Really Simple SSL

Really Simple SSL adapts to recent WP Engine changes

Table of Contents

So what changed? WP Engine will drop support for the root file .htaccess. This is not uncommon, and several web servers, such as NGINX, do not support htaccess, and Really Simple SSL still works.

What is htaccess?

The .htaccess file is a configuration file in the root of your domain that contains configurations for your webserver. Some configurations can be;

  • Cache-control
  • Rewriting URL’s
  • Blocking IP Addresses
  • Implementing HTTPS / HSTS

Really Simple SSL, and WordPress as well, can use htaccess to store configurations for their respective functionalities. Below we will explain what changes for Really Simple SSL users, both Free and Pro, when WP Engine drops support.

Changes for Really Simple SSL Pro

These changes only occur when the settings were enabled before the recent update. The functionality will not change.

  • Your enabled security headers are now disabled in htaccess and are defaulted to security header with PHP. PHP is the server-side programming language for WordPress.
  • Your htaccess redirect will default to the built-in WordPress redirect.
  • A warning might have appeared in your Really Simple SSL Pro Dashboard:

    Security headers have been set via PHP but your site uses caching. Caching prevents the headers from working correctly. We recommend to add the following security headers to your NGINX configuration file:

Followed by the below NGINX config rules. This is in fact due to the fact WP Engine is now using a hybrid version of NGINX and Apache.

# EXAMPLE ONLY Really_Simple_SSL_SECURITY_HEADERS
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "no-referrer-when-downgrade";
# END Really_Simple_SSL_SECURITY_HEADERS

You can ask your WP Engine Support Desk to add your specific config rules to the NGINX config file. More about security headers for NGINX can be found here.

Changes for Really Simple SSL Free

These changes only occur when the settings were enabled before the recent update. The functionality will not change.

  • Your htaccess redirect will default to the built-in WordPress redirect.

 

Aert Hulsebos

Aert Hulsebos

Related articles

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.