Configuration & Secrets

Environment Configuration

This project utilizes a .env file approach to manage sensitive information and environment-specific settings. This ensures that secrets are never committed to version control and allows for seamless transitions between local, staging, and production environments.

The .env File

Before running the application, you must create a .env file in the root directory. You can use the provided .env.example as a template.

cp .env.example .env

Required Variables

The following variables are required for the application to interface with the database and handle encryption.

| Variable | Description | Example | | :--- | :--- | :--- | | DB_NAME | The name of the WordPress database. | wordpress_db | | DB_USER | Database username. | db_admin | | DB_PASSWORD | Database password. | your_secure_password | | DB_HOST | Database host address. | localhost or db | | WP_HOME | The full URL to the site home. | https://example.com | | WP_SITEURL | The full URL to the WordPress core files. | https://example.com/wp |

Security Salts and Keys

WordPress requires a set of unique keys and salts to enhance the encryption of information stored in user cookies. These must be defined in your .env file.

You can generate these values using the official WordPress.org secret-key service.

AUTH_KEY='put your unique phrase here'
SECURE_AUTH_KEY='put your unique phrase here'
LOGGED_IN_KEY='put your unique phrase here'
NONCE_KEY='put your unique phrase here'
AUTH_SALT='put your unique phrase here'
SECURE_AUTH_SALT='put your unique phrase here'
LOGGED_IN_SALT='put your unique phrase here'
NONCE_SALT='put your unique phrase here'

Debugging and Environment Modes

Control the behavior of the application by setting the WP_ENV variable. This determines how errors are handled and which constants are enabled.

Environment Toggles

| Variable | Values | Description | | :--- | :--- | :--- | | WP_ENV | development, staging, production | Sets the global environment context. | | WP_DEBUG | true, false | Enables/disables WordPress debug mode. | | WP_DEBUG_LOG | true, false | Writes errors to /wp-content/debug.log. | | SCRIPT_DEBUG | true, false | Forces WP to use non-minified scripts/styles. |

Usage Example (.env):

WP_ENV='development'
WP_DEBUG=true
WP_DEBUG_LOG=true
WP_DEBUG_DISPLAY=true

Application Constants

While the .env file manages secrets, wp-config.php maps these values to WordPress constants. This project follows a "Constants First" approach where the configuration logic is internal, but users can override behavior via the environment.

Database Table Prefix

By default, the table prefix is set to wp_. To change this for security or multi-site purposes, update the following variable:

DB_PREFIX='custom_prefix_'

Memory Limits

If your environment requires specific memory allocations (e.g., for heavy plugins or media processing), define these in your .env:

WP_MEMORY_LIMIT='256M'
WP_MAX_MEMORY_LIMIT='512M'

Automatic Updates

To control the automatic update behavior of the WordPress core:

# Disable all automatic updates
AUTOMATIC_UPDATER_DISABLED=true

# Control core updates (minor, true, false)
WP_AUTO_UPDATE_CORE='minor'