WordPress prettyurls

Just a short note on the Apache HTTP server configuration needed to allow prettyurl permalinks with WordPress.

Prettyurls (the kind that, for example, let you use page names rather than page numbers) for permalinks are a pretty basic customization for WordPress sites. Like lots of other things in WordPress they depend on .htaccess voodoo to make them work, like this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /weblog/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /weblog/index.php [L]

# END WordPress

To allow that to work the Apache web server needs the proper configuration. Here’s what I think is probably going to be the minimum (set in the virtual host block found in httpd.conf for the site being published):

   Options FollowSymLinks
   AllowOverride Fileinfo Options
   Order allow,deny
   Allow from all

“Options FollowSymLinks” is pretty much required by everything that move on the web, so I won’t go more into that here.

For prettyurls the “AllowOverride” directive with a value of “Fileinfo” is pretty much the minimum necessary. Long experience has taught me to also add “Options”. This basically turns over control of url rewriting to any .htaccess file under the specified directory. More liberal provisions (for example “AllowOverride All”) would work as well, but then you might as well be hosting on Windows if you’re security standards are that low.

The WordPress Codex has a “pretty” complete article on Using Permalinks that goes into some more detail.

One additional sysadmin note here: I usually give the web server user (“apache” on RHEL systems) ownership of the top level directory for the WordPress installation during setup. That allows the software to write both the initial wp-config.php and any .htaccess files it needs. Once I’ve completed my initial config, I’ll generally change ownership to my web developer’s account so they can go in and make changes. After that I only allow apache to own the folders and files under wp-content so images, new themes and plugins can be uploaded using the web interface. I do keep apache as the user of wp-config.php, but strip it of write privileges. I also remove all rights from other, like this (where “webdev” is my developer user):

chown apache:webdev wp-config.php
chmod g+w wp-config.php
chmod u-w wp-config.php
chmod o-rwx wp-config.php

And yes, I know this can be done more efficiently in octal, but I like the idea of spelling things out for the next guy who might not yet understand how that works.

This entry was posted in System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).