.htaccess Deprecation

WP Engine has decided to deprecate the .htaccess file for all customers. This article discusses why as well which alternatives we recommend to replace directives.

Some websites will retain grandfathered support of the .htaccess temporarily. Learn more here.


What is the .htaccess file and why is it being deprecated?

Apache servers are used to execute the PHP code that WordPress runs on. The .htaccess is an Apache configuration file that a web admin can use to tell Apache how to interact with a website. It can control any number of things on a site-by-site basis, like how your URLs are formed or restricting access to a directory.

.htaccess files have a performance implication on sites leveraging the Apache backend server. .htaccess files are read recursively, which can lead to file system reads on every page load on your site. On smaller sites this doesn’t lead to a big impact, but as the number of directories on a site gets larger, there is an impact those file system crawls have on performance. You can read more about the Apache recommendations around this in “When (not) to use .htaccess files” from Apache.org.

Most importantly, .htaccess files tie our architecture to Apache as a backend web server. As new exciting technologies arise, and open up new features and performance we’d like to make available to our customers, it becomes paramount to break that dependency as we evolve as a Digital Experience Platform. We’re incredibly excited at the evolution, and the velocity we’ll be able to deliver as part of this change in the future.

We recognize the overhead this will have on our customers as they prepare for upgrades. We believe it’s in the best interest of our customers, and our platform to deprecate and eventually remove .htaccess support going forward. We’re committed to smoothing out the transition period, and making platform changes as we encounter challenges only resolved, or more easily resolved using .htaccess configuration. If you’re in a situation where you don’t know the best course of action, or believe that the .htaccess is the only manner in which to accomplish your goals, please do not hesitate to reach out to our Support team. They’ll be able to help ease this transition, and raise issues to our development teams to address the shortcomings this deprecation creates.

While our data suggests only a small amount of customers leverage this feature on our platform, we recognize that there are those that do rely on this functionality. As previously stated, we’re committed to smoothing this transition, and will be more than happy to assist with recommendations. We’ll include more in this document as time goes on and we suggest reviewing our list of alternatives below and testing any changes on a Staging or Development environment first.

While our Support team does not support PHP or code development, if you have any questions or concerns about this change, please reach out to our Support team at any time.

Some websites will retain grandfathered support of the .htaccess temporarily. Learn more here.


Default WordPress .htaccess Directives

By our analysis, most WP Engine websites will not require any extra changes to the .htaccess as they are using a default WordPress version of this file.

Default WordPress rewrites will be handled by WP Engine directly from the Apache server level. Therefore, if your .htaccess files looks like any of the following then this deprecation will not impact your website.

Default WordPress .htaccess

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Subdomain Multisite .htaccess

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*.php)$ $1 [L]
RewriteRule . index.php [L]

Subdirectory Multisite .htaccess

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*.php)$ $2 [L]
RewriteRule . index.php [L]

Directives and Alternatives

If your site is using .htaccess directives outside of the default WordPress rules (above), we have put together a list of recommended alternatives.

DirectivePurposeAlternative
Deny from allRestrict access
  • By default, PHP files have guards at a platform level that prevent them from being served. Other static files are served by Nginx and not Apache.
  • Nginx rules can be added to replicate this behavior if needed by contacting Support.
Allow from allAllow access
  • PHP files have guards at a platform level that prevent them from being served. Other static files are served by Nginx and not Apache.
  • Nginx rules can be added to replicate this behavior if needed by contacting Support.
RewritesForces redirects and rewrites
SetHandlerSpecifies how to handle certain file types
  • None
  • Static assets are served by Nginx and not Apache (where the .htaccess would be processed).
Option-indexIgnore*Prevent directory browsing
  • None
  • WP Engine already disallows indexing of directories by default.
mod_ HeadersHeader tweaking
  • Headers should be sent with PHP code.
AddTypeAdds MIME type support for app type
  • Static assets are served by Nginx and not Apache (where the .htaccess would be processed).
  • If additional rules are desired, they can be added to the Nginx config by contacting Support.
CachingSets cache expirations
  • WP Engine manages caching rules at a server level for you, by default.
  • Additional caching rules can be managed in PHP code.
  • Extra caching rules for static assets can be applied to Nginx by contacting Support.
SecurityDisable PHP processing (Ex: Akismet and Gravity Forms)
  • WordPress plugins often add security rules to the .htaccess. WP Engine already applies these rules by default at a server level.
  • Plugins should handle additional directives in their PHP code.

Handling 301 and 302 Redirects

If your site has redirects in the .htaccess, they will need to be relocated in order to remain both functional and optimized. It is always recommended to consolidate as many rules as possible using RegEx regardless of the number of redirects needed or how they are applied.

Fewer Than 1000 Redirects

More Than 1000 Redirects

  • Importing redirects into the WP Engine Nginx configuration will not be efficient at this quantity, due to bloating and overhead.
  • We suggest loading redirects into the Redirection plugin or, if you’re using Yoast SEO, manage redirects in Yoast Premium

Bulk Migrate Redirects from the .htaccess

All of the recommended redirect alternatives allow the bulk import of Apache (.htaccess-formatted) redirects. This means importing existing redirects from the .htaccess can be done quickly and easily, and does not require redirects be moved one at a time. Simply copy the rules from your .htaccess file, then import using the guide:


Web Rules

Managing web access rules can now be done from your User Portal as an alternative to placing these rules in the .htaccess.

This page allows you to block/allow IPs, limit traffic based on header, or manage traffic by request type. All websites on WP Engine automatically have this Web Rules page enabled.

Learn more about managing web rules here.


Grandfathered Upgrades

Websites that have their PHP version changed by WP Engine’s automated security process will be grandfathered into temporary .htaccess support.

This is not a permanent feature and you should use this brief timeframe to make any final changes required to remove the .htaccess from your website.

For these grandfathered websites, the .htaccess support option will be enabled by default and can be toggled off from the Web Rules page of the User Portal by selecting another option:


NEXT STEP: Learn how to test and upgrade to a new PHP version