Your server settings provide access to SFTP credentials, database management, and advanced hosting configurations like PHP version control and cache management. In this guide, you will learn how to access your server settings.
This feature is available on sites with the WordPress.com Business and Commerce plans. If you have a Business plan, make sure to activate it. For free sites and sites on the Personal and Premium plans, upgrade your plan to access this feature.
To access your server settings, follow these steps:
- Visit your Sites list.
- Click the ⋮ button on the right and select Settings.
- Scroll to the Server section.
Alternatively, from your sites list, press ⌘K on Mac or Ctrl+K on Windows and Linux and use the Hosting Command Palette to search for Server Settings.
This displays the current version of WordPress that your site is using. Websites hosted on WordPress.com always run the latest version of WordPress automatically, so you never need to handle updates yourself.
You can try the beta version of the next release (if available) on a staging site. Follow the steps here to try a beta version of WordPress on a staging site.
PHP is the programming language that primarily powers WordPress. Newer versions of PHP often come with performance improvements that make your site more speedy. Older versions of PHP stop receiving security updates.
WordPress.com strives to ensure sites have access to the latest compatible versions of PHP. The versions we currently support can be found by visiting the PHP environment support page. It is not possible to roll back to PHP 7 or other older versions not listed here because they no longer receive security updates.
⚠️
Before changing your PHP version, ensure all active plugins and your site’s active theme are up-to-date. Outdated plugins or themes may cause errors with newer PHP versions.
You typically don’t need to switch your PHP version. In the event an update to your site’s PHP version is required, WordPress.com updates it for you. However, it’s possible that a plugin or theme might require a newer version of PHP. Therefore, we provide the option for you to change the PHP version your site uses.
To change your site’s PHP version, follow these steps:
- Follow the steps above to access your server settings.
- Click the PHP section.
- Select an available PHP version from the dropdown.
- Click the Save button.
We always recommend using the latest stable version of PHP for the best performance and security. However, some older or poorly maintained plugins and themes may not be compatible with the latest version, which can lead to unexpected errors or functionality issues.
If you change your PHP version and find that it causes issues, you can return to the previous version while we still support it. Still, we recommend contacting the plugin or theme developer to ensure they will update their PHP version support in the future, as the plugin may become fully incompatible otherwise.
If you experience errors after updating PHP, follow the steps in our Solve Problems With Plugins and Themes guide to identify the problematic plugin or theme.
SFTP credentials allow you to access and edit your website files using an SFTP client. To create your site’s SFTP credentials, follow these steps:
- Visit your Sites list.
- Click the ⋮ button on the right and select Settings.
- Scroll to the Server section.
- Click on SFTP/SSH to view and copy your site’s SFTP username and password.
Visit our guide to SFTP for more information.
You’ll also find SSH here. SSH access allows you to use WP-CLI and advanced command-line tools. Visit the following guides to learn more about connecting to SSH and using WP-CLI.
Database access through phpMyAdmin allows you to run database operations and manage your site’s data directly. To access your database, follow these steps:
- Follow the steps above to access your server settings.
- Click the Database section.
- Click “Open phpMyAdmin” to launch the database management interface.
Learn more in our manage your site’s MySQL database guide.
You can control how your server handles requests for nonexistent assets. This setting allows you to specify how requests for assets (like images, fonts, JavaScript, and CSS files) are treated when a requested resource no longer exists on your website.
There are 3 options to choose from:
- Default: Use the setting the platform has decided as the best option.
- Sent a lightweight File-Not-Found page: Let the server handle static file 404 requests. This option is more performant than the others because it doesn’t load the WordPress core code when handling nonexistent assets.
- Delegate request to WordPress: Let WordPress handle static file 404 requests.
Clearing your site’s cache can resolve display issues and ensure visitors see your latest changes. To clear all server caches, follow these steps:
- Follow the steps above to access your server settings.
- Click the Cache section.
- Click the “Clear” button for the appropriate cache(s).
Learn more in our clear your site’s cache guide.
Below the Server settings, you’ll find additional Security settings:
Our web application firewall (WAF) examines incoming traffic to your website and decides to allow or block it based on various rules. Within this setting, you can:
- Enable brute force login protection: Prevent and block unwanted login attempts from bots and hackers attempting to log in to your website with common username and password combinations.
- Always allow specific IP addresses: IP addresses added to this list will never be blocked by our security features.
Allow registered users to log in to your site with their WordPress.com accounts. Visit our Configure your site’s login access guide to learn more.
Defensive mode provides extra security protection against spambots and distributed denial-of-service (DDoS) attacks. Visit our defensive mode guide to learn how it works.
