Title: Enable permalink breaks .htaccess parse Last modified: August 21, 2016 --- # Enable permalink breaks .htaccess parse * [WilliamKF](https://wordpress.org/support/users/williamkf/) * (@williamkf) * [11 years, 12 months ago](https://wordpress.org/support/topic/enable-permalink-breaks-htaccess-parse/) * I had `permalinks` not working properly due to Apache server configuration issues. Upon resolving those, the `.htaccess` created by iThemes Security was not valid and choked on the Tweaks section with entries like: * ``` Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all Options -Indexes Order allow,deny Deny from all ``` * I deleted the offending lines, but that seems to have confused the iThemes Security when it goes to edit the file as it still showed these items on and turning them off, I now see this error when I save settings: * The file path entered does not appear to be valid. Please ensure it exists and that WordPress can write to it. * How can I reset the iThemes Security so it works again and how do I keep it from generating .htaccess that Apache says is invalid? * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/) Viewing 3 replies - 1 through 3 (of 3 total) * Thread Starter [WilliamKF](https://wordpress.org/support/users/williamkf/) * (@williamkf) * [11 years, 12 months ago](https://wordpress.org/support/topic/enable-permalink-breaks-htaccess-parse/#post-5009648) * I deleted the plugin and reinstalled it, all worked fine until I did the tweaks section and the .htaccess was edited to add: * ``` # BEGIN Tweaks # Rules to block access to WordPress specific files Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all # Rules to disable directory browsing Options -Indexes RewriteEngine On # Rules to protect wp-includes RewriteRule ^wp-admin/includes/ - [F] RewriteRule !^wp-includes/ - [S=3] RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php RewriteRule ^wp-includes/[^/]+\.php$ - [F] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F] RewriteRule ^wp-includes/theme-compat/ - [F] # Rules to prevent php execution in uploads RewriteRule ^(.*)/uploads/(.*).php(.?) - [F] # Rules to block unneeded HTTP methods RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC] RewriteRule ^(.*)$ - [F] # Rules to block suspicious URIs RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR] RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR] RewriteCond %{QUERY_STRING} etc/passwd [NC,OR] RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} http\: [NC,OR] RewriteCond %{QUERY_STRING} https\: [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC] RewriteCond %{QUERY_STRING} !^loggedout=true RewriteCond %{QUERY_STRING} !^action=jetpack-sso RewriteCond %{QUERY_STRING} !^action=rp RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$ RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$ RewriteRule ^(.*)$ - [F] # Rules to block foreign characters in URLs RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC] RewriteRule ^(.*)$ - [F] # END Tweaks ``` * Which gets errors: * .htaccess: Invalid command ‘Order’, perhaps misspelled or defined by a module not included in the server configuration * [Rikk03](https://wordpress.org/support/users/rikk03/) * (@rikk03) * [11 years, 3 months ago](https://wordpress.org/support/topic/enable-permalink-breaks-htaccess-parse/#post-5009985) * I have the same problem. * [dwinden](https://wordpress.org/support/users/dwinden/) * (@dwinden) * [11 years, 3 months ago](https://wordpress.org/support/topic/enable-permalink-breaks-htaccess-parse/#post-5009986) * You might be having problems because you are using Apache Web Server 2.4.x * Check your Apache Web Server version. * dwinden Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Enable permalink breaks .htaccess parse’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351) * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) ## Tags * [apache](https://wordpress.org/support/topic-tag/apache/) * [htaccess](https://wordpress.org/support/topic-tag/htaccess/) * [permalinks](https://wordpress.org/support/topic-tag/permalinks/) * 3 replies * 3 participants * Last reply from: [dwinden](https://wordpress.org/support/users/dwinden/) * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/enable-permalink-breaks-htaccess-parse/#post-5009986) * Status: not resolved