Recently, WordPress hosting platform, WP Engine, announced that it will deprecate and eventually discontinue support for .htaccess files for all customers. To replace this long-standing tool, the platform is now offering the new Web Rules Engine, a User Portal-based service that will allow customers to manage the security framework of their websites using access rules and response headers.
Web Rules is a modern alternative to .htaccess files that will allow both WP Engine and its users to leverage new technologies.
Web Rules Engine Replaces .htaccess Files
WP Engine has released the new Web Rules Engine to provide a more efficient, and NGINX-based alternative to .htaccess files. This new tool allows administrators to manage web access rules through their User Portal.
Web Rules Engine offers functionalities that are similar to those provided by the .htaccess file. These include:
- Denying or allowing IP/Range access
- Preventing direct access to private files
- Modifying cache-control headers or adding security headers
Using this service, web administrators can control site behavior by adding, editing, and deleting access rules to streamline website traffic or setting up response headers, including security headers to protect a website.
What are .htaccess Files Anyways?
The .htaccess is an Apache configuration file that is used on web servers to set up directives. These .htaccess directives could be executed for multiple reasons, including to manage a site’s security protocols or redirect users to a new URL if the original webpage has been moved to a different location.
This file has been a familiar tool for web administrators looking to edit and make changes to website configurations. So why is WP Engine phasing out the use of .htaccess files? The primary reason is to break the platform’s dependency on the Apache web server and leverage new technologies to provide customers with improved features and performance.
What Should You Do Next?
As WP Engine transitions away from .htaccess files, organizations should enable the new Web Rules feature and populate the header rules tab with the necessary directives to avoid any security gaps that could compromise their websites. Check out a screenshot below of our implemented Web Rules as reference:
(Click to enlarge image)
To check the status of your website’s security headers, visit https://securityheaders.com/. If you are a GraVoc customer who is on our monthly WordPress Maintenance Plan, then don’t worry, we’ve already enabled the Web Rules feature for your website, and you are all set!
Don’t panic, we’ve got you covered! Our Creative Technology Team has the expertise to provide ongoing WordPress support, including the implementation of updates like the Web Rules Engine, to ensure your website’s security framework remains up to date. Click below to check out our WordPress Maintenance Plan to see how we can keep your WordPress website healthy and up-to-date all year round.
Our team worked closely with AwardIT to develop a digital platform that connects SBIR grant writers and reviewers.
Check out the eCommerce website we designed & developed for Magnalube, a company that produces specialty lubricants for industrial engineers.
Check out the eCommerce website we developed for The Standard Rivet Company, featuring a streamlined checkout process & integrations to Dynamics GP.