Wordpress is a very popular platform; According to this post from 2015 Wordpress accounts for 25% of websites online. Below, I explore 3 reasons why it’s beneficial for any WordPress developer to use a local configuration file.
1. Control over the server environment
I develop very differently locally than I do in production environments. Locally, I develop with WP_DEBUG enabled. I also use root for my local DB connections (I don’t want to set up new users each time on a private sever). I also have free access to the the PHP version and the php.ini file.
In production (or staging) environments, things are different. Different flags are set, there are different database credentials, different PHP versions, and even different database values. By isolating environmental settings in a local config file, you allow yourself to freely configure it without fear of your settings migrating from server to server.
I use real environment variables when I can, but not every host allows you to define them. When I can’t, a local file works in their place.
Pro-tip: by defining constants like WP_HOME and WP_SITEURL in your local-config file, you set values that cascade throughout the entire WordPress infrastructure. Whether you’re developing in a sub-folder, a sub-domain, or a root directory, all the WP core functions will be relative to these values.
2. Security (sort-of)
With WordPress being one, if not the most, popular CMS platforms available, it’s unfortunately vulnerable to attacks. It’s true that a simple include/require statement doesn’t really make things more secure, but by storing sensitive environment data, like DB connection credentials, in a separate file, it’s at least makes that much harder to break into.
In your local file, you define salts, connection info, specific page/category IDs. In your global file, you define settings that cascade from server to server like post-revision-limits or additional config settings you don’t make editable in the database.
By separating global and environmental settings, you are free to make edits to your wp-config.php file without fear of overwriting any sensitive environment specific data.