skip to Main Content

I was updating my wp-config file today, and I found a lot of random stuff added to the end which was from a previous host. I deleted it, as it was not necessary, but I also noticed this code which I’m not sure about. I think the first part is for SSL reasons, but I thought that was taken care of elsewhere, not in my config file? Or am I mistaken? I have noticed when doing research in ahrefs that my site suffers from redirect chains related to http > https, so I’m not sure if this is something to do with that?

The rest of this I do not understand at all. Any help would be really appreciated.

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on'; 
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
/**
 * Include tweaks requested by hosting providers.  You can safely
 * remove either the file or comment out the lines below to get
 * to a vanilla state.
 */
if (file_exists(ABSPATH . 'hosting_provider_filters.php')) {
include('hosting_provider_filters.php');
}

Thanks for help.

2

Answers


  1. When in doubt its always a good idea to reference – https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php

    That aside, the first part you are correct it deals with redirecting to SSL. It is better to use https vs http to avoid the redirect.

    Incoming traffic

    Request – http > server > redirect to https and returns request

    https > server > returns request

    The next section is part of a normal wp-config.php file.

    The last section is specific to a hosting provider. It mentions it is safe to comment out or remove. If unsure I would contact your current host to see if it is theirs and what it does if so. If not, you are safe to remove.

    Login or Signup to reply.
  2. I will break your code into three parts

    1.

        if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        $_SERVER['HTTPS'] = 'on'; 
    

    To get information about which protocol used between client and load balancer, we can use the X-Forwarded-Proto request header. Using this header, the client can make an HTTP request to an HTTPS-only resource.
    The purpose of HTTP_X_FORWARDED_PROTO is to make sure the connection is secure with ssl
    Notice:Not in the original file https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php

    2.

        if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');
        /** Sets up WordPress vars and included files. */
        require_once(ABSPATH . 'wp-settings.php');
    

    ABSPATH is defined and used for two main purposes
    contain Absolute path to the WordPress directory
    To deny direct access to files

    3.

         if (file_exists(ABSPATH . 'hosting_provider_filters.php')) {
            include('hosting_provider_filters.php');
            }
    

    Added by hosting provider
    It can be deleted

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search