Is it possible to change wp-config.php via functions.php or plugin?
Ideally, config.php shouldn’t be writeable by theme or plugin files to ensure WordPress security standards. However, there are certain cases when you might want to make changes to wp-config constants. Making wp-config writeable or changeable by other themes/plugin files is not recommended. Think of a case when you did hard work and ran your WordPress […]
In adherence to our rigorous editorial policy, this article's content has undergone careful testing for accuracy and trustworthiness and hence, this content is marked source of information. View editorial history of this content.
Ideally, config.php
shouldn’t be writeable by theme or plugin files to ensure WordPress security standards. However, there are certain cases when you might want to make changes to wp-config constants.
- Making wp-config writeable is not recommended
- By default, no ideal mechanism is available to modify wp-config via another file
- Cases when theme/plugin author might need to update wp-config constants
- Positive Cons of Changes to wp-config via other files
Making wp-config writeable or changeable by other themes/plugin files is not recommended.
Think of a case when you did hard work and ran your WordPress site successfully and it got errors due to another theme/plugin trying to modify the wp-config contents. Not good, right?
You can easily, very quickly, get hacked if you allow changes to the wp-config theme/plugin file. In other words, you will open the door for everyone to come into your website code files and make changes as they want. I think you clearly don’t want it.
Ideally, there is no way to make changes in wp-config via other WP theme/plugin files.
By default, considering the security, Worpdress hasn’t introduced any mechanism to make changes or override the contents of wp-config
file contents with an exception of some setting constants.
For example:
If you want to change database constant values which reside in wp-config, you cannot do it from other files. This makes sense.
If you want to update the file upload size or maximum time for script execution, you can change it directly within wp-config and not from other files. This also makes sense.
On the other hand, if you want to disable post revisions for a specific post type or enable the use of the WordPress media uploads features, you can do it via theme’s functions.php or plugin file.
You can also create rest routes, custom endpoints, rewrite rules, add new database tables, or more via theme/plugin files.
Scenarios when a WP theme/plugin developer might want to update wp-config via theme/plugin directory files
Consider a case where a developer is trying to build a ready-to-use and complete solution for non-tech and low-budget business owners. Instead of guiding or just adding written recommendations or teaching the technical solutions to non-tech people, a plugin author might want to do the following:
- Add an option in the backend to change the AutoSave interval for posts.
- Disable/Enable caching on WordPress
- Saving queries for analysis
- Enable/Disable WP-Cron for scheduled tasks
- Change the number of days to keep trash items
There could be many other rationales for modifying wp-config by a theme/plugin author.
What to do when a theme/plugin forcefully wants to make changes to wp-config for good?
Firstly understand that changing WordPress core constants from the theme/plugin directory is not recommended. Moreover, providing an option (even to non-tech owners or newbie developers) to update modifiable wp-config constants is not recommended.
Secondly, know the type of constant you are trying to update. Analyze the use of that constant to figure out if we can change it from functions.php or plugin file or not. If it’s not a database or core related, such as auto-saving timing, here is how to do it.
Disclaimer
These steps are meant for a good cause and informational purposes only. We highly recommend consulting and hiring a website maintenance or support team to let them make changes after the feasibility and requirement analysis of your particular case.
- If the constant is already defined in wp-config via the define() method, just override it again using define() within the theme or plugin.
- If the constant is not already defined in wp-config OR you don’t know if it is defined or not, just define it again and tolerate some initial undefined warnings thrown upon loading. These warnings can be disabled for display by adding
define( 'WP_DEBUG_DISPLAY', false)
inwp-config
(recommended) or in functions.php.
Positive Cons of updating wp-config constants via theme/plugin files
WordPress has a default loading hierarchy and priority setting. Starting from index.php
loading the WordPress core header to reaching the theme and plugins at the end, you might not see the quick effect of overridden values for a while.
As soon as the WP reaches your part of the code, it’ll update the default or previous value. Therefore, you might see the effect of your changes late and this makes sense.
Since overriding wp-config constants from other files are not right, neither recommended, nor obvious mechanism is available, therefore, tolerating this delay in value change shouldn’t be frustrating.
Digital Setups has enforced a strict sourcing policy. Every content piece published on our website is passed through strict editorial review for contextual correctness, communication ethics, and programmatic tests wherever required. Our team research solutions from only credible, authentic, and trustworthy sources. Learn more about our editorial process.
This article may have additional citations but they are not yet reviewed for trustworthiness. We will add them here at our earliest.
This article may have additional citations but they are not yet reviewed for trustworthiness. We will add them here at our earliest.
Based on our editorial policy, we update our content time to time to ensure its usefulness, reliability, and validity.
Our standardized editorial process ensures right, timely, and usefulness updates to our content. Your honest opinion drives significant improvement to our content. We appreciate you are taking time to share that.
Readers who read this also found these helpful:
- Verify Company Registration Status of Any Country
- Monetize Facebook Page with Google AdSense
- Take back your business name used by someone on Social Media
- Misleading or Clickbait Push Notification Hurts SEO
- OPTIONS / RTSP/1.0″ – Apache Access Log Entry
- Keyword Density in SEO
- Apache Access Log Entry: CONNECT Method
- Does Hiding Actual Content with Captchas Impact SEO?
- Search Console: Fix “Alternate page with proper canonical tag” Error in Page Indexing
- Stripe Alternatives in Pakistan – 2022 Update