TLDR: Set up a proxy server and specify a few new constants in wp-config.php.
Automattic decided to block the websites hosted on WP Engine and some other hosting providers from installing new plugins and receiving updates from WordPress.org.
This issue can be solved by using a proxy server. It changes the source IP address and makes it impossible to detect the hosting provider of a particular website.
If you don't have one, it makes sense to set up an account on webshare.io, brightdata.com, iproyal.com, and many others. If you have more experience, please consider configuring an instance on AWS, Google Cloud, or Cloudflare. You can even get a cheap VPS server on Digital Ocean or Hetzner and configure Squid or any other service.
Once the proxy is configured, you need to add the following configuration to the wp-config.php file:
define('WP_PROXY_HOST', 'xxx.xxx.xxx.xxx'); // Proxy Address
define('WP_PROXY_PORT', 'xxx'); // Port Number
define('WP_PROXY_USERNAME', 'xxxxx'); // Proxy Username (if exists)
define('WP_PROXY_PASSWORD', 'xxxxx'); // Proxy Password (if exists)
Additionally, it makes sense to limit the proxy usage only to the wordpress.org website using the following code:
add_filter('pre_http_send_through_proxy', function($result, $uri) {
if (strpos('wordpress.org', $uri) !== false) {
return true;
} else {
return false;
}
}, 10, 2);
You can add it to the functions.php or another appropriate file.
I have set up a free account on webshare.io, and it works fine for a website hosted on WP Engine.
This solution should solve the issue with updates even if Automattic finds a way to block the workaround implemented by WP Engine earlier today.
Nice! Thanks for sharing this!
My sites on WP Engine are updating fine now. Looks like the fix they alluded to has rolled out.
WPE could set up a set of their own proxies as well as quick solution. If one gets blocked then move to next one.
Good luck blocking hundreds of random IPs.
If the conflict between service platforms does not stop, then proxy solutions and similar solutions will not be sustainable. The repository can easily block all such requests. It is not much more difficult than blocking direct requests. I think that WPengine will make its own repository. In the meantime, this is a temporary solution.