Best practice for versioning wp-config.php?

Here is how I do it and I haven’t come across anything better than this. I keep a different version of wp-config.php file under version control and then keep a file one directory above which holds all the database credentials and salts/keys. Also this way, I am able to distinguish between the type of setup I am running and do things differently on basis of that.

Here is the wp-config.php I keep under git (https://gist.github.com/1923821):

<?php

/**
* Define type of server
*
* Depending on the type other stuff can be configured
* Note: Define them all, don't skip one if other is already defined
*/

define( 'DB_CREDENTIALS_PATH', dirname( ABSPATH ) ); // cache it for multiple use
define( 'WP_LOCAL_SERVER', file_exists( DB_CREDENTIALS_PATH . '/local-config.php' ) );
define( 'WP_DEV_SERVER', file_exists( DB_CREDENTIALS_PATH . '/dev-config.php' ) );
define( 'WP_STAGING_SERVER', file_exists( DB_CREDENTIALS_PATH . '/staging-config.php' ) );

/**
* Load DB credentials
*/

if ( WP_LOCAL_SERVER )
    require DB_CREDENTIALS_PATH . '/local-config.php';
elseif ( WP_DEV_SERVER )
    require DB_CREDENTIALS_PATH . '/dev-config.php';
elseif ( WP_STAGING_SERVER )
    require DB_CREDENTIALS_PATH . '/staging-config.php';
else
    require DB_CREDENTIALS_PATH . '/production-config.php';

/**
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*/

if ( ! defined( 'AUTH_KEY' ) )
    define('AUTH_KEY', '9*W=5&lt;Rw-)c].9}g?^[:!j]h+Efr&lt;y$&lt;YmV0XOo|lOIujEE}+[R}iAQZ :Sy3wN}');
if ( ! defined( 'SECURE_AUTH_KEY' ) )
    define('SECURE_AUTH_KEY', 'APge3~H;g+b0FyNF&amp;e`$=g?qj9@FQwqFe^Q4(@p#kDa=NR? $Z9|@v*a(tOj*B+.');
if ( ! defined( 'LOGGED_IN_KEY' ) )
    define('LOGGED_IN_KEY', '5l0+:WTpj8#[V|;&lt;Iw;%rkB(A}r++HwT|s[LW!.wt.=5J!b%Z{F1/[LxQ*d7J&gt;Cm');
if ( ! defined( 'NONCE_KEY' ) )
    define('NONCE_KEY', 'zO2cmQX`Kc~_XltJR&amp;T !Uc72=5Cc6`SxQ3;$f]#J)p&lt;/wwX&amp;7RTB2)K1Qn2Y*c0');
if ( ! defined( 'AUTH_SALT' ) )
    define('AUTH_SALT', 'je]#Yh=RN DCrP9/N=IX^,TWqvNsCZJ4f7@3,|@L]at .-,yc^-^+?0ZfcHjD,WV');
if ( ! defined( 'SECURE_AUTH_SALT' ) )
    define('SECURE_AUTH_SALT', '^`6z+F!|+$BmIp&gt;y}Kr7]0]Xb@&gt;2sGc&gt;Mk6,$5FycK;u.KU[Tw$345K9qoF}WV,-');
if ( ! defined( 'LOGGED_IN_SALT' ) )
    define('LOGGED_IN_SALT', 'a|+yZsR-k&lt;cSf@PQ~v82a_+{+hRCnL&amp;|aF|Z~yU&amp;V0IZ}Mrz@ND])YD22iUM[%Oc');
if ( ! defined( 'NONCE_SALT' ) )
    define('NONCE_SALT', '|1.e9Tx{fPv8D#IXO6[&lt;WY*,)+7+URp0~|:]uqiCOzu93b8,h4;iak+eIN7klkrW');

/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/

$table_prefix = 'ft_';

/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
* language support.
*/

define( 'WPLANG', '' );

/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*/

if ( WP_LOCAL_SERVER || WP_DEV_SERVER ) {

    define( 'WP_DEBUG', true );
    define( 'WP_DEBUG_LOG', true ); // Stored in wp-content/debug.log
    define( 'WP_DEBUG_DISPLAY', true );

    define( 'SCRIPT_DEBUG', true );
    define( 'SAVEQUERIES', true );

} else if ( WP_STAGING_SERVER ) {

    define( 'WP_DEBUG', true );
    define( 'WP_DEBUG_LOG', true ); // Stored in wp-content/debug.log
    define( 'WP_DEBUG_DISPLAY', false );

} else {

    define( 'WP_DEBUG', false );
}


/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . "https://wordpress.stackexchange.com/");

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

And here is the local config file which I keep one directory above WordPress root and this also makes it outside the web accessible directory, so in case apache stops parsing PHP files and start throwing them out, our database credentials are still safe (https://gist.github.com/1923848):

<?php

/**
 * WordPress config file to use one directory above WordPress root, when awesome version of wp-config.php is in use.
 *
 * Awesome wp-config.php file - https://gist.github.com/1923821
 */

/* WordPress Local Environment DB credentials */

define('DB_NAME', 'project_21');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

/* Keys & Salts */

define('AUTH_KEY',         '5H%)s-nQ,+fn0gwg/p1UjBTmCQ?l[8-!>Q{MW&?X3DM,OF;TaI<SOOTrl0+-@) *');
define('SECURE_AUTH_KEY',  '+%rr@,XIt-V+[.B9++uH1L,L+r)uq}5(:~=&4~Lk|.LV|y;R}fEo?G}+Sntf_JN}');
define('LOGGED_IN_KEY',    'Szv!gQm9#(L&TUD OnM`>sXGge:m1j`L2 5sO;hRNVhlN>IUED1/`%<[ly-GxVJ ');
define('NONCE_KEY',        'o-Jo;>G#-%~,[ki@REqXV%4^I.HDnc.3]P;e8];4pJt% $xe5K<aOb|a2*QKV4c-');
define('AUTH_SALT',        '8-tQb3d|W8,;Y_#mfuFB.1&b%U2fnlLD|F&yH).tLRX=ANEdNap{78o|9tqv6JPt');
define('SECURE_AUTH_SALT', 'RSa%^qd~T|@+!-;qgh,qK-GJ}zPpgxz#+@v6-I;BMwqT`TzGTtg_^n*ILxGOdbq4');
define('LOGGED_IN_SALT',   ']+XV)YK.Q-EU1vR [BT!Y$!d(J_[AO37OP[Fg[/esFx;6cI-L[^O|cvtw9F[;_*Q');
define('NONCE_SALT',       'iP{nTQBzy&f^hSbwBgyan.v9<+ErvAMi2ymLhz`Tl-fF?HXa(j<W`wA*8U3R#-|w');

This way if the above file is named local-config.php, my system behaves like a local install. If its named staging-config.php, it behaves like a staging install and if its named production-config.php. It helps me have different values of certain constants like debugging have different values under different environments and still have everything under SCM (git). Possiblities are endless and there is no hackery required for different enviornments.

This makes sure you never reveal any sensitive information to public anyway and I use this just to start off any project I work on, I have stronger keys in place by default and as soon as I add them to the second config file one directory above, those are used instead of the ones defined here. Bliss!

Related Posts:

  1. How to rename the wp-config.php file once under version control?
  2. Password in wp-config. Dangerous?
  3. What’s the difference between WP_MEMORY_LIMIT and WP_MAX_MEMORY_LIMIT?
  4. How can I change preview URL?
  5. Override the wp_siteurl and wp_home not work
  6. Changing WP_CONTENT_DIR and WP_CONTENT_URL in wp-config.php does not register?
  7. Missing a temporary folder despite settings in wp-config.php
  8. How to use live images on local install?
  9. WordPress PHP error handling and reporting in production environment
  10. Declaratively Configuring WordPress in XML or JSON or YAML
  11. WP_MEMORY_LIMIT didn’t work in wp-config
  12. Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 20480 bytes)
  13. How to set up gmail SMTP in WordPress
  14. error:-Cannot modify header information – headers already sent by
  15. Changing HTTP URL Port
  16. wp-config.php file permissions
  17. How to update WordPress from the latest trunk
  18. how to use is_admin in wp-config.php
  19. Locked out of WordPress Site Admin after enabling Force SSL on WordPress Https (SSL)
  20. Set wp-content folder to Dropbox folder
  21. Including a 3rd party library in WordPress which needs to be accessible by wp-config
  22. wp-config.php being deleted
  23. Get WP CLI to hide debug warnings and notices in JSON output, same setting as website
  24. Installation Issue WordPress locally – The file ‘wp-config.php’ already exists
  25. What is this file: wp-config-wpe.php?
  26. enable SFTP via SSH keys in wordpress
  27. html lang=”” instead of lang=”en-us” – why?
  28. Why do I get a WAMP homepage when clicking on specific website’s URL on LocalHost?
  29. Creating the wp-config.php file manually
  30. What Does this Code Snippet Do?
  31. WP_Debug not displaying anything
  32. How to reliably set file/folder permissions?
  33. Multiple wp-config.php files in one home directory
  34. Why edits to wp-config.php must come before “That’s all” comment
  35. error log cluttered with undefined DB_USER wp-admin/setup-config.php
  36. Is it possible to override the ABSPATH constant
  37. How to stop fatal error when loading theme template file directly
  38. Should I change wp-config for SSL?
  39. Out of memory errors : how best to track them down
  40. Redefine cookie domain for subdomains
  41. multiple language directories
  42. Error in database connection [closed]
  43. Update wp-config.php and lost pages
  44. error messages in dashboard login
  45. where should I write constants in wordpress?
  46. Issues copying site into local machine
  47. Autosave interval remains default despite wp-config.php defines
  48. Carriage Return control character (^M) found in wp-config-sample.php
  49. Are the wordpress settings (abspath, disable core updates) added by SiteGround of any use after I’ve migrated to a different host?
  50. Need help fixing my wp-config file [closed]
  51. Why was my new WordPress installation’s config page publicly viewable when first installed?
  52. WP_MEMORY_LIMIT didn’t work in wp-config, only within default-constants.php
  53. Cookie set without HttpOnly flag
  54. Changing the wp-config.php broke the site
  55. Publishing WordPress from stage to production server
  56. Define option outside wp-config.php (on WordPress.com)
  57. Site lost all formatting when I attempted to migrate to Bluehost [closed]
  58. Moving wp-config.php one level up – 500 error – Nginx [closed]
  59. How can I configure an SMTP Server?
  60. What should index.php contain on Synology NAS to get external access to WordPress to work?
  61. Remote server does not read `WP_HOME` from wp-config.php when local server does
  62. IP addresses to block to stop WP auto-update?
  63. Concerns over wp-config file [closed]
  64. Not showing old migrated content in website
  65. Read wp-config without loading the rest of WordPress – i.e. wp-settings, etc
  66. Proper way to have multiple installs with a single database
  67. How turn on error reporting without reset?
  68. WordPress installed on a Sub-directory
  69. Editing wp-config.php file asks for another installation
  70. $post->id vs $post->ID problem after using WordPress config bootstrap
  71. ABSPATH not defined?
  72. How to stage a redesigned site on a new webhost while the original site is still live? [closed]
  73. WordPress login redirection not working on Nginx root directory
  74. Plesk login inaccessible after changing site URL
  75. Need help re-connecting local WP-config file to local database
  76. Change of “home” results in timeouts (only on index.php)
  77. wp-config.php randomly will reset to wp-config-sample.php
  78. WP_SITEURL vs WP_HOME link output
  79. What can an attacker do if he has access to my wp-config file?
  80. How to fix wp-login.php gives error 500 after migration?
  81. Change default wordpress FS owner
  82. Define new constants in wp-config
  83. sudden changing of host IP result in crash of the site
  84. Can you define readability settings in wp-config.php?
  85. Can wp-config move cause dashboard not to load?
  86. Unable to change WordPress language (WordPress 4.2.2)
  87. PressPi (WordPress) Broken Layout
  88. How to change WordPress theme file path to a remote server?
  89. Why is WordPress not using $_SERVER[‘SERVER_NAME’] for ‘WP_SITEURL’ and ‘WP_HOME’ as default?
  90. WordPress Redirect on Name Change
  91. Is there any reason why using the same wp-config file might not work in MAMP?
  92. Best function/method to access wp-config?
  93. WordPress still requires FTP information
  94. “Cannot modify header information” warning?
  95. Why would changing ports from 80 to 8080 cause wordpress to act unexpectedly?
  96. Change URL when visiting wordpress site
  97. max_input_vars not updating through wp-config
  98. Disabling zlib compression and enforcing gzip
  99. Can WP-CLI modify database connection details in existing wp-config file?
  100. How to specify server path in code?

Leave a Comment