WordPress should not expose warnings and other verbose data in production. On earth, so many configurations such as multiple revisions are not used in such a depth in most cases. So many of obsessive configurations may slow WordPress down.
We change configuration of WordPress only from wp-config.php so we can have a backup of original configuration and this file can act simply as a restore point to discard all changes in case of any trouble.
Don’t change core files. If there is a critical update, contribute to the WordPress project’s repository. If you have some common optional configurations, add it to a plugin. Respect the project modularity.
define('FS_METHOD', 'direct');
define( 'WP_POST_REVISIONS', 2 );
define( 'EMPTY_TRASH_DAYS', 2 );
define( 'AUTOSAVE_INTERVAL', 180 ); // 3 mins
define( 'WP_ALLOW_REPAIR', true );
define( 'WP_MEMORY_LIMIT', '512M' );
define( 'WP_MAX_MEMORY_LIMIT', '1024M' );
ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);
define( 'WP_DISABLE_FATAL_ERROR_HANDLER',true );
/* SSL behind reverse proxy */
if ((isset($_ENV["HTTPS"]) && ("on" == $_ENV["HTTPS"]))
|| (isset($_SERVER["HTTP_X_FORWARDED_SSL"]) && (strpos($_SERVER["HTTP_X_FORWARDED_SSL"], "1") !== false))
|| (isset($_SERVER["HTTP_X_FORWARDED_SSL"]) && (strpos($_SERVER["HTTP_X_FORWARDED_SSL"], "on") !== false))
|| (isset($_SERVER["HTTP_CF_VISITOR"]) && (strpos($_SERVER["HTTP_CF_VISITOR"], "https") !== false))
|| (isset($_SERVER["HTTP_CLOUDFRONT_FORWARDED_PROTO"]) && (strpos($_SERVER["HTTP_CLOUDFRONT_FORWARDED_PROTO"], "https") !== false))
|| (isset($_SERVER["HTTP_X_FORWARDED_PROTO"]) && (strpos($_SERVER["HTTP_X_FORWARDED_PROTO"], "https") !== false))
|| (isset($_SERVER["HTTP_X_PROTO"]) && (strpos($_SERVER["HTTP_X_PROTO"], "SSL") !== false))
) {
$_SERVER["HTTPS"] = "on";
}File permissions
sudo chown -R www-data:www-data ../wp
sudo find . -type d -exec chmod 755 {} \;
sudo find . -type f -exec chmod 644 {} \;