Dev Notes

Various Cheat Sheets and Resources by David Egan/Carawebs.

WordPress File & Directory Permissions


Sysadmin, WordPress
David Egan

Proper permissions are necessary to ensure that a site runs correctly and is secure.

Overly restrictive permissions can prevent important files from being accessed by users and/or server processes.

Permissions that are too permissive constitute a security vulnerability.

Typical WordPress Permissions

For files, 644. For Directories, 755.

If you’re viewing permissions by means of the ls utility on the command line:

Numerical Permissions rwx format
644 -rw-r–r–
755 drwxr-xr-x

Change Permissions

Set Directory Permissions to 755:

# Set directory permissions using an absolute path:
find /var/www/domain.com/path-to-wp -type d -exec chmod 755 {} \;

# Set directory permissions recursively from the current working directory:
find . -type d -exec chmod 755 {} \;

Set File Permissions to 644:

# Set file permissions using an absolute path:
find /var/www/path-to-wp -type f -exec chmod 644 {} \;

# Set directory permissions recursively from the current working directory:
find . -type f -exec chmod 644 {} \;

wp-config.php

This file contains sensitive information and should be considered separately.

Access should be restricted to the owner and group only. Under Ubuntu/Apache, the following shows rational onwership/permission for wp-config.php:

# Output of ls -la in the document root
-rw-rw---- 1 youruser www-data 1835 Apr 11 10:07 wp-config.php

Bulk Amend wp-config.php

Check ownership & permissions on wp-config.php files, move into the server web root (e.g. /var/www/html) and run:

find . -name 'wp-config.php' -exec ls -la {} \;

To amend all wp-config.php files on a server, move into the server web root (e.g. /var/www/html) and run:

# Set permissions:
sudo find . -name 'wp-config.php' -exec chmod 660 {} \;

# Set ownership:
sudo find . -name 'wp-config.php' -exec chown youruser:www-data {} \;

TL;DR

  • Directories should have permissions set to 755
  • Files (except wp-config.php) should have permissions set to 644
  • Permissions for wp-config.php should be set to 660
  • wp-config.php should be owned by youruser:serveruser (e.g. sudo chown david:www-data wp-config.php)

Combined command to set file & directory permissions from the current working directory, which should be the WordPress root directory:

find . -type d -exec chmod 755 {} \;; find . -type f -exec chmod 644 {} \;

Set proper permissions/ownership on wp-config.php:

sudo find . -name 'wp-config.php' -exec chmod 660 {} \;
sudo find . -name 'wp-config.php' -exec chown youruser:www-data {} \;

comments powered by Disqus