I was updating my wp-config file today, and I found a lot of random stuff added to the end which was from a previous host. I deleted it, as it was not necessary, but I also noticed this code which I’m not sure about. I think the first part is for SSL reasons, but I thought that was taken care of elsewhere, not in my config file? Or am I mistaken? I have noticed when doing research in ahrefs that my site suffers from redirect chains related to http > https, so I’m not sure if this is something to do with that?
The rest of this I do not understand at all. Any help would be really appreciated.
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
/**
* Include tweaks requested by hosting providers. You can safely
* remove either the file or comment out the lines below to get
* to a vanilla state.
*/
if (file_exists(ABSPATH . 'hosting_provider_filters.php')) {
include('hosting_provider_filters.php');
}
Thanks for help.
2
Answers
When in doubt its always a good idea to reference – https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
That aside, the first part you are correct it deals with redirecting to SSL. It is better to use https vs http to avoid the redirect.
Incoming traffic
Request – http > server > redirect to https and returns request
https > server > returns request
The next section is part of a normal wp-config.php file.
The last section is specific to a hosting provider. It mentions it is safe to comment out or remove. If unsure I would contact your current host to see if it is theirs and what it does if so. If not, you are safe to remove.
I will break your code into three parts
1.
To get information about which protocol used between client and load balancer, we can use the X-Forwarded-Proto request header. Using this header, the client can make an HTTP request to an HTTPS-only resource.
The purpose of HTTP_X_FORWARDED_PROTO is to make sure the connection is secure with ssl
Notice:Not in the original file https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
2.
ABSPATH is defined and used for two main purposes
contain Absolute path to the WordPress directory
To deny direct access to files
3.
Added by hosting provider
It can be deleted