Jesse Lawson

Software engineering, artificial intelligence, writing, and open-source tools

Jan 1, 0001 - WP Engine

WP Engine Hotfix: Disable Staging URL

If you’re a WP Engine user, you may have noticed that your staging area remains live even after you don’t need it anymore. Since WP Engine charges you based on total page views and server resources, its safe to say that web traffic to your staging area costs you money. Hopefully WP Engine takes my advice in this post and creates a staging area on/off switch, but in the meantime, here’s a simple solution that will give you the ability to deny all access to your staging area once you’re done with it.

Problem: Your staging area is still live and its traffic counts toward your total visits.

Solution: Add “deny from all” to your staging area’s .htaccess  file.

If you’ve ever utilized the staging feature in your account, you’ll have noticed that your staging site remains live even after you’re finished with it. Some people have complained that this is a little ridiculous because 1) your staging site is reachable by bots and crawlers, and 2) after your done using the staging site you shouldn’t be charged for access to it (because there shouldn’t be access to it in the first place).

On the first point: if you want to restrict access to your staging site to only those IP addresses that you allow, you can do that with .htaccess . Since there’s no real way for WP Engine to know when you’re done with your staging site, who you want to allow/deny access to, and what you’ll be using your staging site for, it’s smarter for them to just give you the keys when it comes to staging access. However — and regarding the second point — WP Engine could make it a bit easier for end-users to turn on and turn off access to the staging area.

Here’s what I do to restrict access to my staging area:

  1. Login to your staging site via SFTP. (How?)

  2. In whatever SFTP client you’re using, find your .htaccess  file and edit it. Since I’m using WinSCP, I’ll right-click and select Edit.

    uy345hjg235hg25ghjggkj
    If you can’t see this file, you need to go into your SFTP client settings and enable the option that lets you view hidden files.
  3. Add the following line to the top of .htaccess :
    deny from all
  4. If you have never touched your .htaccess  file before, it should look like this now:
    deny from all

BEGIN WordPress

<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>

END WordPress

</li>

<li style="text-align: left;">
  Save the changes and ensure that the server file is modified (i.e., make sure you didn&#8217;t accidentally just save the changes on your local computer).
</li>
<li style="text-align: left;">
  Visit your staging URL, and now you should see something like this:<br /> <img class="aligncenter size-full wp-image-10873" alt="as87fa89sdf87as6df6785fg74gfh567d4fgh67sd5678ga78gf6" src="http://lawsonry.com/wp-content/uploads/2013/12/as87fa89sdf87as6df6785fg74gfh567d4fgh67sd5678ga78gf6.png" width="418" height="102" />
</li></ol> 

<p>
  That&#8217;s it. What we basically did here was deny all access from anyone to the staging area. When you want to re-use the staging area, you can either 1) delete that line from the <span class="lang:default decode:true  crayon-inline ">.htaccess</span>  file, or just click on the Copy Live to Staging button in your WP Engine panel. The latter is the easiest, because your <span class="lang:default decode:true  crayon-inline ">.htaccess</span>  file will automatically be overridden with a working one.
</p>

<p>
  <strong>Here&#8217;s what I recommend to WP Engine:</strong>
</p>

<ul>
  <li>
    Create a button in the Staging tab (WP Engine->WP Engine->Staging) that allows users to enable or disable web access to the staging area.
  </li>
</ul>

<p>
  Assuming that fetched content is what alters visitor count, and that your customers all want to reduce the number of garbage visits (i.e., non-developer/client traffic to staging area), having a button in the back-end with two options could work like this:
</p>

<ul>
  <li>
    <strong>Staging Access On. </strong>When the button is &#8220;on,&#8221; the default WordPress .htaccess is generated and copied to the staging directory.
  </li>
  <li>
    <strong>Staging Access Off. </strong>The use is warned that this will deny <em>all</em> web traffic to the staging area, and that the only way to regain access is to flip the switch from <em>Off</em> to <em>On</em>. Once they confirm, a simple PHP or bash script opens up the .htaccess file, copies the contents to .htaccess-backup, prepends &#8220;deny from all&#8221; to the top of whatever is in the .htaccess file and saves it, then tells the users that their staging area is now completely offline.
  </li>
</ul>

<p>
  <strong>If you have your own ideas for this hotfix, questions about it, or just some really cold remarks, </strong>leave a comment below.
</p>