Platform Settings

Last updated on July 22nd, 2025

media php Platform Information WordPress

This page offers answers to common questions about default platform settings, WordPress® settings, and server configuration settings.¹ You can use this as a quick reference for many settings and how they are configured or changed.

Contents hide

1 WordPress Memory Limit

2 Maximum File Upload Size

3 PHP Image Resize Limit

4 PHP Execution Restricted

5 Long Query Governor

6 Post Revisions

7 Sending Email

8 TLS Version

9 GZIP and Brotli Compression

10 Max Execution Time

11 Max Input Vars

12 LOAD DATA MySQL Function

13 Security Headers

13.1 CORS

13.2 HSTS

13.3 Misc Security Headers

14 Server Modules

15 Environment Variables

16 Disallowed Plugins

17 PHP Version

18 MySQL Version

19 Configuration Files

20 WP Engine MU Plugins

21 Hidden Site Settings

WordPress Memory Limit

The default WordPress Memory Limit is 40MB for a single site, or 64MB for a Multisite network.

These values can be increased to a maximum of 512MB by inserting the following lines under the “WP Engine Settings” section in your wp-config.php file:

define( 'WP_MEMORY_LIMIT', '512M' );

If you want to define a separate higher or lower memory for the WordPress admin area of the site, can add the following line after the one above:

define( 'WP_MAX_MEMORY_LIMIT', '512M' );

You are free to define whichever memory value works best for your site, as long as it does not exceed 512MB.

To make this edit you’ll need access to the file system of your website. Learn more about connecting to your website with SFTP, or the more advanced SSH gateway.

Maximum File Upload Size

The default maximum upload file size for sites is 50MB (or 1MB for multisite networks). You can check what the site is currently registering for the max file upload size from the /wp-admin/upload.php page:

To increase max file upload size up to a maximum of 256MB please contact Support. Any files larger than 256MB must be uploaded via SFTP or SSH Gateway.

Max File Upload Size on Multisite

In addition to reaching out to Support, you will also need to update the network upload size if you are using multisite for WordPress.

Login to your WordPress admin dashboard
Click My Sites
Select Network Admin
Click Settings
Locate Max upload file size
- ** The size here is in KB, not MB

If the maximum upload size has been increased but you are still experiencing issues, your website’s Cloudflare account for DNS may be the cause. Max upload for Cloudflare’s Free and Pro plans is 100MB and trying to upload a file larger than this can result in a 413 error in the console from Cloudflare. Try reducing requests below this size into smaller chunks, upload the full resource after disabling Cloudflare’s proxy, or upgrade your Cloudflare account.

PHP Image Resize Limit

WP Engine limits the size of images that can resized using PHP. This size limit is 8000px by 8000px, or 40MP. We’ve put this limit in place to protect server memory and stability, and therefore it cannot be increased.

Plugins that resize images using PHP, such as Smush or ImageMagick, may run into errors if the image is too large. For example you may see the error, width or height exceeds limit. If you are seeing such an error, resize the image below the limitations prior to attempting the upload again.

PHP Execution Restricted

WP Engine servers block the execution of .php files from within the wp-content/uploads/ directory. This directory is intended only for media, it is best practice to not execute PHP from these folders.

Long Query Governor

WP Engine has a governor in place for your benefit to prevent database queries that are extremely long in character length from running and affecting site and server performance. The governor can be disabled with the following define in your wp-config.php file but we advise against it in most cases to prevent performance issues. Optimizing queries so that they no longer receive a KILLED QUERY error is preferable to allowing long queries.

define( 'WPE_GOVERNOR', false );

Read more about the governor and long query errors in the Error Logs and Common Errors article.

Post Revisions

WordPress Post Revisions, or autosaves, store a record of each saved draft or published update for a post. This system allows a user to see the last few changes and to restore a page or post to a previous version. While great in theory, revisions cause the database to grow exponentially and a large database can directly impact site performance.

Every WP Engine site has WordPress revisions disabled by default. If you need a more extensive revision management system, we recommend using a third-party editing system rather than relying on WordPress revisions.

Revisions can only be enabled by contacting Support. Revisions cannot be enabled in the wp-config.php or php.ini files, as this will be overwritten at the server level.

If you migrated a site with existing revisions that you would like to preserve, reach out to Support to have revisions enabled.

Support can help you enable 3 revisions for your posts to start. Revisions should not exceed 5.
Old revisions will be automatically removed after 60 days.

NOTE

Enabling revisions is not a retroactive change. Only revisions generated after the feature has been enabled will be stored moving forward.

If you would like to clean up your database and delete any existing database revisions, the following query can be run from phpMyAdmin.

DELETE FROM wp_posts WHERE post_type = “revision”;

Sending Email

WP Engine allows general WordPress emails such as password resets to be sent through WordPress below a certain reasonable quantity. However, for sending a large number of emails, such as a newsletter or email blast, we impose a limit and require the use of an email API or an SMTP plugin.

As Port 25 is blocked for all services, we highly recommend using an email service that sends email via API, or an alternative port (such as port 2525).

More information about WP Engine’s email policy can be found here.

TLS Version

All WP Engine servers have TLS 1.2 and 1.3 enabled by default.

TLS 1.0 and 1.1 have been deprecated on WP Engine. As TLS 1.0/1.1 deprecation happened across the industry, and we do not offer the option for customers to defer or opt into a version lower than TLS 1.2. For a majority of customers, usage of TLS 1.2+ should not cause any noticeable impact.

Check out our guide for more information about TLS and SSL.

GZIP and Brotli Compression

WP Engine automatically uses GZIP or Brotli compression to optimize performance of static files (like images, text files, JavaScript, and CSS) on your web server. As a result, GZIP and Brotli directives should not need to be added separately.

If the browser requesting the file supports Brotli compression, the file will be served compressed with Brotli. If the requesting browser does not support Brotli the file will be served compressed with GZIP.

The following file types are automatically compressed by WP Engine with Brotli:

text/plain
text/css
application/javascript
application/x-javascript
text/xml
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/xml
application/xml+rss
font/eot
font/opentype
text/javascript
image/x-icon
image/bmp
image/svg+xml

The following file types are automatically compressed by WP Engine with GZIP:

application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
application/xml+rss
font/otf
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/calendar
text/css
text/javascript
text/log
text/markdown
text/plain
text/richtext
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml
text/xsd
text/xsl

Max Execution Time

Default max_execution_time for scripts is set to 60 seconds.

This setting can only be decreased, and cannot be increased. If you are performing a task which will take over 60 seconds to complete, the task should be broken into smaller segments and run in batches.

Max Input Vars

The default max_input_vars setting is 10000, indicating no more than 10,000 variables can be attached to any request.

This setting cannot be adjusted, as this is set at a platform level and higher values will have negative performance implications.

NOTE

WP Engine does not support .htaccess. Review our guide for alternatives.

LOAD DATA MySQL Function

The LOAD DATA statement in MySQL is disabled on the WP Engine platform for security reasons. Some potential alternatives to using the LOAD DATA function are:

Using INSERT statements in MySQL
Using the graphical phpMyAdmin editor from the WP Engine User Portal to import data
Using an SSH connection to import data with WP-CLI or a database tool like MySQL Workbench

Security Headers

If you want to ensure extra security on your site through the use of headers, many are already added by default. If the header you’d like is not enabled automatically, they can be added through the Web Rules page in your User Portal.

CORS

Cross-Origin Resource Sharing headers are defined by default for all static resources on sites (images, styles, JavaScript, etc). You can see this by curling for the headers on a static file. For example:

HSTS

HTTP Strict Transport Security (HSTS) is a security policy allowing web servers to declare that browsers (or other complying user agents) should only interact using secure HTTPS connections. Setting this up on WP Engine can be done by adding a header to the Web Rules area of the User Portal.

This rule is the simplest HSTS header that can be added, indicating that once a browser has read the header it should remember it for 63072000 seconds (2 years).

add_header Strict-Transport-Security "max-age=63072000";

When added as a header rule it will look like the following: