Securing keys with DotEnv 5.2 using Composer in Wordpress

Storing access keys is an integral part of development. Secure key storage becomes critical with multiple environments such as staging, development, and production. Specifically for WordPress, the key concerns are not disclosing keys in version control and securing the wp-config.php file. 

While there are multiple ways to do this, key storage becomes simple with DotEnv using Composer. In this post, we’ll take a look at the uses of DotEnv using Composer in WordPress.

Let’s begin by installing the vlucas/phpdotenv package using Composer.

Step 1

WordPress commonly exists in the htdocs folder in a local environment (using XAMPP or MAMP). Switch to this directory or the root directory where WordPress exists. Enter the following commands,
with basic arguments such as the name and description,

Composer init
DotEnv in wordpress 1

The above command creates the composer.json file in the root directory.

You can also create the composer.json file as shown below,

DotEnv in wordpress 2

Note: We’ve installed the latest version, 5.2, of vlucas/phpdotenv.

Step 2

After creating a composer.json file, enter the following command,

composer install
DotEnv in wordpress 3

This command creates the vendor directory with the required packages and their dependencies.

Step 3

Now let us create the .env file as below in the WordPress root directory (in my case, it is in the ‘htdocs’ folder) with secret keys or variables needed for the project.

DotEnv in wordpress 4

We are now nearing the finish line. 

Step 4

Each time you wish to use DotEnv environment variables, you can add the following code at the beginning of the file. 

DotEnv in wordpress 5

For example, if you wish to use these environment variables in the WordPress wp-config.php file, then you should add the above code to the top of the file as follows,

You can access the environment variables DB_NAME using $_ENV[‘DB_NAME’] in any PHP file in the above code.

Step 5

This is the last step where the .env file is added to your .gitignore file. This addition prevents disclosure in the repository or version control.

Learn More about Encora

We are the software development company fiercely committed and uniquely equipped to enable companies to do what they can’t do now.

Learn More

Global Delivery

READ MORE

Careers

READ MORE

Industries

READ MORE

Related Insights

Online Travel Agencies: Some Solutions to changes in booking and commission attributions

Discover how we can simplify travel changes for both travelers and OTAs using blockchain and ...

Read More

The AI-Powered Journey: How AI is Changing the Face of Travel

As travel elevates itself into an experience where every journey is as unique as the travelers ...

Read More

Enhancing Operational Excellence with AI: A Game-Changer for the Hospitality Industry

By AI, the hospitality industry can offer the best of both worlds: the efficiency and ...

Read More
Previous Previous
Next

Accelerate Your Path
to Market Leadership 

Encora logo

Santa Clara, CA

+1 669-236-2674

letstalk@encora.com

Innovation Acceleration

Speak With an Expert

Encora logo

Santa Clara, CA

+1 (480) 991 3635

letstalk@encora.com

Innovation Acceleration