How to Safely Edit wp-config.php on WPEngine

Ever needed to bump PHP memory or turn on debugging, only to discover WPEngine locks parts of wp-config.php? You are not alone. WPEngine protects this core file to keep hosted sites secure, yet developers still need to add constants or hooks for advanced tasks. In the next few minutes you’ll learn a risk-free workflow to edit wp-config.php, what you can and cannot change, and smarter alternatives (like environment variables) that survive platform updates. Follow along and you’ll avoid white screen of death and your staging, production, and future self will thank you.

Why WPEngine makes wp-config.php special

WPEngine injects its own bootstrap code above the “That’s all, stop editing!” line to handle caching, staging domains, and Must-Use plugins. Direct edits outside the allowed region may:

• be overwritten during platform updates
• trigger Disallowed File warnings
• disable automatic backups

Knowing these limits saves headaches later.

The two supported workflows

Method #1: Classic SFTP edit (quick, but manual)

1. Generate SFTP credentials in User Portal → Sites → Environment → SFTP Users.
2. Connect using FileZilla or VS Code’s “Remote-SSH”.
3. Download wp-config.php from /sites/<install>/wp-config.php.
4. Add new constants above the WPEngine block, for example:

Copy// Custom — loaded before WP bootstrap.
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'WP_DEBUG', true );

Upload the file, overwriting the old copy, reload your site and confirm no 500 errors.

Method #2: Environment variables (code-free & CI-friendly)

For Atlas/Headless or modern setups, WPEngine lets you map .env keys to WordPress constants:

• In User Portal → Dev Tools → Environment Variables click Add variable.
• Enter WP_DEBUG = true, or any other allowed constant.
• Rebuild the environment. Changes apply on deploy.

Pros: version-controlled, no direct file edits, safe for multi-env projects.

Cons: limited to constants WPEngine exposes.

Safe editing checklist

1. Work on a staging copy first. Use Staging → Sync from Prod in the portal.
2. Take a manual backup. Snapshot before touching files.
3. Keep edits minimal. One commit per change.
4. Track in Git. Store the edited wp-config.php (minus credentials) so teammates know what changed.
5. Test critical paths: login, checkout, custom REST endpoints.

Common tweaks you can still make

Goal	Constant	Example
Increase memory limit	WP_MEMORY_LIMIT	define('WP_MEMORY_LIMIT','256M');
Raise upload size	WP_MAX_MEMORY_LIMIT	define('WP_MAX_MEMORY_LIMIT','512M');
Turn on debug log	WP_DEBUG_LOG	define('WP_DEBUG_LOG', true);
Force SSL admin	FORCE_SSL_ADMIN	define('FORCE_SSL_ADMIN', true);
Disable file edit	DISALLOW_FILE_EDIT	define('DISALLOW_FILE_EDIT', true);

Need bigger memory? See How to Increase the Memory Limit on WPEngine for a deep dive.

Tweaks you should not do on WPEngine

• Changing database credentials (managed automatically).
• Altering WP_HOME or WP_SITEURL. You should use the portal’s domain panel instead.
• Enabling object cache drop-ins; WPEngine runs its own layer.
• Setting AUTOSAVE_INTERVAL extremely low (performance hit).

These may conflict with platform guards or void support.

Rollback strategy

If a change breaks the site:

Copy# via SSH Gateway
wp option delete active_plugins
git checkout HEAD~1 wp-config.php
wp cache flush

Or simply restore the latest snapshot in Backups → Restore. Total time: ~2 minutes.

Automating edits with CI/CD

A safer long-term route is to script deployments:

Copy# .github/workflows/deploy.yml
- name: Deploy to WPEngine
  uses: wpengine/github-action-wpe-site-deploy@v3
  with:
    WPE_SSHG_KEY_PRIVATE: ${{ secrets.WPE_KEY }}
    WPE_ENV: prod
    REMOTE_PATH: 'wp-config.php'

Every push to main syncs your vetted config to production, keeping environments in lock-step.

Conclusion

Editing wp-config.php on WPEngine is easy if you respect the guardrails: use staging, back up first, and prefer environment variables for settings that change between dev and prod. Follow the steps above and you’ll enjoy custom tweaks without losing WPEngine’s rock-solid stability.

Need a hand with advanced WordPress fixes or a full-stack MVP? Start a project with me and get expert help on tap.