Configuring WordPress Permalinks, Keyword URLs, and PHP in .htaccess

WordPress features specific files that can be edited for different purposes. These files can alter how WordPress functions. Always test changes in a development environment before publishing to a production server.


The .htaccess file is used primarily for creating pretty permalinks and keyword injected URLs for your web site. WordPress by default creates ugly query-string formed URLs, usually with an ID present, like These URLs are completely functional , but aren’t very friendly to search engines and site visitors. By enabling pretty permalinks WordPress creates URLs based on site content such as post and page titles, category and tag names, and dates for archives.

Enabling Permalinks

To enable permalinks visit the Settings Permalinks SubPanel on your WordPress Dashboard, as shown in Figure 3-3. Select any permalink structure other than Default and click the Save Changes link.

Figure 3-3: Enabling permalinks in WordPress

Upon saving your changes, WordPress tries to create your default .htaccess file. If your root WordPress directory is writable by the server, the file is created automatically. If WordPress is unable to create the .htaccess file, you will see instructions on how to manually create the file as shown in figure 3-4.

Figure 3-4: Manual info for creating the .htaccess file

Creating a permalink structure using the month and year like:


creates a permalink like this:

Using permalinks offers many advantages, as described in the following list:

  • Search Engine Optimization (SEO): Keywords in your URL is a must for SEO. Search engines will use these keywords in their algorithm for positioning in their search results.

  • Forward Compatibility: Regardless of what platform your web site uses (WordPress, Drupal, Joomla!), having a solid permalink structure can be easily replicated should you ever migrate.

  • Usability: Visitor-unfriendly ID URLs make it equally unpleasant to share a link with a friend. It’s difficult to differentiate the content between your ID driven URLs.

  • Sharing: In this Internet era of social networking, sharing is a natural extension of our online presence. Keywords in the URL would make finding your link extremely easy and convey an immediate context for the content.

.htaccess Rewriting Rules

The “secret sauce” behind the WordPress permalink mechanism is summarized in two rewriting rules added to the .htaccess file when you enable permalinks:

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

Quite simply, these rules check the URL used to access your site to see if it refers to an existing file or directory in the filesystem hierarchy. The !-f and !-d notations are negations; .htaccess is ensuring that the URL does not refer to any valid filesystem pathname. If the URL does in fact match a valid file, for example, a WordPress administrative function like wp-login.php, then the URL is left unchanged. If there’s no file or directory with that name, the URL is handed to the WordPress core code to be converted into a query against the content database. We’ll dig into the steps used to convert a URL string into a MySQL query in a bit more detail as a preface to our discussion of the content display loop in Chapter 5 of the book "Professional WordPress Design and Development".

The .htaccess file can also manage URL redirects. If you change your About page from to, anyone who visits your original URL will hit a 404 page. A URL redirect will redirect from the old URL to the new URL so your visitors won’t get lost. This also alerts search engines about the new URL so they can update their index. We’ll cover rewriting rules for content that has moved or been migrated in Chapter 14 of the book "Professional WordPress Design and Development".

Following is an example of a 301 permanent redirect to a static page:

redirect 301 /about

Configuration Control Through .htaccess

The .htaccess file is very powerful and can control more than just URL structure. For instance, you can control PHP configuration options using the .htaccess file. To increase the memory allotted to PHP use this command:

php_value memory_limit 64M

This increases the memory limit in PHP to 64MB. You can also increase the max file size upload and post size:

php_value upload_max_filesize 20M

php_value post_max_size 20M

Now the maximum file size you can post from a form and upload is set to 20MB. Most hosting companies set these values to around 2MB by default, so these are settings that will be used often for larger file uploads. Not all hosting companies will allow these values to be set in your .htaccess file, and could create an error on your web site if that is the case.

The .htaccess file can also be used for security purposes. Using .htaccess allows you to restrict access to your web site by IP address, essentially locking it down from anonymous visitors. To lock down your web site by IP addresses, add the following code to your .htaccess file:

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName "Access Control"

AuthType Basic

order deny,allow

deny from all

#IP address to whitelist

allow from

Replace with any IP address that you want to grant access to your web site. You can have multiple “allow from” lines so add as many IP addresses as you need. This will only allow access to your web site if you are using an IP address defined here.

A more widely used option is to lock down your wp-admin directory. This means only IP addresses you specify can access your admin dashboard URLs. This makes it much harder for anyone else to try to hack your WordPress backend. To accomplish this create a separate .htaccess file in your wp-admin directory with the preceding code.

Remember that most ISPs assign client addresses dynamically, so the IP address of the computer you are using will change on occasion. If you get locked out, just update your .htaccess file with your new IP address or delete the file altogether. This is not a good tip if you allow open registrations on your web site because you need to allow your users access to the wp-admin directory.

You can also enable error logging from the .htaccess file. The first step is to create a php-errors.log file in your WordPress root directory. Then add the following code to your .htaccess file to enable error logging:

php_flag display_startup_errors off

php_flag display_errors off

php_flag html_errors off

php_flag  log_errors on

php_value error_log /public_html/php-errors.log

This enables error logging, but suppresses any error messages from displaying. Again this is a perfect setup for a production environment because you don’t want errors publicly displayed.

This article is excerpted from chapter 3 "Code Overview" of the book "Professional WordPress Design and Development" by Hal Stern, David Damstra, Brad Williams (ISBN: 978-0-470-56054-9, Wrox, 2010, Copyright Wiley Publishing Inc.)



One response to “Configuring WordPress Permalinks, Keyword URLs, and PHP in .htaccess”

  1. Anonymous says:

    how to read values through keyboard

Leave a Reply to Anonymous Cancel reply

Your email address will not be published. Required fields are marked *