file is well documented in the file itself. Almost all settings here are defined using PHP Constants.

define( 'constant_name' , 'value'); 

Let’s take a closer look at each section in wp-config.php file.

MySQL Settings in wp-config.php File

Your WordPress database connection settings appear under ‘MySQL Settings’ section of the wp-config.php file. You will need your MySQL host, database name, database username and password to fill in this section.

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

You can get your database information from your web hosting account’s cPanel under the section labeled databases.

If you cannot find your WordPress database or MySQL username and password, then you need to contact your web host.

Authentication Keys and Salts

Authentication unique keys and salts are security keys that help improve security of your WordPress site. These keys provide a strong encryption for user sessions and cookies generated by WordPress. See our guide on WordPress Security Keys for more information.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

/**#@-*/

You can generate WordPress security keys and paste them here. This is particularly useful if you suspect your WordPress site may have been compromised. Changing security keys will logout all currently logged in users on your WordPress site forcing them to login again.

WordPress Database Table Prefix

By default WordPress adds wp_ prefix to all the tables created by WordPress. It is recommended that you change your WordPress database table prefix to something random. This will make it difficult for hackers to guess your WordPress tables and will save you from some common SQL injection attacks.

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

Please note that you cannot change this value for an existing WordPress site. Follow the instructions in our how to change the WordPress database prefix article to change these settings on an existing WordPress site.

WordPress Debugging Mode

This setting is particularly useful for users trying to learn WordPress development, and users trying experimental features. By default WordPress hides notices generated by PHP when executing code. Simply setting the debug mode to true will show you these notices. This provides crucial information to developers to find bugs.

define('WP_DEBUG', false);

Absolute Path Settings

The last part of wp-config file defines the absolute path which is then used to setup WordPress vars and included files. You don’t need to change anything here at all.

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

Useful wp-config.php Hacks and Settings

There are some other wp-config.php settings that can help you troubleshoot errors and solve many common WordPress errors.

Changing MySQL Port and Sockets in WordPress

If your WordPress hosting provider uses alternate ports for MySQL host, then you will need to change your DB_HOST value to include the port number. Note, that this is not a new line but you need to edit the existing DB_HOST value.

define( 'DB_HOST', 'localhost:5067' );

Don’t forget to change the port number 5067 to whatever port number is provided by your web host.

If your host uses sockets and pipes for MySQL, then you will need to add it like this:

define( 'DB_HOST', 'localhost:/var/run/mysqld/mysqld.sock' );

Changing WordPress URLs Using wp-config.php File

You may need to change WordPress URLs when moving a WordPress site to a new domain name or a new web host. You can change these URLs by visiting Settings » General page.

You can also change these URLs using wp-config.php file. This comes handy if you are unable to access the WordPress admin area due to error too many directs issue. Simply add these two lines to your wp-config.php file:

define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');

Don’t forget to replace example.com with your own domain name. You also need to keep in mind that search engines treat www.example.com and example.com as two different locations (See www vs non-www – Which one is better for SEO?). If your site is indexed with www prefix then you need to add your domain name accordingly.

Change Uploads Directory Using wp-config.php

By default WordPress stores all your media uploads in /wp-content/uploads/ directory. If you want to store your media files in someother location then you can do so by adding this line of code in your wp-config.php file.

define( 'constant_name' , 'value'); 

Note that the uploads directory path is relative to the ABSPATH automatically set in WordPress. Adding an absolute path here will not work. See out detailed guide on how to change default media upload location in WordPress for more information.

Disable Automatic Updates in WordPress

WordPress introduced automatic updates in WordPress 3.7. It allowed WordPress sites to automatically update when there is a minor update available. While automatic updates are great for security, but in some cases they can break a WordPress site making it inaccessible.

Adding this single line of code to your wp-config.php file will disable all automatic updates on your WordPress site.

define( 'constant_name' , 'value'); 

See our tutorial on how to disable automatic updates in WordPress for more information.

Limit Post Revisions in WordPress

WordPress comes with built-in autosave and revisions. See our tutorial on how to undo changes in WordPress with post revisions. However, if you run a large site revisions can increase your WordPress database backup size.

Add this line of code to your wp-config.php file to limit the number of revisions stored for a post.

define( 'constant_name' , 'value'); 

Replace 3 with the number of revisions you want to store. WordPress will now automatically discard older revisions. However, your older post revisions are still stored in your database. See our tutorial on how to delete old post revisions in WordPress.

We hope this article helped you learn how to edit wp-config.php file in WordPress and all the cool things you can do with it. You may also want to see our article on 25+ extremely useful tricks for WordPress functions file.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Apa fungsi config php?

Apa yang kamu ketahui tentang nama file konfigurasi di WordPress?