Step 3b – 404s, XML Sitemaps, And WordPress

Adding a Sitemap to a Custom WordPress Installation was Not Simple

A WordPress Logo with 404.php below it.
404! Again???

Apparently it is not very easy to add a sitemap to a custom, network WordPress installation.

I have tried all the major sitemap plugins, and each returns a 404 on the generated xml document.  This post will have the solution, when I find it!

I am trying these posts’ suggestions:  Yoast’s suggestions

Attempts at updating the .htaccess file did not help.

I refuse to modify a core WordPress .php file already– there has to be a better way!  Comments?

OK Updating the PermaLinks helped.  AND, We’re off running!  With an extra plugin…

Fixed! The index.php file was removed from the url before Yoast was able to generate the sitemap. Placing the fix before the removal of index.php (and removing the leading “/”) fixed the problem. See here for a better .htaccess file!

This blog will settle on the sidelines now, documenting the steps required to bring the blog network up and running.  So far, I’ve needed to: update CloudFlare, update the DNS,  delete 3 sites,  and add multiple plugins.  The next post will document those steps.

Step 3a – Configure WordPress

WordPress Configuration Steps

Below are the steps to configure a new network WordPress website like this one.  Configuration steps for this website and its plugins were (Table Of Contents):

Adding a site

Adding a site can be done in the Network Administration dashboard. For each new site added, one must add the main network admin user as an admin to the sub-site, so the site appears in the network admin’s top menu.  One can still manage the site without the menu. The menu is referenced in the later steps on this page.

To add menu items for your new sites:

  • Click Network Admin->Sites
  • Click Dashboard for the site you recently created.
  • Click Users->All Users
  • Click the Add New button at the top
  • Fill in the 3 textboxes and click Add Existing.

The menu for the new site should now show up for the logged-in, network user you’ve added at the site level:

Example WordPress Sites Menu
Example WordPress Sites Menu



Configuring Security

A vital step, security should be foremost on your mind running your own WordPress installation.
Look for the best plugins for your security concerns– here are a few basic ones, and some initial configuration steps.

After installation, the network activation for each of these plugins is located in the plugins sidebar menu. Log into WordPress, and click (at the top) My Sites -> Network Admin -> Plugins. You can network activate (enable them) for the entire network. 



Configure and Run Backups – Online Backup for WordPress

Prudence dictates backing up your WordPress instance prior to problems. Install Online Backup for WordPress, then complete a manual backup and schedule regular backups:
Complete a manual backup:

  • Click My Sites -> [Network Admin] ->
  • Click Online Backup
  • Check Database and File System
  • Select a destination (ex. Local, for the file to be stored on the server).
  • Click Start Manual Backup to complete an immediate backup.
  • Download the backup file or confirm its receipt in your inbox.
  • Schedule regular backups:
  • Click My Sites -> [Network Admin] ->
  • Click Schedule
  • Fill the settings as desired.



Configure Security – Limit Login Attempts

Under the plugin called Limit Login Attempts, click Network Activate if it is deactivated.
Then, configure the plugin for each site:

Click My Sites -> [Site Name] -> Dashboard
Click Settings -> Limit Login Attempts

Change as desired.  My preference was to increase the number of login attempts a bit, since 3 is not very many, and brute force scripts and even educated guesses shouldn’t get by with 5 or 10 tries.  You can also increase the time between lockouts, log a hacker’s IP and email the admin after a certain number of tries.



Configure Security – Akismet to Prevent Spam Comments

Akismet requires you to request and receive an API key for your instance of their plugin. Follow the instructions in the plugin to register and receive an API key.
Add the Akismet plugin from the Network Admin dashboard (Plugins -> Add New, search for it and click Add).
Switch to a site, and click Plugins.
Click Settings under Akismet.
Request an API key, and enter the key in the API Key textbox. That’s it– now when SPAM comments on your posts, a notification will arrive in the menu bar. Clicking it will announce that Akismet is still processing it. Eventually it will probably be marked as SPAM.



Customizing Permalinks

Permalinks are descriptive URLs to your blog posts. These allow people and search engines to more easily find and remember posts. Setting up permalinks before generating the sitemap will prevent the search engines from getting the wrong initial url.

Typically, URLs for WordPress will have index.php in them. To remove “index.php” and make ‘prettier’ links, 1. Edit the .htaccess file in the WordPress filesystem, then 2. update the permalinks setting:

1. Edit .htaccess

In order to remove “index.php” from the URL, the module mod_rewrite must be enabled in your Apache web server. If it is not, you will probably get a Server Error doing the following. In that case, either contact your webhost to have it enabled, or just leave index.php in the url.

    • In cpanel, click File Manager.
    • Navigate to /home/[your_home]/public_html/[your_wordpress]/
    • Select .htaccess and click Edit or Code Edit.
    • Paste in the following at the top (change “RewriteBase /blog/” to be your WordPress root directory):

RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

2. Update the Permalinks Setting:

Change the Permalinks setting for each site to the desired link format.

  • Click My Sites -> [Site Name]
  • Click Settings -> Permalinks
  • Select the desired format (ex. Post name), and click Save Changes
  • Repeat for each desired site.



Configuring Plugins

The following plugins are more functionality-related.

Configure Yoast SEO

Yoast SEO is an all-in-one SEO helper– it gives you tips as you create your post on what typical search engines look for, to help you increase your search ranking.  Notice the helpful SEO hints as you create your next blog post.
There are network site related-settings (that you don’t need to touch after editing the .htacess file), and settings for each blog site.
In order to submit your sitemap to the search engines, the WebMaster Tools tab contains inputs for each of the top 4 search engines (Alexa, Bing, Google, and Yandex), along with links to set up accounts or submit sitemaps on each.
It’s possible Yoast submits the sitemap URL to the above search engines. If this is the case, the Yoast sitemap needs to work, or the search engines will never receive a sitemap. If, when you click SEO -> XML Sitemaps, [XML Sitemap] button you receive a 404, removing index.php from the url may be confusing yoast, so you may need to update the .htaccess to spit out the xml file before the instructions to remove the index.php. The updated .htaccess file would look similar to this:

RewriteEngine On
RewriteBase /blog/
# WordPress SEO - XML Sitemap Rewrite Fix
RewriteRule ^sitemap_index.xml$ index.php?sitemap=1 [L]
RewriteRule ^locations.kml$ index.php?sitemap=wpseo_local_kml [L]
RewriteRule ^geo_sitemap.xml$ index.php?sitemap=geo [L]
RewriteRule ^([^/]+?)-sitemap([0-9]+)?.xml$ index.php?sitemap=$1&sitemap_n=$2 [L]
RewriteRule ^([a-z]+)?-?sitemap.xsl$ index.php?xsl=$1 [L]
# END WordPress SEO - XML Sitemap Rewrite Fix
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

Clicking the XML Sitemap should return something like this:

After you configure the .htaccess file, your XML Sitemap should look similar to this.
After you configure the .htaccess file, your XML Sitemap should look similar to this.



Configure Better WordPress Google XML Sitemaps

Better WordPress Google Sitemaps is a plugin to generate sitemaps usable by google, and can maybe replace Yoast’s if you can’t get it working. Click each of the links to submit-to-search-engine in Yoast and submit the XML Sitemap from this plugin instead. See BWP Sitemaps in the sidebar for its settings and engine submittal instructions. Ideally, the sitemap contents would be the same anyway.



Configure Google Analytics Dashboard for WP

Google Analytics displays maybe a little more than the typical server statistics for a website, but some people find it nosey. It doesn’t say much more than typical server logs about country of origin, browser, device type, language, etc., but aggregates data to make it more digestible and informative.

  • Set up your google analytics account at google analytics.
  • Click My Sites -> Network Admin
  • Click Google Analytics
  • Click Authorize Plugin, and follow the general flow to give the plugin access to your analytics account:
    • Click Get Access Code
      • Select the Google account associated with your Analytics account (log in if necessary).
      • At View your Google Analytics data click Allow.
      • Copy the access code and paste it into the Access Code textbox of the plugin.
      • Click Save Access Code
    • Create Analytics properties and associate each blog site with a particular Analytics property if desired:
      • Go to and click on Access Google Analytics at the top right.
      • Once you are logged in, click on Admin at the top.
      • In the middle Property column, click on the dropdown and Create new property.
      • Fill in your website details and click Get Tracking ID button.
      • Back on the Plugin page, click Refresh Properties
      • Associate blog site(s) with Analytics Properties, and
    • Click Save Changes
  • Observe the new Analytics widget in each site’s dashboard.



Configure WP Post Redirect

This site uses WP Post Redirect to redirect to any URL when a particular post is clicked. This was used to switch from the main blog site to subsites.

    • Add the plugin as described in Plugins.
    • Simply add a post (Posts -> Add New), enter a post title, and find the widget box with title “Redirect URL” on the right side. Enter the URL to redirect to, and when the post is opened, the browser will redirect to that URL.


Step 2 – Create the Domain and Update CloudFlare

CloudFlare, or other CDN alternatives, are made to deliver your content as close to the end user as is possible with that delivery network’s server.  I like it for its price (free), ease of use (very), and speed (even here in the Philippines it is quite quick).  Setting up CloudFlare was easier with the DNS settings for the WordPress site in place.  I had already installed a domain and WordPress with my web host account.  To add their server to your web host mix, one merely puts the hostname into their setup page, and it pulls the web host’s DNS records automatically and allows you to adjust them.

Adding a domain to CloudFlare

Then, just sign on with the TLD name provider that manages the main DNS server for your TLD, and point it to CloudFlare instead of your web host.  As an example, if you registered your domain name with or, you would log in to 1and1 or GoDaddy, and change the DNS servers from their own or your webhosts’ to the servers CloudFlare gives you.  Then, in 24 hours or so, the servers that tell the internet’s main Top Level Domain (TLD) name serves where to look for your domain will look to CloudFlare instead for content.  CloudFlare’s DNS server will fetch the content from your webhost and serve it up closer to the user.  Your pages are cached better, and your site protected from various web attacks as well.

Step 1 – Install WordPress

Rage in check!Install WordPress in cpanel (and I’m sure other hosts) and Softaculous provide 2-step installation of WordPress.  Here’s a really simple guide:

Just log in to cpanel, and under Softaculous Apps Installer, under “Scripts:” click the WordPress Logo.  Click the Install tab.  The basics:

Choose a domain (ex. and specify a subdirectory if desired.  To have your WordPress installation at the root, clear the textbox.

Fill in a name and description for your website.  Pick a good password!

If you are considering having more than one blog, checking “Enable Multisite (WPMU)” will allow you to configure separate blogs in the same installation.  This, among other things, lets you install plugins only once and activate/deactivate them for each blog.

Under advanced options, you can automate backups if you like.

Pick a theme, and click Install.  That’s all!

Custom WordPress Installation Steps & Plugins

This blog is meant to document the most time consuming tasks in raising a custom, network installation of WordPress on RedHat with cpanel.  It focuses on the major steps of getting the installation running, integrating it with other products and services, the plugins used, and any major issues faced.

The installation was registered with, uses (cpanel / softaculous),, and makes use of a variety of plugins.  Since this is a new installation, I am unsure of their performance, but so far, these are the plugins in play:

Akismet – protect your posts from spam comments.

Better WordPress Google XML Sitemaps – A dedicated plugin for sitemap generation.

Google Analytics Dashboard for WP – What it says…

WP Super Cache – I’d read it works well.  It hasn’t seem to have broken anything, so why not…

Yoast SEO – This one covers a bunch of aspects of your post to make it search engine friendly, and even adds a status indicator on the title bar on each post as you edit.

Templates and customizations may be covered in later posts as well.