ENV for WordPress

As I don’t know why rails prefer to store such secrets in an environment variable the answer might not be complete, but if the reason is to avoid having it in the code and therefor accessible to everybody with access to the code (via git or misconfigured web server), wordpress has two ways to do something similar

  1. keep it in the DB. This is what most plugins will do. You are at risk if someone can get into you DB, but in that case you are in all kinds of other major trouble as well
  2. wp-config.php can be placed one directory above the web root which contains the core wordpress files and you can place your secret in it. Being out of the web root the file is not accessible from the web and its content can not be read even if web server for some reason lets an outsider read the files. I would assume this is a configuration wpengine uses or supports, you should ask them about it.

And wpengine in the end is a shared hosting with all kinds of shared hosting related limitations, and if you just have to have it as an environment variable, maybe you should look for other hosting provider.

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)