CODEWITHSUNDEEP
phpwordpress
Katie Reed
Katie Reed

Reputation: 9

Code in my wp-config file I do not understand and need help deciphering

I was updating my wp-config file today, and I found a lot of random stuff added to the end which was from a previous host. I deleted it, as it was not necessary, but I also noticed this code which I'm not sure about. I think the first part is for SSL reasons, but I thought that was taken care of elsewhere, not in my config file? Or am I mistaken? I have noticed when doing research in ahrefs that my site suffers from redirect chains related to http > https, so I'm not sure if this is something to do with that?

The rest of this I do not understand at all. Any help would be really appreciated.

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on'; 
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
/**
 * Include tweaks requested by hosting providers.  You can safely
 * remove either the file or comment out the lines below to get
 * to a vanilla state.
 */
if (file_exists(ABSPATH . 'hosting_provider_filters.php')) {
include('hosting_provider_filters.php');
}

Thanks for help.

Upvotes: 0

Views: 949

Answers (2)

Mahdi Torkaman
Mahdi Torkaman

Reputation: 1

I will break your code into three parts

1.

    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    $_SERVER['HTTPS'] = 'on';

To get information about which protocol used between client and load balancer, we can use the X-Forwarded-Proto request header. Using this header, the client can make an HTTP request to an HTTPS-only resource. The purpose of HTTP_X_FORWARDED_PROTO is to make sure the connection is secure with ssl Notice:Not in the original file https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php

2.

    if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');
    /** Sets up WordPress vars and included files. */
    require_once(ABSPATH . 'wp-settings.php');

ABSPATH is defined and used for two main purposes contain Absolute path to the WordPress directory To deny direct access to files

3.

     if (file_exists(ABSPATH . 'hosting_provider_filters.php')) {
        include('hosting_provider_filters.php');
        }

Added by hosting provider It can be deleted

Upvotes: 0

Bazdin
Bazdin

Reputation: 1069

When in doubt its always a good idea to reference - https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php

That aside, the first part you are correct it deals with redirecting to SSL. It is better to use https vs http to avoid the redirect.

Incoming traffic

Request - http > server > redirect to https and returns request

https > server > returns request

The next section is part of a normal wp-config.php file.

The last section is specific to a hosting provider. It mentions it is safe to comment out or remove. If unsure I would contact your current host to see if it is theirs and what it does if so. If not, you are safe to remove.

Upvotes: 1

Related Questions