QuestionsCategory: General QuestionsCorrect file permissions for WordPress
Crock
asked 3 weeks ago
I couldn't find details on the best file permissions. WordPress forums also had mixed advice, with some suggesting insecure 777 permissions. My question is: What permissions should I set for the following?
  • Root folder storing all WordPress content
  • wp-admin
  • wp-content
  • wp-includes
  • All files within these folders
1 Answers
tech Staff
answered 3 weeks ago

When setting up WordPress, the web server may need write access to the files, requiring loose permissions initially:

chown www-data:www-data -R * # Let Apache be the owner

find . -type d -exec chmod 755 {} \; # Set directory permissions to rwxr-xr-x

find . -type f -exec chmod 644 {} \; # Set file permissions to rw-r--r--

 

After setup, tighten the permissions according to Hardening WordPress. All files except for wp-content should be writable by your user account only. wp-content must be writable by www-data.

 

chown <username>:<username> -R * # Set your user account as the owner

chown www-data:www-data wp-content # Let Apache own wp-content

 

If you need to modify wp-content later, you can:

  • Temporarily switch to www-data with su
  • Set wp-content the group write access with chmod 775 and join the www-data group
  • Use ACLs to grant your user account access

Ensure www-data always has to write permissions for wp-content.

Please login or Register to submit your answer