WordPress Plugins and Themes with Known Issues
A list of WordPress plugins, themes, and functions that are not supported and/or require workarounds.
This page lists WordPress plugins, themes, and functions that may not function as expected or are currently problematic on the Pantheon platform. This is not a comprehensive list (see other issues). We continually update it as problems are reported and/or solved. If you are aware of any modules or plugins that do not work as expected, please contact support.
We do not prevent you from installing and using these plugins or themes. However, we cannot provide support for incompatible plugins and themes, or if they are used against the guidance provided here.
Plugin & Theme Maintainers: If your work is listed here, please reach out to us. We're happy to help provide information that can lead to conflict resolutions between your code and the platform.
If your work is already updated but still listed here, let us know so we can remove it, or submit a pull request.
Assumed Write Access
Some plugins and themes are built on the assumption that the CMS has write access to the entire filesystem. While this is usually true of standard LAMP/LEMP stack server configuration, Pantheon and other specialized platforms do not. This can result in runtime errors when the software can't write to locations in the codebase in Test and Live environments.
Refer to documentation on Using the Pantheon WebOps Workflow for more information on how Pantheon differentiates "code" from "files".
The solution to these issues is usually to create a symbolic link (symlink) from the plugin's expected write location to a location in the writable filesystem (/sites/default/files
for Drupal, wp-content/uploads
for WordPress). The process for creating a symlink and verifying that the symlink is correct is detailed in Using Extensions That Assume Write Access.
The following is a list of plugins that assume write access, and the specific file or folder that needs to be symlinked to resolve:
Plugin | Assumed Write Path | Notes |
---|---|---|
AccessAlly WordPress LMS | wp-content/accessally-protected-content | PROTECTED_CONTENT_FOLDER variable within the plugin assumes access to PATH |
All-in-One WP Migration | wp-content/ai1wm-backups | The platform is not designed for large backup files, and this plugin can cause your deployment workflows to break. You can download full backups from the Site Dashboard. See below for additional information. |
wp-content/plugins/all-in-one-wp-migrations/storage | ||
Autoptimize | wp-content/resources | See the Autoptimize section below for other solutions. |
Big File Uploads | wp-content/bfu-temp | See the Big File Uploads section below for solutions. |
Divi WordPress Theme & Visual Page Builder | wp-content/et-cache | Remember to repeat this process for each environment, including Multidevs. |
Fast Velocity Minify | wp-content/cache | Remember to repeat this process for each environment, including Multidevs. |
Hummingbird | wp-content/wphb-logs | The /wphb-logs folder logs API calls |
NextGEN Gallery | wp-content/gallery | You can override this path on the plugin configuration page (/wp-admin/admin.php?page=ngg_other_options) to use wp-content/uploads/gallery/ instead of creating a symlink. |
Nitropack | wp-content/nitropack and advanced.cache.php | Allows for the caching feature to be disabled so that other features, such as optimization, can be used side-by-side. |
WooZone | wp-content/plugins/woozone/cache | |
Wordfence | wp-content/wflogs | Follow the steps outlined in the Wordfence section. |
WP Fastest Cache | wp-content/cache | This plugin uses is_dir to verify the target directory, which will return false if the directory is a symlink. This causes a permissions error when deleting cache files. |
WP-Rocket | wp-content/wp-rocket-config | |
wp-content/cache | ||
WPML - The WordPress Multilingual Plugin | wp-content/languages | Alternate solutions are listed in the WPML section. |
Define FS_METHOD
By default, WordPress tests each directory before uploading a file by writing a small temporary file. Some plugins and themes may have issues on the Pantheon platform due to this write access test. You can avoid these issues (and skip the test of writing a small file) by defining the FS_METHOD
as direct
in the wp-config.php
file above the line /* That's all, stop editing! Happy Pressing. */
. To resolve the issue, configure the wp-config.php
to resemble the following code sample:
if (isset($_ENV['PANTHEON_ENVIRONMENT'])) {
if ( !defined('FS_METHOD') ) {
define('FS_METHOD', 'direct');
}
}
The successful write of the temporary file returns "direct". You can specify the direct
file system method beforehand to allow operations to run slightly faster. Note that the direct
specification forces the method to use direct file I/O requests from within PHP, which can open up security issues on poorly configured hosts.
Plugins and themes with issues resolved (at least partially) by this include the following:
- AccessAlly WordPress LMS
- Blabber Theme
- Divi WordPress Theme & Visual Page Builder
- Event Espresso
- SmartCrawl Pro
- Thrive Theme Builder
- Visual Composer: Website Builder
- WPBakery: Page Builder
- Wordfence Security
- YotuWP Easy YouTube Embed
- WPML - The WordPress Multilingual Plugin
If your site is using an up-to-date version of the Pantheon WordPress upstream, FS_METHOD
will automatically be set for you.
AdThrive Ads
Last reviewed: Oct 10 2022
AdThrive Ads is an ad provider for bloggers. AdThrive Ads is not compatible with the Pantheon platform because the plugin assumes write access and is also incompatible with:
- Git deployments
- Docker
- Kubernetes
There is no solution for the compatibility issues with this plugin.
All-in-One WP Migration
Last reviewed: Nov 30 2020
Issue: All-in-One WP Migration attempts to store all of the environment's code, database, and files in version control. This is too much for git to handle, and will cause all deployments to fail.
There is a very strong possibility this plugin will break the site's workflows, leaving you unable to deploy for a minimum of 24 hours.
Solution: Use the platforms automated backups from the Site Dashboard.
AMP for WP – Accelerated Mobile Pages
Last reviewed: Dec 05 2019
Issue: With the AMP for WP – Accelerated Mobile Pages plugin, enabling the Mobile Redirection feature within AMP for WP sends a session cookie which conflicts with platform-level page caching. See the WordPress support forum for details.
Solution: Disable the option for Mobile Redirection within the AMP for WP options page. Then handle mobile redirection via PHP within wp-config.php
, for example:
if ((is_mobile())&&(strrpos($_SERVER['REQUEST_URI'],'amp') == false)) {
header('HTTP/1.0 301 Moved Permanently');
header('Location: https://'. $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] .'/amp');
// Name transaction "redirect" in New Relic for improved reporting (optional).
if (extension_loaded('newrelic')) {
newrelic_name_transaction("redirect");
}
exit();
}
function is_mobile() {
if ( empty($_SERVER['HTTP_USER_AGENT']) ) {
$is_mobile = false;
}
elseif ( strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile') !== false // many mobile devices (all iPhone, iPad, etc.)
|| strpos($_SERVER['HTTP_USER_AGENT'], 'Android') !== false
|| strpos($_SERVER['HTTP_USER_AGENT'], 'Silk/') !== false
|| strpos($_SERVER['HTTP_USER_AGENT'], 'Kindle') !== false
|| strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') !== false
|| strpos($_SERVER['HTTP_USER_AGENT'], 'Opera Mini') !== false
|| strpos($_SERVER['HTTP_USER_AGENT'], 'Opera Mobi') !== false ) {
$is_mobile = true;
}
else {
$is_mobile = false;
}
return $is_mobile;
}
Auth0
Last reviewed: Apr 27 2024
Issue 1: Login by Auth0 does not function properly out of the box on Pantheon because the Auth0 cookie is cached by the Global CDN and the value of the cookie is not passed back to the application server. In a previous version of this plugin (v4) there was a filter available to modify the cookie name, but in the latest version (v5) the filter has been removed.
Solution: Some customers reported success using the PHP SDK to modify the cookie name to use the STYXKEY_
prefix as a workaround. Please note that this solution is not perfect, as it can break sites when the suggested code is used without the plugin being activated or when certain plugin configurations are empty. See this related GitHub issue for the suggested workaround.
Autoptimize
Last reviewed: Feb 10 2020
Issue 1: Autoptimize assumes write access to the site's codebase within the wp-content/resources
directory, which is not granted on Test and Live environments on Pantheon by design. For additional details, refer to Using Extensions That Assume Write Access.
Solution: Configure Autoptimize to write files within the standard wp-content/uploads
path for WordPress (wp-content/uploads/autoptimize
) by adding the following to wp-config.php
:
/** Changes location where Autoptimize stores optimized files */
define('AUTOPTIMIZE_CACHE_CHILD_DIR','/uploads/autoptimize/');
Be sure to add this configuration above the comment to stop editing:
For additional details, see the Autoptimize FAQ. An alternative solution is to create a symbolic link.
Issue 2: Autoptimize attempts to generate the file wp-content/autoptimize_404_handler.php
upon activation, and if not present will throw a php warning.
Enabling this setting requires write access and a location directive not configured in platform's Nginx configuration, generating the error:
Warning: file_put_contents(/code/wp-content/autoptimize_404_handler.php):
failed to open stream: Permission denied in /code/wp-content/plugins/autoptimize/classes/autoptimizeCache.php on line 642
Solution: Uncheck Enable 404 fallbacks in the Autoptimize settings page wp-admin/options-general.php?page=autoptimize
.
The Pantheon Platform does not provide support for custom HTTP server configurations, so file redirects will not work. More information can be found in the redirect files section of Advanced Redirects and Restrictions.
Better Search And Replace
Last reviewed: Sep 27 2019
Issue: The Better Search and Replace plugin is not accessible in Test or Live (read-only environments in Pantheon) due to the install_plugins
capability check of the plugin. Follow this issue on the WordPress support forum.
Solution 1: There is an undocumented filter in place to override the capability check. Adding this in the your theme’s function.php
can make it work:
function better_search_replace_cap_override() {
return 'manage_options';
}
add_filter( 'bsr_capability', 'better_search_replace_cap_override' );
Solution 2: Use an alternative Search and Replace plugin like WP Migrate DB
Big File Uploads
Issue: The Big File Uploads plugin has assumed write access for its temporary file storage.
Solution:
Set your Dev (or Multidev) environment to Git connection mode in the dashboard or via Terminus.
Use Git to clone your site's codebase locally if you haven't already. See Clone your site codebase
In your terminal, change your current directory to the location where the site's Git clone is stored.
Navigate to
/wp-content
and check if the/wp-content/bfu-temp
folder exists. If it does, remove it before you create the symlinks in the next steps:cd wp-content rm -rf bfu-temp
Return to the root directory of the Git clone:
cd ..
Create a symlinks:
ln -s ../../files/private/bfu-temp ./wp-content/bfu-temp
Commit this change and push to your site, and ensure that a private/bfu-temp directory is created on each environment.
Bookly
Issue: Sessions are implemented in a way that will not allow Bookly to function with the WP Native Sessions plugin, either installed as a regular plugin or an mu-plugin. Follow this issue on the WordPress support forum.
Broken Link Checker
Issue: For the Broken Link Checker, a low value set for "Check link every X hours" can consume a large amount of server resources.
Solution: Ensure that the value is set for the default of 72 hours or greater.
Caching Plugins
This includes but is not limited to:
Issue: Conflicts with platform-level page caching.
Solution: See Caching: Advanced Topics for details on how to bypass the platform page cache.
Coming Soon
Last reviewed: Oct 03 2018
Issue: The Coming Soon plugin's Maintenance mode
gives the ERR_TOO_MANY_REDIRECTS
error in the frontend. This plugin returns the error 503 Header status - Service Temporarily Unavailable
which creates a redirect loop. Please see this issue for more details regarding the error.
Solution: This plugin only works in the Coming Soon Mode
on Pantheon. You need to add content to the Page Settings > Message, so the Coming Soon page won't appear as a blank page.
Alternatively, if you don't want your site to be crawled by search engines, you can lock it via the platform and you can use a custom lock page.
Contact Form 7
Last reviewed: Aug 21 2021
Issue 1: The Contact Form 7 plugin relies on $_SERVER['SERVER_NAME']
and $_SERVER['SERVER_PORT']
, which pass static values subject to change over time during routine platform maintenance.
Solution: Add the following to wp-config.php
:
$_SERVER['SERVER_NAME'] = $_SERVER['HTTP_HOST'];
if (isset($_ENV['PANTHEON_ENVIRONMENT'])) {
if (isset($_SERVER['HTTP_USER_AGENT_HTTPS']) && $_SERVER['HTTP_USER_AGENT_HTTPS'] === 'ON') {
$_SERVER['SERVER_PORT'] = 443;
}
else {
$_SERVER['SERVER_PORT'] = 80;
}
}
For more details, see SERVER_NAME and SERVER_PORT on Pantheon.
Issue 2: In order to attach or upload files, local file attachments set in the admin panel cannot come from the uploads
folder. Therefore, you must direct attachments to a temporary folder.
Solution: You can customize the upload path for the temporary folder using the following:
define( 'WPCF7_UPLOADS_TMP_DIR', WP_CONTENT_DIR . '/uploads/wpcf7_uploads' );
Please note that the temporary folder needs to reside in a folder that can be accessed by Dev, Test, Live, or whichever Multidev you are using.
At this time, this setting alone does not resolve the issue. An issue has been submitted by the community and is being worked on here.
The suggested temporary workaround is to comment out the following code in your /contact-form-7/includes/mail.php
file:
# Comment out the following code:
if ( ! wpcf7_is_file_path_in_content_dir( $path ) ) {
if ( WP_DEBUG ) {
trigger_error(
sprintf(
/* translators: %s: Attachment file path. */
__( 'Failed to attach a file. %s is not in the allowed directory.', 'contact-form-7' ),
$path
),
E_USER_NOTICE
);
}
return false;
}
Constant Contact Forms
Last reviewed: Aug 24 2018
Issue: The Constant Contact Forms plugin adds dependencies using Composer and provides a .gitignore file which prevents these dependencies from being picked up by Git. This leads to problematic deployments as not all code moves forward to Test and Live.
Solution: Remove .gitignore files from the constant-contact-forms
and constant-contact-forms/vendor/psr/log
directories.
Disable REST API and Require JWT / OAuth Authentication
Last reviewed: Apr 01 2019
Issue: When the Disable REST API and Require JWT / OAuth Authentication plugin is enabled along with WooCommerce, WP-CLI and Pantheon dashboard workflows like Cache Clear can fail. This issue may not happen for environments where WP-CLI is not installed (local machine, other platforms, etc):
Fatal error: Uncaught Error: Call to undefined method WP_Error::get_data() in /srv/bindings/.../code/wp-content/plugins/woocommerce/includes/cli/class-wc-cli-runner.php:64
For WooCommerce, the CLI runner needs some of the REST endpoints for it to function. The plugin is only allowing a specific set of paths for allowed access.
Solution: In the plugin.php
file, edit the if ( ! is_user_logged_in() )
conditional to include a check for CLI PHP requests:
if ( ! is_user_logged_in() && php_sapi_name() != 'cli' ) {
// Only allow these endpoints: JWT Auth.
$allowed_endpoints = array(
'/jwt-auth/v1/token/validate',
'/jwt-auth/v1/token',
'/oauth/authorize',
'/oauth/token',
'/oauth/me',
);
$allowed_endpoints = apply_filters( 'reqauth/allowed_endpoints', $allowed_endpoints );
Divi WordPress Theme & Visual Page Builder
Last reviewed: Sep 28 2022
Issue: Divi WordPress Theme & Visual Page Builder may produce the error below when attempting to edit pages. This is caused by the page builder attempting to write to three different nested folders in the web root. This issue is also expressed when the WordPress admin dashboard becomes slow when editing posts using Divi.
.../data/Utils.php:758 ET_Core_Data_Utils::WPFS():
[ERROR]: Unable to write to filesystem. Please ensure that the web server process has write access to the WordPress directory.
Explanation of why these issues occur: The dynamic features in Divi, along with other settings stored in et-cache
, can create excessive rewrites to the file system. Under high traffic uncached requests, this can saturate the file system, and degrade the performance of the site. The effect this creates is compounded when WordPress' FS_METHOD
is not set to direct. Elegant themes provide these configurations in an attempt to enhance the experience of their Product, however these options are redundant and detrimental in certain environments.
Solution: The resolution is to access the Divi Theme Options located under the Advanced section in Builder and disable Static CSS File Generation:
Navigate to Divi Theme Options, select Builder, and then select Advanced.
Disable Static CSS file generation in the Divi theme.
Select Theme Options, select General, select Performance, and then select to disable Dynamic CSS.
Consider disabling other Dynamic settings if possible.
Verify that a symlink exists for
wp-content/et-cache
.Define the
FS_METHOD
in thewp-config
file if you are not using Pantheon's mu-plugin.Purge the contents of
et-cache
manually but do not purge theet-cache
folder itself. You can do this by accessing the site's files via SFTP.
I am still having issues: Please contact support if you have completed the resolution steps above and you are still having issues.
Elementor
Last reviewed: Mar 30 2022
Issue: Elementor uses the current full URI to link to styled assets, which are invalid when the code is pushed from one environment to another.
Solution 1: Use any find/replace option to update the paths in Elementor. Ensure you account for escaped JSON URLs for this solution to work.
For example: my.example.com
Find or replace must handle test.example.com
-> my.example.com
and
my.example.com
-> test.example.com
.
Note that if you are using a /
ending slash on a new site’s URL, ensure you add a /
on old site’s URL as well.
Solution 2: Use the search and replace feature in Elementor to enter the following:
/wp-admin/admin.php?page=elementor-tools#tab-replace_url
.
Event Espresso
Last reviewed: Nov 15 2018
Issue 1: Event Espresso displays the following error:
PHP Fatal error: Uncaught EE_Error: An attempt to access and/or write to a file on the server could not be completed due to a lack of sufficient credentials.
Solution: Define FS_METHOD
.
Issue 2: Enabling Event Espresso sends a session cookie which conflicts with platform-level page caching.
Solution: Session autostart can be disabled conditionally using FHEE_load_EE_Session
filter.
Facebook for WordPress (official-facebook-pixel)
Last reviewed: Nov 22 2021
Issue: The plugin includes Git submodules in code/wp-content/plugins/official-facebook-pixel/vendor/techcrunch/wp-async-task/
which returns a PHP error because thewp-async-task/*
can't be promoted to other environments due to the Git submodules.
Warning: include(/code/wp-content/plugins/official-facebook-pixel/vendor/composer/../techcrunch/wp-async-task/wp-async-task.php): failed to open stream: No such file or directory in /code/wp-content/plugins/webp-converter-for-media/vendor/composer/ClassLoader.php
Solution: Download the plugin from https://wordpress.org/plugins/official-facebook-pixel/ and extract it to your desktop. Then navigate to official-facebook-pixel/vendor/techcrunch/wp-async-task
and delete the .git
& .gitignore
files before uploading to Dev.
FacetWP
Last reviewed: Oct 15 2019
Issue: The FacetWP plugin conflicts with New Relic.
Solution: Disable New Relic when using FacetWP.
Fast Velocity Minify
Last reviewed: Dec 12 2022
Issue: Your site may suddenly display a white screen of death in Git mode or in the Test/Live environment when using the Fast Velocity Minify plugin. This occurs because the default cache location, wp-content/cache
, is not writable in Pantheon.
Solution 1: The default cache path for this plugin is wp-content/cache
as of version 3.2.2.
1.Create a symlink for wp-content/cache
in the wp-content
directory. Refer to the documentation on Using Extensions That Assume Write Access for more information.
Run the following line of code:
ln -s ./uploads/cache ./cache
Remember to clear the cache from Pantheon and flush the Redis cache. Earlier versions have this option in the Fast Velocity Minify's Settings tab for the Cache Location.
Solution 2: The FVM_CACHE_DIR
and FVM_CACHE_URL
variables are available to override the cache location to address this bug as of version 3.3.3.
Add the example configuration in the wp-config.php
file:
define( 'FVM_CACHE_DIR', '/code/wp-content/uploads' );
define( 'FVM_CACHE_URL', WP_SITEURL . '/code/wp-content/uploads' );
Force Login
Last reviewed: Jul 26 2018
Issue: The Force Login plugin appends a port number using $_SERVER['SERVER_PORT']
at the end of the URL when the user logs in to the site.
Solution: See Set SERVER_PORT Correctly.
GDPR Cookie Consent
Last reviewed: Feb 20 2020
Issue: The GDPR Cookie Consent plugin sends two set-cookie
headers in each response, which breaks caching on Pantheon's Global CDN. For example:
curl -I https://www.example.com
HTTP/2 200
cache-control: public, max-age=600
content-type: text/html; charset=UTF-8
server: nginx
set-cookie: cookielawinfo-checkbox-necessary=yes; expires=Thu, 20-Feb-2020 17:31:51 GMT; Max-Age=3600; path=/set-cookie: cookielawinfo-checkbox-non-necessary=yes; expires=Thu, 20-Feb-2020 17:31:51 GMT; Max-Age=3600; path=/x-pantheon-styx-hostname: styx-fe1-a-789d66bff9-tztp6
x-styx-req-id: 7f93c166-53fe-11ea-803e-b26d7703e33f
date: Thu, 20 Feb 2020 16:31:51 GMT
x-served-by: cache-mdw17379-MDW, cache-chi21146-CHI
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1582216311.492451,VS0,VE204
vary: Accept-Encoding, Cookie, Cookie
age: 0
accept-ranges: bytes
via: 1.1 varnish
Solution: Several users have reported that upgrading to the premium version of this plugin and disabling the included script blocker fixed the issue. For additional support, work with the plugin maintainers and review related documentation for the premium version.
Gravity Forms
Last reviewed: Oct 18 2024
Issue: Emails from Gravity Forms submissions have content truncated when using the default PHP mailer and PHP versions 8.0 or 8.1.
Solution: This issue stems from a change in how line endings are handled by PHP's mail() function. To resolve, upgrade to PHP 8.2+.
H5P
Last reviewed: Nov 05 2019
Issue: Adding new libraries or content types from the H5P hub through the admin interface (or uploading large files from slow internet connections) can hit our max execution timeout, resulting in a 504 error:
While not a solution, re-running the Install process multiple times may result in success. You can also attempt to upload .hp5
files from your local computer. If local uploads hit the timeout, please try from a faster connection.
HM Require Login
Last reviewed: Nov 04 2021
Issue: When using the HM Require Login plugin, WordPress's cookies disappear shortly after a user successfully logs in. When the user attempts to access a second page in the WordPress Admin, the login screen is displayed.
Solution: Use an alternative plugin such as Force Login or Restricted Site Access.
Hummingbird
Last reviewed: Jan 20 2022
Issue: When using the Hummingbird plugin on a locked site, the user may encounter an HTTP 400-level (client error) response.
Solution: To resolve this issue flush the Hummingbird cache. Note that flushing the cache purges the cache storage, which might affect other processes that use the same storage.
HyperDB
Last reviewed: Sep 28 2023
Issue: Pantheon's database replication architecture is incompatible with HypeDB requirements, as the HyperDB plugin does not expect the replica to be readable during the bootstrap process and continues to query it instead of falling back to the main database. This issue is known to cause significant application problems when used on the platform.
Solution: HyperDB is not supported or recommended on Pantheon and there is no known workaround at this time.
InfiniteWP
Last reviewed: Oct 01 2019
Issue 1: Installing the InfiniteWP plugin admin panel on a Pantheon hosted site is not possible, because the plugin hardcodes the database credentials and uses a custom port in the URL. Our platform offers database credentials and offers them as an environment variable, and does not allow web access on ports other than 80
and 443
.
Issue 2: Cannot remotely update core, or install/update themes and plugins in the Test and Live environments.
Solution: Due to the read only nature of Test and Live environments, remote updates can only be done in Dev, then deployed to Test and Live environment. Consider using a Custom Upstream or WordPress Multisite instead if you are deploying similar codebase, theme and plugins for a group of sites hosted on Pantheon.
Instashow
Issue: The Instashow plugin relies on query parameters that are not compatible with Pantheon's Edge Cache. See PANTHEON_STRIPPED for more information. This inhibits the ability to set the authorization token required to make the plugin function.
Solid Security (Previously: iThemes Security)
Last reviewed: Jan 26 2024
Issue 1: The "File Change Detection" check in the Solid Security (Previously: iThemes Security) plugin, warns site admins when files are modified. On Pantheon, automated backups will trigger this warning.
Solution: Disable the "File Change Detection" component of the plugin. Code files in the Test and Live environments are not writable, so this is not a security risk on Pantheon.
Issue 2: Solid Security attempts to modify nginx.conf
, .htaccess
and wp-config.php
. Components that need write access to these files will not work since nginx.conf
cannot be modified and code files on the Test and Live environments are not writable.
Solution: Modifications to wp-config.php
should be done in Dev or Multidev environments, then deployed forward to Test and Live.
Jetpack
Last reviewed: Mar 09 2022
Issue 1: Jetpack requires the XMLRPC interface to communicate with Automattic servers. The Pantheon WordPress upstream disables access to the XMLRPC endpoint by default as it is a common scanning target for bots and receives a lot of invalid traffic.
Solution:
Modify your site's
pantheon.yml
file to allow access to thexmlrpc.php
path:pantheon.ymlprotected_web_paths_override: true protected_web_paths: - /private - /wp-content/uploads/private
This will maintain the normal security settings for other paths, but allows access for XMLRPC. Follow the remaining steps below to block all requests to the
xmlrpc.php
file EXCEPT those added to your IP address allowlist.Add Jetpack IP addresses to the is_from_trusted_ip function of your
wp-config.php
file.Add
/xmlrpc.php
to yourdisallow_uri
array, for example:$disallow_uri = array( '/xmlrpc.php', );
The reference code demonstrates IP based restrictions in context of locking down admin paths (like
/wp-admin/
and/wp-login.php
). While locking down admin paths is a best practice, it may not fit all site use cases and it is not required in order to solve this specific Jetpack issue. If you opt to keep admin paths in the$disallow_uri
array you will need to add IP addresses for yourself and every site administrator to the$trusted_ips
array in addition to the Jetpack IPs added in the previous step.
Pantheon does not support XML-RPC if it is enabled. You must resolve any issues you experience from enabling XMLPRC on your own.
Issue 2: Unexpected server port value error is reported by Jetpack in WP admin, where the fix suggested by the plugin causes critical errors on Pantheon. For example:
Solution:
Adjust the fix suggested by Jetpack, so that $_SERVER['SERVER_PORT']
is used instead. For example:
define( 'JETPACK_SIGNATURE__HTTPS_PORT', $_SERVER['SERVER_PORT'] );
Maintenance Mode
Issue: Maintenance Mode causes a redirect loop on all pages for logged out users when the maintenance mode option is checked.
Solution: If you are locked out of your site, wp-login.php will still function and you can login to disable the maintenance mode plugin.
ManageWP worker
Last reviewed: Oct 12 2018
Issue 1: The ManageWP Worker plugin displays an error when adding a site in the ManageWP dashboard:
Site could not be added - Bad HTTP response (403 Forbidden)
This error sometimes leads users to believe that ManageWP's IP addresses need to be allowlisted on the platform.
Solution: Pantheon does not block any IPs, and there is nothing that would require an allowlist. Most likely there is a security plugin that temporary blocks the connection, or a conflicting plugin like those listed here. Temporary disable all other plugins, or the security plugins, then try adding your site again. For full troubleshooting, consult the ManageWP troubleshooting page.
Issue 2: Cannot remotely update core, or install/update themes and plugins in the Test and Live environments.
Solution: Due to the read only nature of Test and Live environments, remote updates can only be done in Dev, then deployed to Test and Live environment. Consider using a Custom Upstream or WordPress Multisite instead if you are deploying similar codebase, theme and plugins for a group of sites hosted in Pantheon.
Issue 3: Cannot remotely update core, or install/update theme and plugins in the Dev environment.
Solution: Make sure you are in SFTP mode instead of Git mode.
Monarch Social Sharing
Issue: The Monarch Social Sharing plugin appears to break WP-CLI, which is used by many of our workflows (clone, clear cache).
New Relic Reporting for WordPress
Last reviewed: May 08 2019
Issue: The New Relic Reporting for WordPress plugin sets up redundant configurations (appname
and framework
) with the New Relic® Performance Monitoring configuration, resulting in new applications in New Relic. This behavior may break compatibility with New Relic integrations such as QuickSilver scripts.
One Click Demo Import
Last reviewed: Mar 30 2022
Issue: The One Click Demo Import plugin returns a 502
error when automatically importing the demo files and pages for a theme. This generally happens when the process reaches the configured max-execution
time in the Pantheon system php
file.
Solution: Select the Switch to Manual Import option to import the demo files, including, content.xml
, widgets.wie
, etc.
Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter
Last reviewed: Dec 06 2019
Issue: The Popup Builder plugin stores full file paths to the options table, which breaks across multiple application containers.
Solution: A user patch has been submitted to the plugin maintainers.
PolyLang
Last reviewed: Jul 12 2024
Issue: The PolyLang plugin adds a cache-busting cookie (ex. pll_language=en
) for each request.
Solution: Define the constant PLL_COOKIE
to STYXKEY_pll_language
in wp-config.php
to make the cookie a cache-varying cookie.
// Set the polylang cache key to be edge cache compliant
define('PLL_COOKIE', 'STYXKEY_pll_language');
The value of PLL_COOKIE
defaults to pll_polylang
. This defines the name of the cookie used by Polylang to store the visitor's language. By changing PLL_COOKIE
to STYXKEY_pll_language
the cookie will become a cache-varying cookie.
See the plugin documentation for more information on its PHP constants.
Issue: The PolyLang plugin caches the home url for each language. If your site is served from multiple domains, then only one of those domains' home url will be served and the others will redirect to that one.
There is also a chance that your site will cache the insecure http
protocol for the home url of different languages. This can happen if the cached data gets generated by a server-side cron event or WP-CLI command. In this case, you'll get a redirct loop of https://domain.com/langcode/
→ http://domain.com/langcode/
→ https://domain.com/langcode/
.
Solution: Define the constant PLL_CACHE_HOME_URL
to false in wp-config.php
to force Polylang to calculate the language's home url on each request:
// Force Polylang to recalculate language home and search urls on each request.
define('PLL_CACHE_HOME_URL', false);
See the plugin documentation for more information on this PHP constant.
Posts 2 Posts
Last reviewed: Dec 10 2020
Issue: Posts 2 Posts can have incompatible index values for meta_key
on database tables when installed on a site imported from a host using 3-byte character sets, resulting in the following error on import:
Index column size too large. The maximum column size is 767 bytes
Solution: You can apply this patch to ensure new tables created by the plugin use the supported meta_key(191)
index value. You can fix existing tables via the MySQL commandline, for example:
ALTER TABLE wp_18_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_29_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_30_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_31_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
ALTER TABLE wp_33_p2pmeta DROP INDEX meta_key, ADD INDEX meta_key(meta_key(191));
Query Monitor
Issue: The Query Monitor plugin creates a symlink with an absolute path, which will only work on the appserver where the plugin was installed. The plugin is not fully designed for cloud or multi server environments. Additionally, the plugin can create large amounts of logs which can cause performance and file system issues.
Alternatives: Pantheon has tools in place to monitor database queries:
Object Sync for Salesforce
Last reviewed: Aug 24 2018
Issue: The Object Sync for Salesforce plugin adds dependencies using Composer, and one of these dependencies provides a .gitignore file which prevents files from being picked up by Git. This leads to problematic deployments as not all code moves forward to Test and Live.
Solution: Remove the .gitignore
file from the object-sync-for-salesforce/vendor/pippinsplugins/wp-logging
directory.
PhastPress
Last reviewed: Aug 13 2024
Issue: PhastPress is a site optimization plugin that creates an SQLite database on Pantheon's filesystem. This is problematic as it can vastly increase the amount of filesystem storage your site consumes and run up against resource limits. This plugin is not recommended on Pantheon.
Solution: Consider other optimization plugins, such as Autoptimize and Flying Scripts.
Redirection
Last reviewed: Jul 19 2021
Issue 1: When using the Redirection plugin, customers have reported issues with 404 logging creating large database tables, reducing site performance.
Solution: Consider using PHP code to set up your redirects. See Configure Redirects for more information.
Issue 2: Redirection prefers $_SERVER['SERVER_NAME']
over $_SERVER['HTTP_HOST']
for URL and server redirects. By default, $_SERVER['SERVER_NAME']
returns Pantheon's internal server name and not the current hostname. As a result, Redirection's "URL and server"-based redirects never match.
Solution: In wp-config.php
, add the following above the line /* That's all, stop editing! Happy Pressing. */
:
// Map $_SERVER['HTTP_HOST'] to $_SERVER['SERVER_NAME']
// to allow the Redirection plugin to work when using
// "URL and server" based redirects. By default,
// $_SERVER['SERVER_NAME'] returns Pantheon's internal
// server name and not the current hostname, as a
// result, Redirection's "URL and server"-based
// redirects never match.
$_SERVER['SERVER_NAME'] = $_SERVER['HTTP_HOST'];
Visit the SERVER_NAME and SERVER_PORT on Pantheon doc for more information about how to use HTTP_Host
on Pantheon.
This workaround may potentially break other functionality that depends on the default Pantheon return value for $_SERVER['SERVER_NAME']
.
Revive Old Post
Issue: The Revive Old Post plugin does not set a proper callback via OAuth and the Twitter module. It attempts to use ['SERVER_NAME']
instead of the recommended ['HTTP_HOST']
. Visit the SERVER_NAME and SERVER_PORT on Pantheon doc for more information about ['HTTP_HOST']
.
SendGrid Subscription Widget
Last reviewed: Nov 04 2021
This section exists for reference purposes, as SendGrid for WordPress has been deprecated as of July 13, 2021. Support can continue to help with platform issues, but may not be able to troubleshoot SendGrid-specific issues.
Issue: The email confirmation link sent from the SendGrid Subscription Widget goes to a redirect loop (see the open issue on wp.org). The link created uses a URL GET
parameter __sg_api
, which has double underscores. The platform strips this type of parameter to improve caching performance.
Solution: Manually change the the parameter __sg_api
to any variable (like sg_api
) without double underscores as prefix in the following lines of sendgrid-email-delivery-simplified/lib/class-sendgrid-mc-optin.php
:
- Line 25:
$vars[] = '__sg_api';
- Line 40:
if( isset( $wp->query_vars['__sg_api'] ) )
- Line 146:
$confirmation_link = site_url() . '/?__sg_api=1&token=' . $token;
This workaround may potentially break again with the next plugin update, and you will need to manually reapply the modification.
Site24x7
Last reviewed: Oct 20 2021
Issue: Site24x7 is an uptime monitor that pings a site to observe stability and various functions. Each time a site is pinged, Site24x7 uses a unique user agent string or various IP addresses, which may falsely inflate traffic metrics with Pantheon.
Solution: Consider using New Relic or Pingdom (/guides/pingdom-uptime-check) to monitor uptime. Pantheon maintains partnerships with these services and does not meter or bill requests from their user agents.
Slider Revolution
Last reviewed: Oct 01 2020
Issue: Slider Revolution video backgrounds will not auto-play when added to a layer, and throws this error in the Javascript console:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.youtube.com') does not match the recipient window's origin ('https://<env>-example.pantheonsite.io').
The plugin generates the site's URL using $_SERVER['SERVER_NAME']
instead of $_SERVER['HTTP_HOST']
. Due to the dynamic nature of Pantheon's cloud architecture, $_SERVER['HTTP_HOST']
is considered best practice.
Solution: Add the following line to wp-config.php
:
$_SERVER['SERVER_NAME'] = $_SERVER['HTTP_HOST'];
SmartCrawl Pro
Last reviewed: Oct 17 2018
Issue: The sitemap URL linked by the SmartCrawl Pro plugin produces a 500 Internal Server Error
on Test and Live environments. This results in a PHP error: class not found WP_Filesystem_Direct
. See more details about the issue.
Solution: Define FS_METHOD
.
Alternative plugins that have an XML sitemap feature that works well on the platform include:
Smush Pro
Last reviewed: Mar 24 2022
Issue: The Smush Pro plugin requires NGINX configuration for WebP image support. This results in issues with assuming write access. In some cases, there is also an issue with the image library processing using a temporary filesystem. Both scenarios are incompatible with Pantheon's platform.
Solution: Consider using Pantheon's AGCDN as an alternative. AGCDN provides image optimization that saves PHP resources without the need for a plugin.
Timthumb
Issue: Timthumb is no longer supported or maintained.
TubePress Pro
Issue: Sites running PHP version 5.3 produce a WSOD after activating the TubePress Pro.
Solution: Upgrade your site's PHP version to 5.5, 5.6, or 7.0.
Unbounce Landing Pages
Last reviewed: Feb 13 2019
Issue: For the Unbounce Landing Pages plugin, clicking to call conversions aren't tracked even if the pages are not cached because the cookies are stripped.
Solution: Usually these type of issues can be solved if the cookie name can be renamed with a prefix starting with STXKEY_
, but it is inadvisable to modify the plugin directly. It is suggested by the Unbounce team to separate your Pantheon site domain (eg. example.com) and the Unbounce landing page in a subdomain (e.g., unbounce.example.com), because your Unbounce landing pages can't live at exactly the same URL as your homepage. See the outlined solution here or get in touch with Unbounce support for more help.
UNLOQ Two Factor Authentication (2FA)
Last reviewed: Oct 08 2018
Issue: This widget does not work on this domain
error message shown after deploying the UNLOQ Two Factor Authentication (2FA) plugin across environments on Pantheon. This is because the API credentials used on the original environment are being used on a new environment URL, which is not allowed by the plugin. This is by design.
Solution: Manually change unloq_credentials
key in thewp_options
table. Alternatively, you can re-create an application by resetting your plugin installation (deactivate, delete entries, etc.).
For an alternative 2FA plugin, see Secure Your Site with Two-Factor Authentication.
Unyson Theme Framework
Last reviewed: Oct 05 2018
Issue: The Unyson Theme Framework plugin has an internal extension system which installs additional files aside from the plugin itself. Some of those extensions have an additional .gitignore
file that prevents it from being deployed to Test and Live environment. See this GitHub issue for more information.
Solution: When using these Unyson Extensions, manually delete the .gitignore
files in the corresponding locations:
Page builder:
wp-content/plugins/unyson/framework/extensions/shortcodes/.gitignore
wp-content/plugins/unyson/framework/extensions/shortcodes/extensions/page-builder/.gitignore
WordPress Shortcodes:
wp-content/plugins/unyson/framework/extensions/shortcodes/.gitignore
Translate Press:
wp-content/plugins/unyson/framework/extensions/shortcodes/.gitignore
Events:
wp-content/plugins/unyson/framework/extensions/events/.gitignore
Brizy:
wp-content/plugins/brizy/vendor/twig/twig/.gitignore
Updraft / Updraft Plus Backup
Last reviewed: Jul 18 2022
Issue: Updraft can create large archives and cause issues with the tools in the Database / Files tab of the Dashboard. Refer to Backup Creation for more information.
Solution: Use the platform's automated backups from the Site Dashboard. Consider using a bash script if you want to access your backups and copy it to your own repository (for example, Amazon S3, FTP server, etc.). You can do this by:
Running the bash script in your local system
Using an external server
Using a service that runs cron jobs for you
Refer to the Access Backups documentation for more details.
Visual Composer: Website Builder
Last reviewed: Aug 27 2018
Issue: The Visual Composer: Website Builder plugin fails to download additional assets during the internal plugin activation procedure on Test and Live environments.
Solution 1: New sites, without existing Test and Live environments: If this plugin is installed and activated on a new site before the Test and Live environments are created, it will properly transfer all assets and database settings to the additional environments.
Solution 2: Sites with existing Test and Live environments: To activate the plugin on sites with existing Test and Live environments, define FS_METHOD
.
WebP Express
Last reviewed: Apr 07 2022
Issue 1: WebP Express assumes write access to paths in the codebase that are read-only in non-development environments. The plugin uses is_dir
to check for the path and a symlink to files/
does not resolve the issue.
Solution: Create a symlink for wp-content/webp-express
in the wp-content directory and then run the following line of code:
ln -s ./uploads/webp-express ./webp-express
Refer to the documentation on Using Extensions That Assume Write Access for more information.
Issue 2: Broken WebP images are served from the wrong directory.
Solution 1: Set the WebP Express settings for Destination Structure
to Image Roots
in /wp-admin/options-general.php?page=webp_express_settings_page
and then clear the cache.
Solution 2: Use the Advanced Global CDN Image Optimization feature. This add-on has WebP auto-conversion at the edge, and is more performant than a plugin relying on PHP or WordPress.
Weather Station
Issue: The Weather Station plugin uses php-intl
, which is not currently supported by Pantheon.
WooCommerce
Last reviewed: Jan 10 2018
Issue: For the WooCommerce plugin, the "batch upload" process can fail during large uploads. The platform has a 120 second timeout limit for scripts, and large upload processes can hit this limit.
Solution 1: The suggested workaround is to clone the site locally, import the items, then sync the database back up to the platform.
Solution 2: If you don't have a local copy, SFTP into any environment's wp-content/uploads
folder and upload the CSV file that you wish to import. Under the advanced settings of the WooCommerce import, specify the exact path where you uploaded the CSV file and import from there:
There is a feature request on WooCommerce's GitHub page for a WP-CLI import command which would be less prone to timeouts. To express your interest to the developers, click the thumbs up on the feature request.
Issue 2: A change introduced in WooCommerce 3.6.0 breaks template loading in environments with multiple application containers.
Solution: The issue and a few workarounds possible are described in this WooCommerce Issue We hope this issue will result in future code changes to WooCommerce so mitigations are not needed.
WooZone
Issue 1: The WooZone plugin checks WP_MEMORY_LIMIT
, which defaults to 40MB, instead of ini_get('memory_limit')
, creating this notice:
Solution: Add the following line to wp-config.php
:
define('WP_MEMORY_LIMIT', '256M');
Wordfence
Last reviewed: Jun 20 2023
Issue 1: Wordfence can't write configuration and log files to the codebase.
Wordfence assumes write access to several files in the codebase to store configuration and log files.
Solution: Prepare your environment before installing Wordfence with the proper symlinks and configuration files:
Wordfence Assumed Write Access Solution
Set your Dev (or Multidev) environment to Git connection mode in the dashboard or via Terminus:
terminus connection:set $SITE.$ENV git
Clone your site's codebase locally if you haven't already. You can get the path to your codebase from the Site Dashboard:
git clone ssh://[email protected]:2222/~/repository.git my-site
Change your current directory to the location where the site's Git clone is stored:
cd $SITE
Navigate to
/wp-content
and check if the/wp-content/wflogs
folder exists. If it does, remove it before you create the symlinks in the next steps:cd wp-content rm -rf wflogs
Return to the root directory of the Git clone:
cd ..
Create the following symlinks:
ln -s ../../files/private/wflogs ./wp-content/wflogs ln -s ../files/private/wordfence-waf.php ./wordfence-waf.php ln -s ../files/private/.user.ini ./.user.ini
Open
pantheon.yml
and add a protected web path for.user.ini
:pantheon.ymlprotected_web_paths: - /.user.ini
Set the
FS_METHOD
todirect
inwp-config.php
.Commit and push the changes to the platform:
git add . git commit -m "Prepare environment for Wordfence" git push origin master #Or Multidev branch name
Create the empty files
wordfence-waf.php
and.user.ini
to push to the site. In this example, we're usingtouch
to create them in the/tmp
directory:touch /tmp/wordfence-waf.php /tmp/.user.ini
Connect to your environment over SFTP, create the required directories, and push the new files. You don't need to switch the environment back to SFTP mode, since you're not changing anything in the codebase. You can get the SFTP path from the Site Dashboard under Connection Info. Complete this step in Dev, Test, and Live Environments.
sftp -o Port=2222 [email protected]
mkdir files/private mkdir files/private/wflogs put /tmp/wordfence-waf.php /files/private Uploading /tmp/wordfence-waf.php to /files/private/wordfence-waf.php /tmp/wordfence-waf.php 100% 0 0.0KB/s 00:00 put /tmp/.user.ini /files/private/ Uploading /tmp/.user.ini to /files/private/.user.ini /tmp/.user.ini 100% 0 0.0KB/s 00:00 exit
Set the environment connection mode to SFTP, then install and activate Wordfence. You can do both with Terminus:
terminus connection:set $SITE.$ENV sftp [notice] Enabled on-server development via SFTP for "env" terminus wp $SITE.$ENV -- plugin install --activate wordfence Installing Wordfence Security – Firewall & Malware Scan (7.4.9) Warning: Failed to create directory '/.wp-cli/cache/': mkdir(): Read-only file system. Downloading installation package from https://downloads.wordpress.org/plugin/wordfence.7.4.9.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'wordfence'... Warning: fopen(/code/wp-content/wflogs/rules.php): failed to open stream: No such file or directory in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 325 Warning: flock() expects parameter 1 to be resource, bool given in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 326 Warning: include(/code/wp-content/wflogs/rules.php): failed to open stream: No such file or directory in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 328 Warning: include(): Failed opening '/code/wp-content/wflogs/rules.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php') in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 328 Warning: flock() expects parameter 1 to be resource, bool given in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 329 Warning: fclose() expects parameter 1 to be resource, bool given in /code/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/waf.php on line 330 Plugin 'wordfence' activated. Success: Installed 1 of 1 plugins. [notice] Command: wordpress-docs-testbed.waf5 -- wp plugin install [Exit: 0]
You can safely ignore the warning messages.
Navigate to the Wordfence plugin in the site's WordPress Admin and Resume Installation if prompted, or click CLICK HERE TO CONFIGURE. The plugin requires that you download
.user.ini
to continue. As this file is blank at this point, you can delete it after downloading.
Issue 2: Error connecting to the database.
Occassionally, when configuring the Web Application Firewall (WAF), it can result in an "Error connecting to the database" message, in which the Wordfence plugin generates a bad wordfence-waf.php
file. This results in two problems:
__DIR__
is not providing the proper path for Wordfence- Wordfence cannot find your database credentials
Solution if __DIR__
is not providing the proper path for Wordfence: Modify Wordfence to use relative paths.
Change the following code within
wordfence-waf.php
over SFTP from:wordfence-waf.phpif (file_exists(__DIR__.'/wp-content/plugins/wordfence/waf/bootstrap.php')) { define("WFWAF_LOG_PATH", __DIR__.'/wp-content/wflogs/'); include_once __DIR__.'/wp-content/plugins/wordfence/waf/bootstrap.php'; }
To:
wordfence-waf.phpif (file_exists('../../code/wp-content/plugins/wordfence/waf/bootstrap.php')) { define("WFWAF_LOG_PATH", '../../code/wp-content/wflogs/'); include_once '../../code/wp-content/plugins/wordfence/waf/bootstrap.php'; }
Add Wordfence constants in between conditions in the
wordfence-waf.php
file. The file should resemble the following when complete:wordfence-waf.php// Before removing this file, please verify the PHP ini setting `auto_prepend_file` does not point to this. // This file was the current value of auto_prepend_file during the Wordfence WAF installation if (file_exists('/includes/prepend.php')) { include_once '/includes/prepend.php'; } define('WFWAF_DB_NAME', $_ENV['DB_NAME']); define('WFWAF_DB_USER', $_ENV['DB_USER']); define('WFWAF_DB_PASSWORD', $_ENV['DB_PASSWORD']); define('WFWAF_DB_HOST', $_ENV['DB_HOST'] . ':' . $_ENV['DB_PORT']); define('WFWAF_DB_CHARSET', 'utf8mb4'); define('WFWAF_DB_COLLATE', ''); // Note the table prefix should reflect your WordPress application's table prefix. Update accordingly. define('WFWAF_TABLE_PREFIX', 'wp_'); if (file_exists('../../code/wp-content/plugins/wordfence/waf/bootstrap.php')) { define("WFWAF_LOG_PATH", '../../code/wp-content/wflogs/'); include_once '../../code/wp-content/plugins/wordfence/waf/bootstrap.php'; }
Further Considerations with Wordfence: Utilizing data storage over files
If you experience degraded performance with Wordfence active, using Wordfence's data storage option might be appropriate. Modify wordfence-waf.php
to include the MySQLi storage engine constant. Combined with the constants previously mentioned, the plugin will write to your database instead of your file system. If you do this, we recommend wrapping the constants in a condition that checks wp-config.php
for a conflicting constant. The end result of your modified wordfence-waf.php
should resemble the following:
<?php
// Before removing this file, please verify the PHP ini setting `auto_prepend_file` does not point to this.
// This file was the current value of auto_prepend_file during the Wordfence WAF installation (Sun, 21 Nov 2021 23:40:56 +0000)
if (file_exists('/includes/prepend.php')) {
include_once '/includes/prepend.php';
}
if(! defined('WFWAF_STORAGE_ENGINE')) {
// define WF constants if not set in wp-config.php
define('WFWAF_STORAGE_ENGINE', 'mysqli');
define('WFWAF_DB_NAME', $_ENV['DB_NAME']);
define('WFWAF_DB_USER', $_ENV['DB_USER']);
define('WFWAF_DB_PASSWORD', $_ENV['DB_PASSWORD']);
define('WFWAF_DB_HOST', $_ENV['DB_HOST'] . ':' . $_ENV['DB_PORT']);
define('WFWAF_DB_CHARSET', 'utf8mb4');
define('WFWAF_DB_COLLATE', '');
// Note this table prefix should reflect your WordPress application's table prefix. Update accordingly.
define('WFWAF_TABLE_PREFIX', 'wp_');
}
if (file_exists('../../code/wp-content/plugins/wordfence/waf/bootstrap.php')) {
define("WFWAF_LOG_PATH", '../../code/wp-content/wflogs/');;
include_once '../../code/wp-content/plugins/wordfence/waf/bootstrap.php';
Advantages: Customers have reported improved file system performance without having to compromise on Wordfence's features.
Disadvantages: Due to the nature of the plugin, binary logs and insertion queries will increase. Performance gains in one area may be sacrificed in another.
How do I confirm I am using data storage with Wordfence?
You can confirm usage by navigating to the Wordfence menu within your WordPress dashboard. Select Tools, on the the Tools page click the Diagnostic tab. In the Diagnostic tab, below the Wordfence Firewal section, search for the "Active Storage Engine". This query will display either "File System" or "MySQLi". For this instance, choose "MySQLi". An additional table will be added called wp_wfwafconfig
(assuming your table prefix is wp_
) and queries will increase based on blocked traffic.
WordPress Download Manager
Issue: The WordPress Download Manager plugin wpdm-cache
directory may grow excessively large with generated files.
Solution: We recommend that you research an alternative download manager plugin that fits your needs.
WordPress Social Login
Issue 1: The WordPress Social Login plugin attempts to access PHP native sessions before WordPress has been bootstrapped, which prevents the Pantheon PHP native sessions plugin from being called. This leads to a 500 error when authenticating with external services.
Solution: While not recommended, you can add the following lines to wp-config.php
before the first call to session_start
:
if (defined( "PANTHEON_BINDING" )) {
include_once( "/srv/bindings/". PANTHEON_BINDING ."/code/wp-blog-header.php" );
}
You will need to make this change every time the plugin is updated.
Issue 2: This plugin creates a session on every page, which can prevent page level caching.
WP Cerber Security, Antispam & Malware Scan
Last reviewed: Sep 06 2024
WP Cerber is a premium security plugin (with a free version available) that is only available through the WP Cerber website. Previously, it was available on the WordPress plugin repository, but it was removed due to a violation of the repository's guidelines.
Issue: The WP Cerber Anti-Spam Engine makes pages uncacheable on the Pantheon Global CDN. WP Cerber creates a unique, cache-busting cookie for each visitor, which prevents users from seeing cached pages.
Solution: Disable the Anti-Spam Engine features in the WP Cerber plugin settings.
Navigate to the WP Cerber menu in the WordPress dashboard and select Anti-Spam.
Disable the following options:
- Protect registration form
- Protect comment form
- Protect other forms
In your Pantheon dashboard, clear the cache for the environment.
Your pages should now be cacheable on the Pantheon Global CDN.
WP Reset
Last reviewed: Nov 04 2021
Issue 1: Some features of the WP Reset plugin can not be used on the Pantheon platform. Features such a file reset and restore do not work because staging and production environments are immutable, and backups help with restore and data rollbacks.
Solution: Use an alternate plugin that resets the WordPress database to the default installation.
WP Rocket
Last reviewed: Oct 25 2022
Issue 1: As with other caching plugins, WP Rocket's HTML caching feature conflicts with Pantheon's page caching. The caching feature can be disabled to allow other features, like file optimization, media, etc. to be used side-by-side.
Solution 1:
Set your development mode to SFTP.
Install the WP Rocket plugin to the Dev environment by uploading via SFTP or from the WP dashboard.
Install the helper plugin WP Rocket | Disable Page Caching to the Dev environment by uploading via SFTP or from the WP dashboard.
Activate both plugins from the dashboard.
WP Rocket will automatically make two changes as long as your environment is in SFTP mode.
Commit both changes to your site's codebase. If your environment is in GIT mode, you'll need to make these changes yourself.
The following definition will be added in
wp-config.php
. This enables advanced caching capabilities.wp-config.phpdefine('WP_CACHE', true); // Added by WP Rocket
The
wp-content/advanced-cache.php
drop-in file will be created.
Issue 2: WP Rocket assumes write access to read-only file paths in Pantheon.
Solution 2a: If you are running version 3.5 and higher, you can set a custom cache folder and config path:
define( 'WP_ROCKET_CONFIG_PATH', $_SERVER['DOCUMENT_ROOT'] . '/wp-content/uploads/wp-rocket/config/' );
define( 'WP_ROCKET_CACHE_ROOT_PATH', $_SERVER['DOCUMENT_ROOT'] . '/wp-content/uploads/wp-rocket/cache/' );
define( 'WP_ROCKET_CACHE_ROOT_URL', WP_SITEURL . '/wp-content/uploads/wp-rocket/cache/' ); // Assumes you have WP_SITEURL defined earlier in the file.
Solution 2b: If you are runnning a version between 3.2 and 3.4, you can only set the cache path through constants.
Create symlinks for the other paths.
Make sure to manually create the folders below in ALL environments.
files/cache/wp-rocket files/cache/busting
or
code/wp-content/uploads/cache/wp-rocket code/wp-content/uploads/cache/busting
Solution 2c: If you are running a version below 3.2, your only option is to upgrade the plugin to a newer version.
WPBakery: Page Builder
Last reviewed: Sep 14 2018
Issue: The Custom CSS and Design Options pages of the WPBakery: Page Builder plugin (?page=vc-custom_css
, ?page=vc-color
) try to create new files when saved. Due to problems related to incorrect FS_METHOD
, files are not created or saved in the expected folder, wp-content/uploads/js_composer
.
Solution: Define FS_METHOD
.
WPFront Notification Bar
Last reviewed: Oct 20 2020
Issue: WPFront Notification Bar sends a set-cookie
header in each response, which breaks caching on Pantheon's Global CDN. For example:
curl -I https://www.example.com
HTTP/2 200
cache-control: public, max-age=600
content-type: text/html; charset=UTF-8
link: <https://www.example.com/wp-json/>; rel="https://api.w.org/"
link: <https://www.example.com/wp-json/wp/v2/pages/47>; rel="alternate"; type="application/json"
link: <https://www.example.com/>; rel=shortlink
server: nginx
set-cookie: wpfront-notification-bar-landingpage=1strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe1-a-789d66bff9-tztp6
x-styx-req-id: 7f93c166-53fe-11ea-803e-b26d7703e33f
date: Tue, 20 Oct 2020 21:16:09 GMT
x-served-by: cache-mdw17356-MDW
x-cache: MISS
x-cache-hits: 0
x-timer: S1603228567.134579,VS0,VE2847
vary: Accept-Encoding, Cookie
age: 0
accept-ranges: bytes
via: 1.1 varnish
Solution: You can apply this patch to disable landing page tracking and fix caching.
WP All Import / Export
Last reviewed: Apr 05 2024
Issue 1: With WP All Import / Export, large batch processes can fail if they take longer than the platform will allow. See Timeouts on Pantheon for more information.
Solution: To avoid hitting a timeout, you can try:
Clean up temporary files
Lower the chunk size to fewer than 100 records:
Cron Processing Time Limit should be set not more than 50 seconds to be safe with the 59 second platform PHP timeout.
Set the plugin to only process 1 record at a time:
The optimal number of records to process at one time depends on how many post_metas and custom functions are associated with each post imported.
Instead of importing one large file, it is best to set it up as recurring cron import as outlined in WP All Import's documentation.
If this will be a recurring import, increasing this number may help speed the completion of the task.
For busy sites while doing recurring cron, you can add cron sleep of at least 10 seconds to free up some php workers on recurring cron imports.
Issue 2: Getting invalid file paths when importing / exporting on environments with multiple appservers like test and live.
Solution: Upload the import file directly to the plugin's designated writable path wp-content/uploads/wpallimport/files/
. When creating a new import using existing file
, the file uploaded should appear there as an option.
Issue 3: Upload count does not match the import file.
Solution: Under WP All Import Settings:
- Check the Enable Stream Reader
- Cron Processing Time Limit should be set not more than 50 seconds
- Clean up temporary files
- Lower the chunk size to less than 100
Issue 4: "All Import" does not appear in WordPress admin menu.
In Test and Live environments, or while in Git mode on Dev, certain WordPress capabilities such as install_plugins
are automatically disabled to make the WordPress admin UI not show features that require writable environments.
WP All Import checks if a user has the install_plugins
capability to determine if its admin menu should be displayed. Since this capability is disabled in these Pantheon environments, the plugin's menu doesn't appear.
Solution: To display the plugin's admin menu, add the following line to your wp-config.php
files before the inclusion of wp-config-pantheon.php:
define('DISALLOW_FILE_MODS', false);
This will allow the plugin's admin menu to appear. However, while you'll see more UI options in WordPress, such as the ability to install or update plugins, these actions won't work due to the non-writable filesystem. They will be present but non-functional.
WP-Ban
Last reviewed: Feb 23 2021
Issue: WP-Ban returns a 200-level response code to banned IPs. These responses are cached and count towards Site Visits. In addition, the Pantheon Global CDN may cache the result as successful, leading future visitors to think they've also been banned.
Solution: See the doc on how to Investigate and Remedy Traffic Events for alternative methods.
WP Migrate DB
Last reviewed: Oct 17 2018
Issue: When using the WP Migrate DB plugin on Test and Live environments, the Compatibility settings cannot be configured because this feature requires write access to wp-content/mu-plugins
. This issue prevents plugins from being included in DB exports and search-and-replace tasks.
Solution: The normal search-and-replace and DB export functions of this plugin work, but will leave all plugins disabled while in operation. If a specific plugin is required to remain active during the DB export and search-and-replace operations, add a filter for it as described in the plugin's debugging page.
WPML - The WordPress Multilingual Plugin
Last reviewed: Jul 28 2023
Issue 1: Locking an environment prevents the WPML - The WordPress Multilingual Plugin plugin from operating and returns the following error: It looks like languages per directories will not function
.
Solution: Make the environment public within the Site Dashboard. For details, see Security on the Pantheon Dashboard.
Issue 2: When registering the plugin, accessing /wp-admin/plugin-install.php?tab=commercial
returns "Sorry, you are not allowed to access this page".
Solution: Activate the plugin individually for each environment you want to use the plugin with, as it requires a separate key for each domain. Instead of clicking on Purchase a subscription or enter an existing site key, use the Configure WMPL button:
You can also add the registration keys to wp-config.php
:
define( 'OTGS_INSTALLER_SITE_KEY_WPML', 'your-site-key' );
Learn more in the WPML Guide.
Issue 3: Your wp-admin becomes too slow or upon activating WPML String Translation plugin, you may see this error:
WPML String Translation is attempting to write .mo files with translations to folder:
/srv/bindings/***/code/wp-content/languages
This folder appears to be not writable. This is blocking translation for strings from appearing on the site. To resolve this, please contact your hosting company and request that they make that folder writable. For more details, see WPML's documentation on troubleshooting .mo files generation.
Solution 1:
In
wp-config.php
, add the following above the line/* That's all, stop editing! Happy Pressing. */
:wp-config.phpif ( !defined('WP_LANG_DIR') ) { define( 'WP_LANG_DIR','/files/languages/wpml' ); } if ( !defined('WP_TEMP_DIR') ) { define('WP_TEMP_DIR', sys_get_temp_dir() ); }
Create a symlink for
wp-content/languages
pointing towp-content/uploads/languages
. See Using Extensions That Assume Write Access for more information.Create the
languages/wpml
directory inside/files
for each environment.Define the FS_METHOD in the wp-config.
WP phpMyAdmin
Last reviewed: Jan 30 2024
The WP phpMyAdmin plugin is not supported on Pantheon and will not work correctly.
Alternative: Please see https://docs.pantheon.io/guides/mariadb-mysql/mysql-access for more information on accessing your database directly.
YITH WooCommerce Extensions with MPDF Library
Last reviewed: Mar 09 2023
Affected Plugins
- YITH WooCommerce Request a Quote
- YITH WooCommerce PDF Invoice and Shipping List
- YITH WooCommerce Gift Cards
Issue: Various YITH WooCommerce extensions use the MPFD library. This practice assumes write access to the site's codebase within the wp-content/plugins
directory. This is applicable to the caching of PDFs, which is not granted on Test and Live environments on Pantheon. For additional details, refer to Using Extensions That Assume Write Access.
Solution: Change the location where the plugin stores the PDF cache. Configure YITH WooCommerce Request a Quote to write files within the wp-content/uploads
path for WordPress (wp-content/uploads/yith-mpdf-tmp
) by adding the following code sample to functions.php
:
/**
* Changes PDF cache location for YITH WooCommerce extensions.
*
* @param array $args The configuration for MPDF initialization.
* @return array The updated config with writable path.
*/
if ( ! function_exists( 'yith_mpdf_change_tmp_dir' ) ) {
function yith_mpdf_change_tmp_dir( array $args ): array {
$upload_dir = wp_upload_dir();
$upload_dir = $upload_dir['basedir'];
$args['tempDir'] = $upload_dir . '/yith-mpdf-tmp/';
return $args;
}
}
// Request a Quote
add_filter( 'ywraq_mpdf_args', 'yith_mpdf_change_tmp_dir', 20, 1 );
// PDF Invoice
add_filter( 'yith_ywpdi_mpdf_args', 'yith_mpdf_change_tmp_dir', 10, 1 );
// Gift Cards
add_filter( 'yith_ywgc_mpdf_args', 'yith_mpdf_change_tmp_dir', 10, 1 );
Yoast SEO
Last reviewed: Jun 12 2018
Issue: The redirects for the Yoast SEO plugin setting will detect two options for redirect methods, "PHP", and "Web Server". The Web Server option expects write access to the nginx.conf
file, which is not writable on Pantheon.
Solution: Only use the "PHP" redirect method.
Yoast Indexables
Last reviewed: Jun 14 2022
Issue: Yoast Indexables can cause performance issues on large sites. Sites with 100,000+ posts might find that indexing the table with wp yoast index
will time out. Sites might also see slow load times in both the frontend and wp-admin areas due to queries on the wp_yoast_indexables
table.
Solution: Disable saving data to the wp_yoast_indexables
table to improve wp-admin performance. However, if you have 1,000,000+ posts you might see extremely poor performance on the frontend with indexables disabled. Use the code below to disable data saving for Yoast indexables.
/** Tell Yoast not to save indexable data to the wp_yoast_indexables table. */
add_filter( 'Yoast\WP\SEO\should_index_indexables', '__return_false' );
Pantheon's Professional Services team has tooling available to help index large sites. Reach out to your Customer Success Manager to get more information about tooling.
YotuWP Easy YouTube Embed
Last reviewed: Nov 27 2019
Issue: The YotuWP Easy YouTube Embed plugin asks for SFTP credentials after installation.
Solution: Define FS_METHOD
.
WordPress Themes
Self-Updating Themes
Several WordPress themes, including Jupiter, Nanosoft, and Uncode, present a form requesting FTP credentials in order to automatically update its components. This will appear on Dev, Test and Live environments and can be hidden with CSS, but is still present.
The form can be disabled by adding the following to wp-config.php
, above the line /* That's all, stop editing! Happy Pressing. */
:
/** Disable theme FTP form */
define('FS_METHOD', 'direct');
define('FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
define('FS_CHMOD_FILE', ( 0755 & ~ umask() ) );
define('FTP_BASE', __DIR__);
define('FTP_CONTENT_DIR', __DIR__ .'/wp-content/');
define('FTP_PLUGIN_DIR', __DIR__ .'/wp-content/plugins/');
Uncode
Last reviewed: Jun 19 2019
Issue: The Uncode theme throws a PHP Fatal error in its settings page for Dev's and Multidev's Git mode, Test and Live.
Solution: This theme assumes write access to theme folders wp-content/themes/uncode/core/assets/css
and wp-content/themes/uncode/library/css
for it to work properly in git mode. For additional details, see Using Extensions That Assume Write Access.
WordPress Functions
add_management_page()
Issue: For the add_management_page(), adding a submenu page to the Tools main menu using WordPress roles and capabilities that would read or write files to core, themes, or plugins, is not supported.
For example, the install_plugins
capability isn't present on the Test or Live environment, therefore menus created with it will not display. For example:
hook = add_management_page( 'My WP Tool Page', 'My WP Tool',
'install_plugins', 'mywptool', array( $this, 'admin_page' ), '' );
add_action( "load-$hook", array( $this, 'admin_page_load' ) );
This is because write permissions are restricted in Test and Live per the Pantheon Workflow.
Solution: You can use another capability such as read_private_posts
instead.
The list of WordPress roles and capabilities that should not be relied upon include:
update_core
update_plugins
update_themes
install_plugins
install_themes
upload_plugins
upload_themes
delete_themes
delete_plugins
edit_plugins
edit_themes
wp_filesystem->get_contents()
Issue: With wp_filesystem->get_contents(), the function wp_filesystem->get_contents()
can fail when an environment is in Git mode (as Test and Live always are) because it is aware of filesystem-level permissions which are restricted in this mode.
Solution: As described in this StackExchange answer, for cases where file ownership doesn't matter this function could be replaced with file_get_contents()
. This is true of most cases where the file in question is only being read, not written to.
Other Issues
Plugins and themes will not work on Pantheon if they:
- Require Apache.
- Require customized
.htaccess
files. - Need to modify Nginx configuration files.
- Require PostgreSQL or other non-MySQL compatible databases.