20130306 wordpress prettyurls - plembo/onemoretech GitHub Wiki
title: WordPress prettyurls link: https://onemoretech.wordpress.com/2013/03/06/wordpress-prettyurls/ author: phil2nc description: post_id: 4452 created: 2013/03/06 13:57:43 created_gmt: 2013/03/06 17:57:43 comment_status: closed post_name: wordpress-prettyurls status: publish post_type: post
WordPress prettyurls
Just a short note on the Apache HTTP server configuration needed to allow prettyurl permalinks with WordPress. Prettyurls (the kind that, for example, let you use page names rather than page numbers) for permalinks are a pretty basic customization for WordPress sites. Like lots of other things in WordPress they depend on .htaccess voodoo to make them work, like this:
# BEGIN WordPress
RewriteEngine On
RewriteBase /weblog/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /weblog/index.php [L]
# END WordPress
To allow that to work the Apache web server needs the proper configuration. Here's what I think is probably going to be the minimum (set in the virtual host block found in httpd.conf for the site being published):
Options FollowSymLinks
AllowOverride Fileinfo Options
Order allow,deny
Allow from all
"Options FollowSymLinks" is pretty much required by everything that move on the web, so I won't go more into that here. For prettyurls the "AllowOverride" directive with a value of "Fileinfo" is pretty much the minimum necessary. Long experience has taught me to also add "Options". This basically turns over control of url rewriting to any .htaccess file under the specified directory. More liberal provisions (for example "AllowOverride All") would work as well, but then you might as well be hosting on Windows if you're security standards are that low. The WordPress Codex has a "pretty" complete article on Using Permalinks that goes into some more detail. One additional sysadmin note here: I usually give the web server user ("apache" on RHEL systems) ownership of the top level directory for the WordPress installation during setup. That allows the software to write both the initial wp-config.php and any .htaccess files it needs. Once I've completed my initial config, I'll generally change ownership to my web developer's account so they can go in and make changes. After that I only allow apache to own the folders and files under wp-content so images, new themes and plugins can be uploaded using the web interface. I do keep apache as the user of wp-config.php, but strip it of write privileges. I also remove all rights from other, like this (where "webdev" is my developer user):
chown apache:webdev wp-config.php
chmod g+w wp-config.php
chmod u-w wp-config.php
chmod o-rwx wp-config.php
And yes, I know this can be done more efficiently in octal, but I like the idea of spelling things out for the next guy who might not yet understand how that works.
Copyright 2004-2019 Phil Lembo