Skip to main content

Application Configuration

config/application.php is the main WordPress configuration file for Scottsdale Mint. It replaces the traditional wp-config.php values and is loaded by web/wp-config.php at bootstrap time.

This file consumes all environment variables from .env and translates them into WordPress constants and configuration values.

File Locationโ€‹

config/
โ””โ”€โ”€ application.php     โ† Main configuration

web/wp-config.php loads it via:

require_once dirname(__DIR__) . '/vendor/autoload.php';
// vlucas/phpdotenv loads .env
$dotenv->safeLoad();
require_once dirname(__DIR__) . '/config/application.php';
require_once ABSPATH . 'wp-settings.php';

Database Configurationโ€‹

// Separate Aurora read/write endpoints
define( 'DB_HOST', env('DB_WRITER_HOST') );
define( 'DB_NAME', env('DB_NAME') );
define( 'DB_USER', env('DB_USER') );
define( 'DB_PASSWORD', env('DB_PASSWORD') );
define( 'DB_CHARSET', 'utf8mb4' );
define( 'DB_COLLATE', '' );

WordPress URLs (Bedrock)โ€‹

define( 'WP_HOME', env('WP_HOME') );
// WP core lives at /wp/ subdirectory
define( 'WP_SITEURL', env('WP_HOME') . '/wp' );
// Content (plugins/themes) lives at /app/
define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/web/app' );
define( 'WP_CONTENT_URL', env('WP_HOME') . '/app' );

Security Settingsโ€‹

// Prevent file editing through the WP admin
define( 'DISALLOW_FILE_EDIT', true );
define( 'DISALLOW_FILE_MODS', true );
define( 'FORCE_SSL_ADMIN', true );

Performance Settingsโ€‹

// External cron โ€” NEVER rely on wp_cron page-load triggers
define( 'DISABLE_WP_CRON', env('DISABLE_WP_CRON') );

// Object caching
define( 'WP_CACHE', env('WP_CACHE', true) );

// Disable auto-updates
define( 'WP_AUTO_UPDATE_CORE', false );

// Disable post revisions (saves DB space)
define( 'WP_POST_REVISIONS', false );

// Effectively disable autosave
define( 'AUTOSAVE_INTERVAL', 9999999 );

Redis / Object Cache Configurationโ€‹

define( 'WP_REDIS_CLIENT', env('WP_REDIS_CLIENT', 'relay') );
define( 'WP_REDIS_HOST', env('YMIR_REDIS_ENDPOINT') ?: env('WP_REDIS_HOST') );
define( 'WP_REDIS_TOKEN', env('WP_REDIS_TOKEN') );

// Performance options
define( 'WP_REDIS_IGBINARY', true );
define( 'WP_REDIS_COMPRESSION', env('WP_REDIS_COMPRESSION', 'zstd') );

$redis_config = [
    'split_alloptions' => true,
    'prefetch'         => false,
    'network_flush'    => 'site',
    'database'         => (int) env('SUMA_REDIS_DATABASE_INDEX', 0),
];
define( 'WP_REDIS_CONFIG', $redis_config );

Email Configuration (WP Mail SMTP / Mailgun)โ€‹

define( 'WPMS_ON', true );
define( 'WPMS_MAIL_FROM', '[email protected]' );
define( 'WPMS_MAIL_FROM_FORCE', true );
define( 'WPMS_MAILER', env('WPMS_MAILER', 'mailgun') );
define( 'WPMS_MAILGUN_API_KEY', env('WPMS_MAILGUN_API_KEY') );
define( 'WPMS_MAILGUN_DOMAIN', env('WPMS_MAILGUN_DOMAIN', 'scottsdalemint.com') );
define( 'WPMS_MAILGUN_REGION', 'US' );

In local environments, WPMS_MAILER is overridden to smtp (MailHog) by config/environments/development.php.

Algolia Configurationโ€‹

define( 'ALGOLIA_APPLICATION_ID', env('ALGOLIA_APPLICATION_ID') );
define( 'ALGOLIA_API_KEY', env('ALGOLIA_API_KEY') );
define( 'ALGOLIA_SEARCH_API_KEY', env('ALGOLIA_SEARCH_API_KEY') );

// Index prefix is set per-environment in config/environments/*.php
// NOT set here โ€” see environment files

Plugin-Specific Configurationโ€‹

// ACF Pro โ€” license for updates
define( 'ACF_PRO_LICENSE', env('ACF_PRO_LICENSE') );

// Yoast โ€” disable PHP redirects (use server-level or CDN)
define( 'WPSEO_DISABLE_PHP_REDIRECTS', true );

// Redis manager capability
define( 'WP_REDIS_MANAGER_CAPABILITY', 'publish_posts' );

// Query Monitor (disabled in production)
define( 'QM_DB_SYMLINK', false );

// Perfmatters
define( 'PWP_NAME', env('PWP_NAME') );

// WP Migrate DB Pro
define( 'WPMDB_LICENCE', env('WPMDB_LICENCE') );

2FA & Sensitive Data Encryptionโ€‹

// WP 2FA encryption key โ€” must match across environments
define( 'WP2FA_ENCRYPT_KEY', env('WP2FA_ENCRYPT_KEY') );

// Sensitive data encryption key (customer identity fields, etc.)
define( 'SENSITIVE_DATA_KEY', env('SENSITIVE_DATA_KEY') );

Plugin Disablerโ€‹

The site disables certain plugins in production environments to reduce overhead or prevent unintended side effects. The disabler is configured via config/class-config-helper.php and invoked in config/environments/*.php:

Disabled in all non-development environments:

$disabled_plugins = [
    'kount-fraud-prevention/kount.php',
    'woocommerce-follow-up-emails/woocommerce-follow-up-emails.php',
    'mainwp-child/mainwp-child.php',
    'woocommerce-shipstation-integration/woocommerce-shipstation.php',
    'walmart-integration-for-woocommerce/walmart-woocommerce-integration.php',
];

Additionally disabled in production:

$disabled_plugins = [
    'query-monitor/query-monitor.php',
];

This uses the Bedrock plugin disabler โ€” plugins are disabled via a WordPress filter, not by removing files.

Suma Patches Configurationโ€‹

// Allow plugin disabling (false = enable the disabler feature)
define( 'SUMA_PATCHES_DISABLE_PLUGINS_ENABLE', false );

// Bypass dev-environment checks
define( 'SUMA_PATCHES_ENABLE_DEV_CHECK', false );

// Bypass update checks
define( 'SUMA_PATCHES_ENABLE_UPDATE_CHECK', false );

IP Address Handling in wp-config.phpโ€‹

The web/wp-config.php file (not config/application.php) handles correct IP resolution when behind CloudFront and/or Cloudflare:

// Force HTTPS protocol
if ( ! empty( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
    $_SERVER['HTTPS'] = 'on';
}

// Extract real visitor IP from CloudFront header
if ( ! empty( $_SERVER['HTTP_CLOUDFRONT_VIEWER_ADDRESS'] ) ) {
    // CloudFront sends the viewer's IP in this header
    $_SERVER['REMOTE_ADDR'] = /* extract IP from header */;
} elseif ( ! empty( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ) {
    // Cloudflare fallback
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}

Always use WC_Geolocation::get_ip_address() in custom PHP code, never $_SERVER['REMOTE_ADDR'].