Post

WordPress file permissions

Posted Updated
By Daniel Florido 1 min read

WordPress file permissions are settings that dictate who can read, write, or execute files and directories within a WordPress installation. These permissions are crucial for maintaining the security and proper functioning of the WordPress site.

The three primary types of file permissions are:

  1. Read (r): Allows viewing the contents of a file or the names of files within a directory.
  2. Write (w): Permits the modification of a file or the addition/removal of files within a directory.
  3. Execute (x): Grants the ability to run a script or access the contents of a directory.

WordPress file permissions are important for several reasons:

  1. Security: Proper file permissions help protect your WordPress site from unauthorized access, tampering, and potential security vulnerabilities. Restricting write permissions to essential directories reduces the risk of malicious activities.
  2. Functionality: Correct permissions are essential for the proper functioning of WordPress, its themes, plugins, and the ability to upload media. Incorrect permissions can lead to errors and issues with site functionality.
  3. Updates and Installations: WordPress often requires write permissions to directories for updates, installations, and plugin/theme management. Ensuring the right permissions allow these processes to occur seamlessly.
  4. User Data Protection: By setting appropriate permissions, you can prevent unauthorized users or scripts from modifying or deleting critical files, helping to safeguard user data stored on the website.

To maintain proper WordPress file permissions, it’s recommended to follow security best practices, such as setting the correct ownership and permissions for directories and files, keeping WordPress core, themes, and plugins up-to-date, and regularly monitoring and auditing file permissions for potential vulnerabilities.

Change all file and folder permissions

Recursively change all directory permission to 755 and all file permissions to 644:

1
2

sudo find /var/www/yoursite/ -type d -exec chmod 775 {} \;
sudo find /var/www/yoursite/ -type f -exec chmod 664 {} \;

Change file and folder ownership to the current logged in user Recursively

Switch user to non root user with sudo priviledges, and make the logged in user the owner

1
2

su nonroot
sudo chown -R $USER:www-data /var/www/yoursite

Permissions for wp-content folder

1

sudo chown -R www-data:www-data /var/www/yoursite/wp-content
WordPress
This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.