[wp-hackers] wp-config.php, wp-load.php, and ABSPATH
wp-hackers at striderweb.com
Wed Sep 9 21:35:20 UTC 2009
As of WP 2.6, users have been able to move the wp-config.php file up
on directory if they choose. In my opinion this was an excellent
change, because it is the final piece in allowing users to completely
remove customizations from within the WordPress directory. (Allowing
moving wp-config being a significant piece of the same process).
There is a remnant of the old system still in wp-config.php, the
directive to create ABSPATH if it does not exist. I'm not sure why
this is there -- perhaps it is a holdover of a much older version of
WP. But if wp-config.php is movable, then this code is no longer
stable, and it's *existence* has encouraged a poor coding practice
among plugin authors.
A problem that arises is plugins that do sort of "stand alone" things
but want to access the database -- a common thing to do is to call wp-
config.php directly to get the login info, rather than wp-load.php.
Again, this is unstable because wp-config.php may have moved, and even
if the plugin correctly knows to look up a directory, it will get
tripped up if it then tries to call another file and bases the path
off of ABSPATH.
While plugin authors *can* just call wp-load.php, which is safer and
more stable, it appears to be quite common to do it the other way.
Here is my proposal: We should assert, in documentation and in code,
that any time a plugin or process wants to access parts of WP
(including the database), it should call wp-load.php. We should do
this via changes within the Codex, and inline documentation, and we
should also do this by eliminating the ABSPATH define() in wp-
At the very least, we should put a "deprecated" call with the define()
in wp-config, so that if it does happen, there is a notice to the log
that "You should not call wp-config.php directly. Call wp-load.php
instead." Then a version or two down the road we can get rid of the
What think ye?
P.S. -- Why yes, I do get troubleshooting questions about this. Why
do you ask?
More information about the wp-hackers