Configure setting wp-config to increase security and optimize WordPress perfomance
The wp-config.php file is like the ‘settings’ list of your WordPress site, it is the bridge between your source code and the MySQL database. It contains important information such as MySQL username and password. This article will show you how to configure wp-config to increase security and optimize WordPress speed.
Below Panpic will introduce some tricks you can use with your wp-config to optimize WordPress speed, as well as enhance WordPress security.
Configure wp-config to increase security and optimize WordPress speed

Move your wp-config.php file location
Generally, WordPress looks for the wp-config file in its web root. By moving the wp-config file location, no one can access it without SSH or FTP access. To move the wp-config.php file location you can refer to the following code:
define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . '../path/to/wp-config.php');
Post Revisions
By default, WordPress automatically saves any modifications. This feature is quite useful, however it can make your Database unnecessarily bloated, making the server need more resources to process, thus slowing down the website. To limit this feature you can use the following code:
define('WP_POST_REVISIONS', 2);
define('WP_POST_REVISIONS', false);
Modify autosave interval
When editing a post, WordPress uses Ajax to automatically save revisions to the post. You may want to increase this setting for a longer delay between autosave or decrease it to make sure you never lose your changes. Default is 60 seconds.
define('AUTOSAVE_INTERVAL', 160); // Seconds
Clean up photo editing
You can skip this section if you are not using the image editor in WordPress. For those of you who are in the habit of using an image editor, not every time you edit an image, alternate copies will be created on top of the existing image. Since WordPress itself will create 3 copies of thumbnail sizes, Medium and Large by default, this does not include the settings in the theme. Thus, there can be a total of 6 or 7 copies of the image created.
define('IMAGE_EDIT_OVERWRITE', true);
With this definition, WordPress will keep only the original set of files plus the set of most recently edited versions, but not all edited versions.
SSL Requirement for Admin and Login
This feature is useful when you want to secure login information and admin area. Useful for those who log into their WordPress via public wifi.
define('FORCE_SSL_ADMIN', true);
Disable Edit files / Install themes, plugins
This will block users from being able to use the plugin and theme install/update functionality from the WordPress admin area. Setting this constant also disables the Plugin and Theme editor.
define('DISALLOW_FILE_EDIT', true);
Additionally, you can also prevent users from updating and installing themes and plugins and updating WordPress through the admin panel.
define('DISALLOW_FILE_MODS', true);
Increase allocated memory for PHP
This option allows you to specify the maximum amount of memory that PHP can use. This setting may be necessary in the event that you receive a message such as the allowed memory size of bytes has been exhausted.
define('WP_MEMORY_LIMIT', '128M');
Administrative tasks require more memory than normal operation. While in the admin area, memory can be increased or decreased from WP_MEMORY_LIMIT by defining WP_MAX_MEMORY_LIMIT.
define('WP_MAX_MEMORY_LIMIT', '256M');
Set cookie domain
If you use a CDN such as MaxCDN, Cloudflare, NitroPack, JetPack Photon to deliver your images, you can set the cookie domain to a dynamic domain to prevent WordPress cookies from being sent with each request to static content on your subdomain. friend. This will reduce unnecessary bytes for the end user to download, thus speeding up the site a bit.
define('COOKIE_DOMAIN', 'www.your-domain.com');
Disable Cron Timeout to Optimize WordPress Speed
Every time a visitor visits your website, it acts as a pingger and pings your server to see the to-do list. If a schedule is made, ping will trigger actions like scheduled posts, delete expired caches, update the comment count list, and more. Disable Cron if you don’t need it.
define('DISABLE_WP_CRON', true);
If you have a high-traffic site, you can reduce server resources by limiting the ping frequency.
define('WP_CRON_LOCK_TIMEOUT', 60);
Override file permissions
You can override file permissions, if your server has limited permissions for all user files. Most of you don’t need this, but it exists for those who need it
define('FS_CHMOD_FILE', 0644);
define('FS_CHMOD_DIR', 0755);
Block external requests
If you need to prevent WordPress from making external requests, add this snippet to wp-config.php:
define('WP_HTTP_BLOCK_EXTERNAL', true);
This will prevent things from happening that often happen, like updates, dashboard feeds, and data reports. Fortunately, it’s easy to whitelist (allow access) for whatever is needed. Here is an example where we give access to wordpress.org:
define('WP_ACCESSIBLE_HOSTS', 'wordpress.org');
Hopefully the content of this article will partly help you enhance the security and optimize the speed of WordPress in a better way.
Good luck