Skip to main content
WP Engine’s security configuration may block MainWP from deleting plugins and themes on child sites. The solution requires WP Engine Support to add a custom Nginx rule for your sites.

What You’ll Learn

  • Why plugin/theme deletion fails on WP Engine
  • What information WP Engine Support needs
  • The Nginx rule that enables MainWP operations

Prerequisites

  • MainWP Dashboard with WP Engine-hosted child sites
  • WP Engine account with support access
  • MainWP User-Agent string

Why This Happens

WP Engine uses strict security rules that may block automated requests from external systems. When MainWP attempts to delete plugins or themes, WP Engine’s Nginx configuration can block these operations as a security measure.

Contact WP Engine Support

1

Open a support ticket

Contact WP Engine Support through your WP Engine dashboard or their support channels.
2

Request the Nginx rule

Ask your support agent to add an Nginx rule that allows the MainWP User-Agent to access your child site.
3

Provide the User-Agent

Give WP Engine this User-Agent string:
Mozilla/5.0 (compatible; MainWP/4.0; +http://mainwp.com)
The version number (4.0 in this example) changes with each MainWP release.
4

List all child sites

If you have multiple child sites hosted on WP Engine, the Nginx rule must be added for each site. Provide a list of all affected child site domains.
5

Wait for confirmation

WP Engine will implement the rule and confirm when it’s active.
6

Test deletion

After WP Engine confirms the change, test plugin and theme deletion from your MainWP Dashboard.

Nginx Rule Example

For reference, this is the type of Nginx rule WP Engine adds: 
Nginx before-in-location

set $mainwp_ua 0;
if ($http_user_agent ~* MainWP) {
    set $mainwp_ua 1;
}

set $mainwp_location 0;
if ( $uri ~* "^/(wp-cron\.php|wp-admin/admin-ajax\.php)" ) {
    set $mainwp_location 1;
}

set $both_mainwp_vars "$mainwp_ua:$mainwp_location";
if ($both_mainwp_vars = "1:1") {
    set $is_trusted 1;
    proxy_pass http://localhost:6788;
}
You don’t need to understand or configure this rule yourself. WP Engine Support will handle the implementation. This is provided for reference only.

Self-Check Checklist

  • Contacted WP Engine Support
  • Provided MainWP User-Agent string
  • Listed all affected child site domains
  • Received confirmation that rule was added
  • Tested plugin/theme deletion successfully