413 Request Entity Too Large: Fix It Fast
You're importing a database dump in phpMyAdmin, or a customer is trying to upload a 40MB product video, and the browser just throws back "413 Request Entity Too Large" - no explanation, no line number, nothing in your WordPress error log. That's because this one usually isn't coming from WordPress or PHP at all. It's the web server or the CDN in front of it slamming the door before your request ever reaches PHP. Here's how to find which layer is doing it and fix it properly.
What a 413 actually means
A 413 is the server telling you: "the body of this request is bigger than I'm configured to accept, so I'm not even going to try processing it." That's different from a PHP upload error like upload_max_filesize, which at least lets the request through and then rejects the file inside PHP. A 413 gets thrown before PHP ever runs - which is why increasing PHP limits alone often doesn't fix it.
You'll typically see it when:
- Uploading a large image, video, or zip through wp-admin or a plugin uploader
- Importing a large
.sqlfile through phpMyAdmin - Submitting a big form (file attachments, bulk data) through an API endpoint
- Restoring a large backup archive through a custom import tool
Find out which layer is blocking it first
Before changing any config, look at the actual error page - it tells you who's talking:
| What you see | Likely source |
|---|---|
| Plain "413 Request Entity Too Large" with an nginx signature at the bottom | Nginx client_max_body_size |
| Apache-style error page, or nothing but a blank failure | Apache LimitRequestBody or mod_security |
| Cloudflare-branded error page (orange cloud logo) | Cloudflare's edge upload cap |
| WordPress admin notice mentioning "upload_max_filesize" | PHP, not really a 413 - different fix |
Open the request in your browser's dev tools (Network tab) and check the response headers - a Server: cloudflare or Server: nginx header confirms which layer answered before your origin app got involved.
Fix 1: Nginx's client_max_body_size (VPS / dedicated servers)
If you manage your own Nginx config on a Getwebup VPS, the default limit is just 1MB - small enough that almost any real upload trips it. Raise it in the right context:
server {
listen 443 ssl;
server_name example.com;
client_max_body_size 128M;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
You can set client_max_body_size in the http, server, or location block - the most specific one that matches your request wins. If Nginx is acting as a reverse proxy in front of Node, PHP-FPM, or another app, the limit has to be raised in the server or location block that actually proxies the upload request, not just at the top of the file. Then test and reload:
sudo nginx -t
sudo systemctl reload nginx
Skip the reload and the change won't take effect - Nginx doesn't re-read config on save.
Fix 2: Apache's LimitRequestBody (cPanel and Apache/LiteSpeed VPS)
Most Getwebup cPanel hosting runs Apache or LiteSpeed rather than raw Nginx, so you won't have a nginx.conf to edit. Check your site's .htaccess for a stray limit first:
# Remove or raise this if present - 0 means unlimited
LimitRequestBody 10485760
If there's no explicit LimitRequestBody directive in .htaccess or the vhost config, the 413 is almost always coming from a security module (mod_security) or, more often on shared hosting, from PHP's own post_max_size rejecting the request body - which technically returns a different error but gets reported by users as "the same thing." On cPanel, fix that side through MultiPHP INI Editor:
upload_max_filesize = 128M
post_max_size = 128M
If your account still throws a 413 after that, it's a hosting-level Apache/LiteSpeed cap outside your account's control - open a support ticket rather than guessing at .htaccess rules, since some of these limits live in the server-wide config.
Fix 3: Cloudflare's 100MB hard limit
If your domain is proxied through Cloudflare (orange cloud in DNS), there's a limit you can't raise from your origin server at all: Cloudflare caps request bodies at 100MB on every plan, including Enterprise unless you specifically buy the higher-tier upload add-on. No origin config change gets around this - the request never reaches your server.
Ways around it:
- DNS-only (grey cloud) for the specific upload endpoint - if you only need this for an admin-only import tool, temporarily disabling the Cloudflare proxy for that subdomain removes the cap (at the cost of losing Cloudflare's protection on that hostname).
- Chunked or resumable uploads - use a plugin or upload library (tus, resumable.js) that splits large files into small chunks well under 100MB each, then reassembles them server-side.
- Direct-to-storage uploads - for very large media, upload straight to an S3-compatible bucket with a presigned URL instead of routing the file through your web server at all.
Importing a large database dump through phpMyAdmin
A 413 on a phpMyAdmin import is really just this same stack applied to a form upload. Rather than pushing PHP and web-server limits higher and higher for an occasional big import, it's usually faster to skip the browser entirely:
mysql -u dbuser -p dbname < backup.sql
Or, if you only have cPanel access without SSH, compress the dump and use cPanel's Backup Wizard / "Restore a MySQL Database Backup" tool, which isn't bound by the same upload path as phpMyAdmin's import form.
Prevention checklist
| Layer | Directive | Typical default |
|---|---|---|
| Nginx | client_max_body_size | 1M |
| Apache | LimitRequestBody | 0 (unlimited) unless set |
| PHP | upload_max_filesize / post_max_size | 2M - 64M depending on host |
| Cloudflare | Max upload size | 100MB, not adjustable on most plans |
Whenever you raise one of these, raise the others to match - the smallest limit in the chain is always the one that wins. And if uploads are a regular part of your site (a course platform, a media-heavy WooCommerce store), it's worth setting realistic limits once across every layer instead of chasing a fresh 413 every time a customer tries something bigger than last time.
Frequently asked questions
Why does raising upload_max_filesize in PHP not fix my 413 error?
A 413 is returned by the web server or CDN before the request ever reaches PHP, so PHP-level settings like upload_max_filesize and post_max_size don't apply to it. You need to raise the limit at the layer that's actually rejecting the request - Nginx's client_max_body_size, Apache's LimitRequestBody, or Cloudflare's upload cap - and it's usually worth raising the PHP limits at the same time so they don't become the next bottleneck.
Why am I still getting a 413 after editing client_max_body_size?
The most common cause is setting the directive in the wrong Nginx block, or forgetting to reload Nginx afterward. Make sure client_max_body_size is set in the server or location block that actually handles the upload request, run 'sudo nginx -t' to confirm the config is valid, then 'sudo systemctl reload nginx' to apply it.
Can I increase Cloudflare's 100MB upload limit?
Not on standard plans - the 100MB request body limit is a fixed edge restriction on Free, Pro, Business, and most Enterprise plans. For larger files, temporarily bypass the Cloudflare proxy for that specific hostname, switch to a chunked/resumable upload method, or upload directly to object storage instead of routing through your web server.
Is a 413 error the same as a 500 or 502 error?
No. A 413 specifically means the request body was too large and was rejected before processing - it's a client-side request problem, not a server crash. A 500 or 502 means the server attempted to process the request and failed, which points to a completely different set of causes like PHP errors or an unreachable backend.
How do I avoid a 413 when importing a large SQL file in phpMyAdmin?
Rather than repeatedly raising upload limits across Nginx, Apache, and PHP for occasional large imports, use SSH to import the file directly with the mysql command, or use cPanel's Backup Wizard restore tool if you don't have SSH access - both bypass the browser upload path entirely.