Get WordPress Permalinks Working with Windows, IIS, and ISAPI Rewrite

The eternal battle is over, mostly: getting your WordPress permalinks to work on your Windows IIS web server with ISAPI Rewrite installed.

Some Requirments.

  1. Sorry, but you’re going to need ISAPI Rewrite 3. You can download a lite version for free, but I suggest purchasing it. I’ve used ISAPI Rewrite for years now with clients on Windows hosting, and it’s the bees knees. Version 3 is now supporting many common mod_rewrite directives, which is sweet.
  2. Your .htaccess file. Here’s an example that has worked with WordPress 2.7.x, ISAPI Rewrite 3, and Windows Server 2003/IIS 6.0:
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule .* /index.php [L]

How it works.
Even with ISAPI Rewrite, your WordPress permalinks most likely will be broken without the ugly, prepended /index.php/. The problem is that the REQUEST_URI server variable is not sent by IIS or ISAPI Rewrite. This plugin solves this.

This solution is more elegant that changing the WordPress core files because it allows you to easily upgrade WordPress without additional maintenance.

Download and Documentation.
You can download ISAPI Rewriter from the WordPress Plugin directory.

You can view documentation at the ISAPI Rewrite plugin page.


  1. Gary says…

    Andy .. I have a question.

    I am curious if this plugin will or will not do what I am looking for.

    Basically, I want to be able to secure my WordPress website (running on a Windows 2008 server, with IIS7) in the same way that I would, if it was on a Linux server (by adding changes to the .htaccess file on a Linux server).


    1. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.

    # protect wpconfig.php

    order allow,deny
    deny from all

    # to protect the .htaccess file itself:

    order deny,allow
    deny from all

    2. And things like .. how to protect WordPress from content scrappers

    RewriteEngine On
    RewriteCond %{HTTP_REFERRER} !^http://(.+\.)?testsite\.com/ [NC]
    RewriteCond %{HTTP_REFERRER} !%$
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

    3. And how to prevent script injections like this:

    Options +FollowSymLinks
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ index.php [F,L]

    So ..

    I want to know if and how your plugin would allow me to simply update and add the above type of code to the .htaccess file (and have it work on my Windows 2008 Server with IIS7) in the same way it would work on a Linux server.

    If your plugin will not do this, can you provide any suggestions?


  2. andy says…

    @Gary my plugin simply sets the proper $_SERVER variables from an IIS6/ISAPI_Rewrite to allow permalinks to work properly. You’d need to contact Helicon’s support about what specific directives will work in the .htaccess file – that’s assuming you’re using Helicon’s ISAPI Rewrite software on your server, which is probably not the case if you’re using IIS 7.

  3. Dexter says…

    Hey I am having struggle getting permalink working..
    my permalink looks like:
    tried various things in .htaccess file:
    1) Cant even access the blog – 404
    Options +Followsymlinks
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]


    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule .* /index.php [L]

    None of these work. Your plugin is activated. Any ideas whats wrong with my RewriteRule?

  4. andy says…

    And you have ISAPI Rewrite 3 installed and working properly? That’s key.

  5. Rex says…

    Hi Andy,

    When I write something specific, like:
    RewriteRule ^about/vision/ /index.php/about/vision [L]
    It works specifically for this page.

    But when I try something dynamic, like:
    RewriteRule ^(.*)/(.*)/ /index.php/$1/$2/ [L]
    It doesn’t work at all, just results in a 404.

    What is interesting, though, is if I take out the 2nd part, the custom wordpress 404 page doesn’t come up – just the default browser 404. When I leave it, it does.

    Any thoughts?

  6. Helpful Tech Link Bouillabaise | Astek Blog says…

    […] Get WordPress Permalinks Working with Windows, IIS, and ISAPI Rewrite Got WordPress running on a Windows server? Then you should have ISAPI Rewrite and the configuration described in this article to get your blog’s permalinks in a much more search engine (and human) friendly format. We also have ISAPI Rewrite working on our server to get pretty URLs working in Drupal. […]

  7. Shawn says…

    I installed your plugin and have isapi 3 running with your code:

    # You should be able to use this as a .htaccess file
    # with ISAPI Rewrite 3.0
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule .* /index.php [L]

    the pages seem to all be rewriting to the home page.

    I have a page and it stays like this in the url but shows the home page instead

  8. Paul says…

    Will this work if WP is not on standard port (80)?

  9. andy says…

    I honestly am not sure. I do not have an environment running IIS 6 anymore and most likely MS has dropped support since IIS 7 is out. I no longer work with Windows hosting and WordPress as it’s proved far too troublesome.

  10. Michal John says…

    By mistake i have installed a php script in my root directory, where wordpress is available. After that my all permalinks has been change. After modifying .htaccess file and modified file permission by ftp now My site site is almost ok. Now i can’t log-in admin panel, when i am giving admin user name and password then url redirect to (extra index.php has shown) and nothing found for index php login. How can i remove that extra index.php for log-in my wordpress admin control panel?

    Experts please help me, Thanking in advance.

  11. what does paxil look like says…

    […] side effects weaning off paroxetine how does paroxetine make you feel losing paxil weight pediatric paxil settlement claim form paxil in pregnancy paxil with wellbutrin paxil u0026 alcohol elavil for sleep paxil double vision […]

  12. Matthew Stone says…

    Right now I am using these rewrite rules in my isapi rewrite. Which works fine for my wordpress files which i have installed in the root folder. However we also do a lot of 301 server side redirects to other files in the root folder we are cleaning out. While the file is still in the root folder with the 301 server side redirect on it the 301 redirect works. But as soon as you delete the file the isapi filter blocks it.

    Any ideas on how I can use both the isapi rewrite filter and 301 server side redirects together?

  13. ISAPI Rewriter | Best Plugins - wordpress – widgets – plugin 2012 says…

    […] Find more information, comments, and support here: […]

  14. vignesh says…

    Rewrite rules works for me perfect but it cant works for wordpress installed in subdirectories.
    For instance: My worpress is installed in root directory itself and also installed in subdirectory of root one. Now rewrite rule works for root directory but not works for root directory! Plz help me.
    Thanks in advance.

  15. Andy says…

    @vignesh sorry, I have stopped support WordPress installations on non-linux environments.

    You should check with ISAPI Rewriter’s support team about how to do this or upgrade / migrate your server!

RSS feed for comments on this post. TrackBack URL

Leave a Comment

April 28, 2009

Filed in Plugins, Wordpress

There are 65 comments »

« Back to the Blog