How to Create a wp-config.php File

This is a step-by-step guide to creating the wp-config.php file to make your WordPress site work. In order to be quick and easy to follow even for inexperienced users, it only covers the very basics needed for the website to work. For more advanced settings, tips and troubleshooting, see wp-config.php – All You Need to Know and More.

Have These Ready

Before we start, make sure you have the following things ready:

1) WordPress files copied to your server where your website’s domain points. The files typically contain three directories (wp-admin, wp-content, wp-includes), each of them with further subdirectories, and several files in the root outside these directories, including index.php, wp-login.php, wp-settings.php, wp-config-sample.php (remember this one – it will be useful) and some others. You must have all these directories and files in place – if some are missing, your website might not work and show errors now or at some point in the future. You can download all from

WordPress files

2) A database on your server – either empty (if this is a new website) or with existing tables and data (if you are moving an existing website to this location from somewhere else or fixing a broken site). You need to know the database name, username and password. You can set and check these in the “MySQL Databases” section of your cPanel – the link to enter that section looks like this:

cPanel MySQL Databases link

Create wp-config.php from wp-config-sample.php

The wp-config.php is a standard php file. It is perfectly possible to write it from scratch, but the easiest way to create it is by modifying an existing file. There is the already mentioned wp-config-sample.php file in the root folder of your WordPress installation (in the same folder where you see the directories wp-admin, wp-content and wp-includes).

Copy it to your computer (it’s always best to keep an original copy before you start modifying anything).

Rename it to wp-config.php (remove “-sample”).

Open it in a text editor (such as Notepad, which is part of Windows). Make the following changes.

Change the Content of wp-config.php

When you look at the content of wp-config.php (made from wp-config-sample.php), most of it is actually comments designed to help you understand what a particular piece of code is doing. The important rows which actually do something typically begin with “define” and look like:

define(‘something1’, ‘something2’);

where the first ‘something1’ is a variable name and the second ‘something2’ is the value.

Also note there is a semicolon at the end of these rows – make sure it stays there; it’s quite important in php files. The only thing you will change is the second ‘something2’ text in some of the rows.

So let’s do one by one. You should find them in your wp-config.php file in this order from top to bottom.

1) Enter database name

Find the row which says

define(‘DB_NAME’, ‘database_name_here’);

and replace ‘database_name_here’ with the name of your database. Make sure to keep the single quotes there.

For example, if your database is named “mike9_mysite”, this row will become:

define(‘DB_NAME’, ‘mike9_mysite’);

Note: If you are on shared hosting, the database names will commonly be two parts separated by an underscore, with the first part being your hosting username, such as “mike9” and the second part being the name you have chosen for the database, such as “mysite”. If this is the case, make sure you enter the entire thing to wp-config and not just ‘mysite’.

2) Enter database user

Find the row which says

define(‘DB_USER’, ‘username_here’);

and replace ‘username_here’ with the username which you have set to access the database on your server. Again, if you are on shared hosting, the database username might include a prefix like your hosting username.

3) Enter database password

Find the row which says

define(‘DB_PASSWORD’, ‘password_here’);

and replace ‘password_here’ with the password you have set for the database user to access the database.

Important note on security: This is usually (and should be) different from the password you use to log into your webhosting account. Although generally strangers should not be able to see the content of your wp-config.php file (more about protecting it here), the best practice for security is to never type an important password in a file like this. You won’t need to remember this password and probably won’t use it for anything from now on (this is NOT the password you will use to log into WordPress admin area to add posts and manage your website). Furthermore, if you happen to need this password for any reason in the future, it is always there for you to see in the wp-config.php. So feel free to make it long and strong. Do not use a password which you are using for other things, especially important things like email, internet banking etc.

4) Database host – keep ‘localhost’ if in doubt

For most people this won’t need to be changed. It is already set in the row which says

define(‘DB_HOST’, ‘localhost’);

and ‘localhost’ works fine in most cases (because the DB_HOST variable sets the database server and usually the database will be on the same server as the WordPress files, hence ‘localhost’). If you are not sure, keep it there. If you come to the end of this guide and then see an error, then you might want to confirm the host with your hosting provider, but ‘localhost’ usually works fine.

5) Database charset and collate – don’t touch them

The next two rows are

define(‘DB_CHARSET’, ‘utf8’);
define(‘DB_COLLATE’, ”);

Unless you absolutely know what you are doing, do not change these.

6) Authentication Unique Keys and Salts – enter random strings

Then there are eight rows which all look quite similar:

define(‘AUTH_KEY’,         ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’,  ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’,    ‘put your unique phrase here’);
define(‘NONCE_KEY’,        ‘put your unique phrase here’);
define(‘AUTH_SALT’,        ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’,   ‘put your unique phrase here’);
define(‘NONCE_SALT’,       ‘put your unique phrase here’);

The wp-config-sample.php file usually contains short comment which explains what they do, but you don’t need to worry about that at this point. The important thing is to replace the ‘put your unique phrase here’ with some long random strings (different for each row). There is a generator for this available here:

Simply replace the eight rows in your wp-config.php with the rows you will find when visiting the link above (it generates different strings every time you refresh the page).

7) Database table prefix

Finally, the last of the essentials. This row does not start with a define and looks like this:

$table_prefix  = ‘wp_’;

Table prefix is a short string which is attached at the beginning of all WordPress table names.

Every WordPress database consists of several tables which store data for the posts, categories or settings and have standardized names like “posts”, “terms” or “term_relationships”. It is also possible to store data for multiple WordPress websites in one database and that is when the table prefix becomes important, in order to make the table names unique. For example, if you have two travel websites in one database, you will set different table prefixes like ‘london_’ and ‘paris_’ and, for instance, the tables storing post text will be “london_posts” for one website and “paris_posts” for the other.

If your website is new and if you only have one website or have a different database for each of your websites, this is not that important and you can keep it as ‘wp_’ (good to distinguish the WordPress tables if your database also contains data other than WordPress, such as customer emails) or change to something you like (if you are paranoid about security like me, you can consider customizing the prefix as another layer of security). In any case it is best to keep the underscore at the end to keep the table names clean.

If you are creating wp-config for an existing website (e.g. when moving it to a new server) whose database already contains WordPress tables with data, make sure that the table prefix you set here matches the existing prefix. Otherwise the website will behave as a new WordPress site and go through the installation again, creating new empty tables and using them in place of the ones with your existing content.

Advanced Settings

We have gone through all the essential settings and now your wp-config is ready to take your website live.

Nevertheless, besides the items discussed above, wp-config allows further customization of WordPress and you can actually see several other “define” rows in the file you have (and you can add many more).  This is beyond the scope of this guide, but you can find some tips and tricks on the all you need to know and more wp-config page.

Upload wp-config.php to Server

The last step is to upload your wp-config.php file to your server. It should go in the same location where you have found wp-config-sample.php – to the root directory of your website, the one which also contains wp-admin, wp-content and wp-includes directories.

If your website is new, now you can type its address ( into your browser and you should see the WordPress installation page, where you will set your WordPress username, email and password. As soon as you enter these and confirm, the WordPress tables will be generated in the database according to the specifications in wp-config and your website is ready to use and add content.

If your website has already had content in the database, there are no more steps needed and it should work in the same way as it did in its previous location. But make sure to visit a few pages and log into wp-admin to check that it works.