Why is this an issue?

WordPress makes it possible to define options using define statements inside a configuration file named wp-config.php. However, if the statements are located after the settings are loaded at the end of this file, they are not taken into account by WordPress. This rule raises an issue when a define statement appears after wp-settings.php is loaded.

What is the potential impact?

This issue could entail more serious problems. A configuration that is security related could be ignored and not considered without any warning.

How to fix it in WordPress

Move the define statement before the statement loading wp-settings.php.

Code examples

Noncompliant code example

// in wp-config.php

define( 'WP_DEBUG', false );

/* Add any custom values between this line and the "stop editing" line. */


/* That's all, stop editing! Happy publishing. */

if ( ! defined( 'ABSPATH' ) ) {
        define( 'ABSPATH', __DIR__ . '/' );
}
require_once ABSPATH . 'wp-settings.php';

define( 'WP_POST_REVISIONS', 3 ); // Noncompliant

Compliant solution

// in wp-config.php

define( 'WP_DEBUG', false );

/* Add any custom values between this line and the "stop editing" line. */

define( 'WP_POST_REVISIONS', 3 ); // Noncompliant

/* That's all, stop editing! Happy publishing. */

if ( ! defined( 'ABSPATH' ) ) {
        define( 'ABSPATH', __DIR__ . '/' );
}
require_once ABSPATH . 'wp-settings.php';

Resources

Documentation

• WordPress Developer Resources - wp-config-php