As a leader in WordPress innovation, we regularly rework and enhance our product offerings at WP Engine to better address the needs of our customers. Our platform is Built for Growth, and powering the space where customers can build a digital presence and truly thrive online is the most important thing we do.
To create the best outcomes for our customers, our teams meticulously monitor and review our solutions to identify products that should be added, removed, or updated.
As we continue to optimize our platform to provide the best performance, security, and support in WordPress, we’re excited to share the following overview of our plans for specific product offerings.
WP Engine’s New Advanced Network
In addition to performance benefits, updating to the advanced network helps secure our customer sites with a custom blend of features including Layer 3 & 4 DDoS protection, Cloudflare polish for image compression, HTTP/3 support, and more.
WP Engine’s advanced network is available to all WP Engine customers, and we will be granting access to customer accounts in phases throughout the coming weeks and months.
Being hyper-focused on delivering a platform that’s Built for Growth means making changes or removing features that once served a purpose but no longer align with our future goals.
In that vein, WP Engine will be removing the .htaccess file this year to match industry standards and improve scalability and performance. .htaccess is an Apache configuration, and large .htaccess files have been shown to impact server performance.
Because only a small portion of our customers utilize .htaccess files (and WP Engine teams have been working directly with customers who need to transition their sites away from them), we are removing .htaccess in an effort to break WP Engine-hosted sites’ dependency on Apache servers and open the doors to new features and technologies as they arise.
However, we also understand that customers will need to continue to self-manage certain site traffic behaviors from the User Portal. To ensure continued service, we have built out the Web Rules Engine (WREN), a seamless interface for managing site traffic rules. More information about Web Rules Engine can be found here.
In addition to the wide performance improvements noted above, our new advanced network will provide greater protection against DDoS attacks.
Moving forward, WP Engine will also block the ability for new sites created on our platform to use XML-RPC. XML-RPC is considered outdated by most web standards, and it’s prone to spam and other attacks. Since the introduction of the REST-API, fewer and fewer sites require XML-RPC. Blocking it will ensure the future safety of sites built on our platform.
Finally, WP Engine teams will be making improvements to Remote MySQL. Historically, we have granted direct access to MySQL via TCP port 3306. Moving forward, we will close this port and no longer grant access. Remote MySQL will now be managed via SSH connections. This will act as a deterrent against attacks and will better secure the data that matters most to our customers.
Powering the Freedom to Create With WordPress
Our product and engineering plans are always Customer Inspired first and foremost, allowing us to build a more secure, performant platform where our customers can truly thrive.
To learn more about the changes we’re making and how they might affect your sites on WP Engine’s platform, please reach out to our support team for assistance.