Skip to content
Tools

wp-config.php Generator

Build a correct wp-config.php without copy-pasting from a 2014 blog post

Runs in your browser. Nothing is uploaded.

Database
Debugging
Hardening
Limits
wp-config.php

Salts are generated in your browser with crypto.getRandomValues(). They are never sent anywhere — but for the record, WordPress's own api.wordpress.org salt endpoint is equally fine; it returns fresh random values over TLS.

About the wp-config.php Generator

Generate a wp-config.php with the constants you actually need — debug logging, memory limits, file-edit lockdown, upload limits, table prefix, and fresh salts. Everything is generated in your browser; nothing is sent anywhere.

FAQ

Questions

Is it safe to generate wp-config.php salts in a browser?

Yes. The salts are produced with crypto.getRandomValues(), the browser's cryptographically secure random number generator, and never leave your machine. For the record, WordPress's own api.wordpress.org salt endpoint is equally safe — it returns fresh random values over TLS. This is a convenience, not a security fix.

Why does this not ask for my database password?

Because you should not type a production database password into a web page, however trustworthy it claims to be. The generated file has a placeholder — fill it in locally, in your editor.

Can I change the table prefix on an existing site?

Not by editing wp-config.php alone. Changing $table_prefix on a live site requires renaming every table AND rewriting two rows in the options and usermeta tables. Change it on a fresh install, or leave it alone.