WordPress customization before installation
Few people know that some customization WordPress you can make before its installation. It is enough to add a few lines in the file wp-config.php. The proposed settings can enhance the safety and convenience of working with WordPress, as well as reduce the burden on database.
If WordPress had a security flaw which allowed evil minded people to use the hacking method known as “SQL injection”, they would easily use the default prefixes on your WordPress database tables to delete them. However, if you have a different table prefix than the default (wp_), they wouldn’t be able to guess that, would they?
So, while setting up a new WordPress website, either change the default value on the installation page or in the wp-config.php file, change the line below:
$table_prefix = 'wooh00yeah_';
Beware: If you want to make this work in an existing WordPress site, you can’t just change the prefix on the wp-config.php file – you’ll get database connection errors. You should use a plugin for that to change the wp-config.php file AND the database tables AND some specific values inside those tables. I recommend the DB Prefix Change plugin.
One of the most relevant precautions for WordPress – it is the replacement of security keys on a random values. Find in your file wp-config.php this lines
define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here');
Then open https://api.wordpress.org/secret-key/1.1/salt/. Copy the generated keys and insert them instead of the default.
WordPress default allows edit files of plug-ins or templates from the admin panel.
And if you have access to a panel of several people, respectively, increases the chance of breaking the site.
To disable the ability to edit files add in wp-config.php the following line:
The revisions feature for posts is enabled by default, but can lead to significant database bloat. Revisions are there so you can revert to a previous version of a post if you need to. If you don’t plan on using revisions to check the “earlier versions” of your posts, you definitely should disable this feature by adding the following line to the wp-config.php file:
define('WP_POST_REVISIONS', false );
However, if you’re fine with revisions but you’re not going to benefit from unlimited copies of your edited posts, you can limit the maximum number of revisions for each posts with this line of code:
define('WP_POST_REVISIONS', 2 );
If you sometimes work on your post for 4 hours, you might find it annoying that WordPress automatically saves the state of your post every 60 seconds. I’ll give credit that it’s not a bad thing but sometimes it’s really, really annoying. Anyways, if you want to set the autosave interval to a higher value, you can do it by defining it in the wp-config.php file like this:
define('AUTOSAVE_INTERVAL', 240 );
And about those, who have installed WordPress. The only thing that would be difficult to change – only $table_prefix. All other settings and customization in WordPress can be done after installation. You can do it right now.