Below you can find shorter answers, which don’t warrant a documentation page to themselves (see our documentation for VIP Go), to some frequently asked questions about VIP Go. If you cannot find what you need to know here, or by searching, please feel free to contact us and we’ll be happy to help.

What version of PHP is VIP Go running?

We run the latest patch version of PHP 7.3.

Where do themes and plugins go on VIP Go?

This is covered in our documentation on the VIP Go Codebase.

Can we add third-party plugins and libraries/SDKs inside the plugins directory?

Yes. These still need to go through code review. Note that you can use git submodules where the source repository is public, but we do not support private submodules.

How does deploying code work?

This is covered in our documentation about the PR Review process.

Do static files (CSS, images, etc) auto-deploy like they do on VIP?

No, there is not currently any automatic deployment of files based on file type. We may add this in the future.

Can I use capital letters in file paths?


How does file concatenation and minification work on VIP Go?

VIP Go will concatenate both JavaScript and CSS code and also minify CSS code. If you minify files in your theme, you should also include the source files for code review.

How does setting permalinks work?

You can set permalinks normally. Permalinks do not get flushed on deploy, instead you can use our Rewrite Rules Inspector to flush the rewrite rules.

Can we use the “www” version of a domain, or do we have to use the non-www/root version?

You can use the “www” version of a domain (and the root/non-www version will also work). Redirects on single-site environments will happen automatically. For multisite networks, redirects must be defined in your vip-config.php file, per this documentation.

Please note “www” sub-subdomains, for example, are not supported at this time. If this is a critical requirement for your site, please get in touch with details.

When redirecting in the vip-config.php file, please omit the /cache-healthcheck? URI from your redirects. This URI is used by the VIP Go platform to check the health of your site, and a redirect response will cause issues with your site being served correctly. The code snippet below demonstrates how to avoid affecting the healthcheck when redirecting in the vip-config.php file:

if ( '/cache-healthcheck?' !== $_SERVER['REQUEST_URI'] ) {
// Put your redirects here, and they will omit our cache healthcheck

Can I get a backup of my sites SQL database and media library?

You can download hourly backups of your site’s SQL database from VaultPress, accessible from your site’s WordPress dashboard under the Jetpack menu. If you have a multisite environment, each site is stored separately in VaultPress. Note that only wp_-prefixed tables are included in these backups. You can then import this backup into your local development environment using WP CLI. You will need to remove the jetpack_options row before importing into a local or staging environment to avoid creating Jetpack conflicts with your production site.

Although VaultPress on VIP Go offers SQL backups only, your media library is redundantly backed up and secure. Please open a ticket with us to request a copy of your media library.

How do I make a VIP Go site private and/or discourage search engines from indexing it?

We automatically add a Disallow: / robots.txt for sites using a or domain, but otherwise do not handle blocking/managing access for private sites at a platform level. You’re welcome to include any plugins you want to use that meet your needs and that follow VIP code guidelines.

How do I enable sitemaps on VIP Go?

You can use the XML sitemaps module of Jetpack, which is included in the VIP Go platform; or you can install a separate plugin, such as Comprehensive Sitemaps (msm-sitemaps) or Yoast.

Is there asynchronous job processing on VIP Go like there is on What about asynchronous exports for large sites?

No, there are not currently any asynchronous job processing options on VIP Go – all cron calls will be processed in core WordPress. If you have a large site to export, please open a support ticket and we can perform that for you directly.

Can WP CLI commands be run on VIP Go?

Yes, via the VIP CLI tools in the VIP dashboard.

Can I tailor the new user signup flow?

Yes, because each VIP Go site is a standalone install of WordPress with its own database, including the user table, VIP Go site owners are able to configure their own signup flow as they require.

How do scheduled jobs (Cron) work on VIP Go?

Scheduled jobs on VIP Go use the WP Cron API provided by WordPress core. The cron jobs are initiated and regulated via the WP Cron Control plugin, and you can read more in our article on our VIP Cron infrastructure.

How does SSL/HTTPS work on VIP Go?

A VIP Go site must have an SSL certificate installed in order to be active. Because every site uses a custom domain for both the front-end and admin area, and because we want each site to have a secure admin area and login process at minimum, SSL is a requirement. Read more about SSL on VIP Go.

Does VIP Go support HTTP/2?

Yes. HTTP/2 is supported and enabled for all sites hosted on the VIP and VIP Go platforms. HTTP/2 requires that SSL be enabled to work. We currently do not support the server push functionality of the HTTP/2 specification.

Can we have access to the filesystem to support a build process?

No. We support a build process that does not require filesystem access by allowing you to deploy from a built branch on your repo. Read more about setting up automated build and deploy processes on VIP Go.

Does VIP Go have the “protected embeds” feature from

No. The VIP protected embeds feature is specific to that platform. On VIP Go there are two alternatives: (1) convert your protected embeds to their standard HTML equivalents (we can help with this) and build shortcodes into the theme as needed (probably the safest option) or (2) implement your own protected embeds style solution for your site (here is a plugin used by some VIP Go clients for doing this).

How can I enable Query Monitor on my site?

Query Monitor (QM) is available by default on all production and development sites and you can add the view_query_monitor capability to any role that should have access. Alternatively you can filter wpcom_vip_qm_enable directly in your query-monitor.php file.

Either method is fine to use. The only thing to be careful of is disabling access for VIP Support. (For example, if you filtered wpcom_vip_qm_enable to only return true for your team, we would no longer be able to use the query monitor on the site.)

In addition to this, you can set an authentication cookie which allows you to view Query Monitor output when you’re not logged in (or if you’re logged in as a user without the view_query_monitor capability). See the bottom of Query Monitor’s output for details.

Are post revisions supported?

The WordPress revisions system stores a record of each saved draft or published update. New VIP Go environments default to storing the last 500 revisions. The constant WP_POST_REVISIONS is defined in the vip-config.php file, where this number can be increased or decreased:

  • -1: store every revision
  • 0: do not store any revisions (except the one autosave per post)
  • (int) > 0: store that many revisions (+1 autosave) per post; old revisions are automatically deleted

Where do I add my favicon?

favicon.ico and apple-touch-icon*.png files are used by web browsers and mobile devices to represent your website in bookmarks and tabs. These icons can be added to the /images/ directory at the root of your GitHub repo. They will then be automatically referenced by our platform; no further code or changes to your theme’s header are needed.

User security best practices

We encourage all users on VIP sites to follow best practices when it comes to securing their devices, accounts and access to VIP tools. Two-factor authentication is required for all users with the ability to publish to a VIP site and we also recommend following at least these basic steps:

  1. Set a login password for all user accounts on your computer.
  2. Set a complex (more than 4 character) passcode to unlock your mobile devices. Do not use fingerprints or patterns.
  3. Enable a screen saver that activates after a short period of time and requires a password to turn off.
  4. Use only strong passwords. Never use the same password in more than one place.
  5. Use a password manager such as 1Password or LastPass.
  6. Never put passwords in text documents, Google Docs, intranet pages, post-it notes or other unencrypted forms of storage.
  7. Use two-factor authentication for any services that support it, including accounts, Google apps such as Gmail, Dropbox, Twitter, Facebook, Github, iCloud, LinkedIn, PayPal and others. Do not store 2FA backup codes anywhere online. We strongly recommend using an authenticator app, such as Authy or Google Authenticator, over SMS-based two-factor authentication.
  8. Turn on device locating services such as “Find My Mac” for Apple laptops or “Find My iPhone” for iPhones.
  9. Encrypt your computer’s hard drive, and make sure any backups are encrypted too.
  10. Install and run anti-virus software with the latest virus definitions.
  11. Enable your computer’s firewall.
  12. Ensure that your home and office network routers are running the latest firmware and aren’t using default passwords.
  13. Be suspicious of any unusual requests to share sensitive information, such as usernames, passwords or other personal data. Report any such requests and “phishing” attempts.
  14. If working in public, use a privacy screen to prevent your activity being seen.

If you have any security-related questions about your account, your VIP site or any related service, please contact us via support ticket.

Ready to get started?

Drop us a note.

No matter where you are in the planning process, we’re happy to help, and we’re actual humans here on the other side of the form. 👋 We’re here to discuss your challenges and plans, evaluate your existing resources or a potential partner, or even make some initial recommendations. And, of course, we’re here to help any time you’re in the market for some robust WordPress awesomeness.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.