WP Engine

Platform Settings

On this page: This page offers answers to common questions about default platform settings, WordPress settings, and server configuration settings

Tags: configuration, development, media, memory, module, php, settings, WordPress

Updated: February 21st, 2020

This page offers answers to common questions about default platform settings, WordPress settings, and server configuration settings. You can use this as a quick reference for many settings and how they are configured or changed.

WordPress Memory Limit
Maximum File Upload Size
Post Revisions
Sending Email
TLS Version
GZIP Compression
Max Execution Time
CORS Headers
Server Modules
Disabled Functions
PHP Version
MySQL Version
mod_security
Miscellaneous
Configuration Files

WordPress Memory Limit

The default WordPress Memory Limit is 40MB for a single site, or 64MB for a Multisite network.

These values can be increased to a maximum of 512MB by inserting the following lines under the “WP Engine Settings” section in your wp-config.php file:

define( 'WP_MEMORY_LIMIT', '512M' );

If you want to define a separate higher or lower memory for the WordPress admin area of the site, can add the following line after the one above:

define( 'WP_MAX_MEMORY_LIMIT', '512M' );

WooCommerce recommends setting this value to at least 128MB. You are free to define whichever memory value works best for your site, as long as it does not exceed 512MB.

Maximum File Upload Size

The default maximum upload file size for sites is 50MB.

To increase max file upload size up to 200MB by contact Support. Any files larger than 200MB must be uploaded via SFTP.

Increase max file upload size for multisite

In additional to the above, you will need to update the network upload size.

  1. Login to your WordPress admin dashboard
  2. Click My Sites
  3. Select Network Admin
  4. Click Settings
  5. Locate Max upload file size
    • Note that the size here is in KB

Post Revisions

WordPress Post Revisions or autosaves store a record of each saved draft or published update for a post. This system allows a user to see the last few changes that have been made to a post. Post revisions also allow the user to restore a page or post to a previous version.
While great in theory, revisions cause the database to grow exponentially and a large database can directly impact site performance. Every WP Engine site has WordPress revisions disabled by default. It’s our recommendation to keep revisions disabled to assure optimal site speeds and use a separate editor for managing content prior to publishing.

Revisions can only be enabled by contacting Support. Revisions cannot be enabled in the wp-config.php or php.ini files, as this will be overwritten again at the server level.

  • Support can help you enable up to 5 revisions for posts, but we recommend starting with 3
  • Old revisions will be automatically removed after 60 days

If you migrated a site with existing revisions that you would like to preserve, reach out to support to have revisions enabled.

NOTE: This is not a retroactive change. It will not add revisions for existing posts, only allow revisions to be stored moving forward.

If you would like to clean up your database and delete any existing database revisions, the following query can be run from phpMyAdmin.

DELETE FROM wp_posts WHERE post_type = “revision”;

Sending Email

WP Engine does allow general WordPress emails such as password resets to be sent through WordPress. However, for sending large amounts of email such as a newsletter or email blast we require the use of an email API or an SMTP plugin.

Port 25 is blocked for all services. We highly recommend using an email service that sends email via API, or an alternative port (such as port 2525).

More on WP Engine email policy can be found here.

TLS Version

All WP Engine servers have TLS 1.2 and 1.3 enabled by default.

TLS 1.0 and 1.1 will be deprecated on March 31st. As TLS 1.0/1.1 deprecation is happening across the industry, we will not be offering the option for customers to defer or opt into a version lower than TLS 1.2. For a majority of customers, an update to TLS 1.2+ should not cause any noticeable impact.

Check out our guide for more information about TLS and SSL.

GZIP Compression

WP Engine automatically uses GZIP compression to optimize performance of static files (like images, text files, JavaScript, and CSS) on your web server. As a result, GZIP directives are typically not needed in your .htaccess file. The following file types are automatically compressed by WP Engine with GZIP:

application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
application/xml+rss
font/otf
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/calendar
text/css
text/javascript
text/log
text/markdown
text/plain
text/richtext
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml
text/xsd
text/xsl

Max Execution Time

Default max_execution_time for scripts is set to 60 seconds.

This setting can only be decreased, and cannot be increased. If you are performing a task which will take over 60 seconds to complete, the task should be broken into smaller segments and run in batches.

Max Input Vars

The default max_input_vars setting is 1000, indicating no more than 1000 variables can be attached to any request. For performance, we do not recommend using more than 1000 variables per request on your site.

If this setting needs to be adjusted higher, you can set the following in your site’s .htaccess file:

php_value max_input_vars 3000

For the best performance we encourage users to designate a maximum of 3000 variables with this setting. This setting cannot be increased beyond 5000.

NOTE: PHP 7.4 does not support .htaccess. Review our guide for alternatives. 

CORS Headers

Cross-Origin Resource Sharing headers are defined by default for all static resources on sites (images, styles, JavaScript, etc). You can see this by curling for the headers on a static file. For example:

If you wish to add CORS headers to other requests (posts and pages for example), use an .htaccess rule.

Server Modules

WP Engine has a specific set of platform-wide server modules which cannot be modified, removed, or added. To see a full list of modules, versions, and default settings, you can create a PHP Info file.

Disabled Functions

Our system administrators have already pre-configured server settings to best suit the needs of the majority of our clients. Some functions cannot be modified from site to site or in the php.ini file as they are configured at a server level.

Here are some functions that have been disabled and therefore are not able to be altered:

  • apache_child_terminate
  • apache_get_modules
  • apache_get_version
  • apache_getenv
  • apache_note
  • apache_setenv
  • disk_free_space
  • disk_total_space
  • diskfreespace
  • dl
  • exec
  • flock()
  • passthru
  • pclose
  • pcntl_exec
  • popen
  • posix_getpwuid
  • posix_kill
  • posix_mkfifo
  • posix_setpgid
  • posix_setsid
  • posix_setuid
  • posix_uname
  • proc_close
  • proc_get_status
  • proc_nice
  • proc_open
  • proc_terminate
  • shell_exec
  • show_source
  • system
  • opcache_get_configuration
  • opcache_get_status
  • auto_prepend_file

Disallowed Plugins

Most plugins are allowed on the platform, however a handful of plugins we specifically disallow as they will cause issues.
Check our updated list of disallowed plugins.

PHP Version

PHP Versions are regularly released and deprecated. To see which versions are currently available on the WP Engine farm and how to change versions, check out our PHP Upgrade Guide.

MySQL Version

WP Engine uses MySQL 5.6 and MySQL 5.7. New Digital Experiences will be placed on MySQL 5.7. To learn which MySQL version you are on, please contact Support.

mod_security

WP Engine does not use the mod_security Web Application Firewall (WAF) with Apache. Instead, we use a proprietary traffic detection and blocking system among other enterprise-grade security measures. This firewall will automatically block IPs or User Agents based on a predetermined set of rules.

If you’d like to manually block an IP, User Agent or country on this firewall, reach out to our Support team for assistance.

Read more about WP Engine’s Security Environment.

Miscellaneous

Module Is installed?
ionCube Loader No
cURL support Yes
SOAP client Yes
Imagick Yes

Configuration Files

There are several site and server-wide configuration files in place for each environment. Some files are accessible and able to be modified, while others are not.

 

Configuration file Is editable?
php.ini file No. Server-wide PHP settings are unable to be changed.
.htaccess file Yes. Apache settings can be configured in this file. Please be advised that WP Engine uses a dual-web-server configuration, so these settings will only apply for uncached requests. Redirects and rewrites should be set in your User Portal rather than in the .htaccess file.
wp-config.php file Yes. This file can be edited, but there are many WP Engine-specific settings in this file which should not be changed. For the best results, put custom entries in the “WP Engine Settings” section at the bottom.
nginx.conf file No. Server or site-specific Nginx settings are not able to be adjusted. If there is a specific Nginx setting you wish to adjust, please contact Support to see if there are any internal changes which may be made

NEXT STEP: Read more about the php.ini file

Ready to press ahead?

Talk to a specialist to find a solution that is right for you, or explore our platform.

Talk to a specialist Explore our platform