WordPress File & Directory Permissions
Sysadmin, WordPress
Proper permissions are necessary to ensure that a site runs correctly and is secure.
Overly restrictive permissions can prevent important files from being accessed by users and/or server processes.
Permissions that are too permissive constitute a security vulnerability.
Typical WordPress Permissions
For files, 644. For Directories, 755.
If you’re viewing permissions by means of the ls
utility on the command line:
Numerical Permissions | rwx format |
---|---|
644 | -rw-r–r– |
755 | drwxr-xr-x |
Change Permissions
Set Directory Permissions to 755:
Set File Permissions to 644:
wp-config.php
This file contains sensitive information and should be considered separately.
Access should be restricted to the owner and group only. Under Ubuntu/Apache, the following shows rational onwership/permission for wp-config.php
:
Bulk Amend wp-config.php
Check ownership & permissions on wp-config.php
files, move into the server web root (e.g. /var/www/html
) and run:
To amend all wp-config.php
files on a server, move into the server web root (e.g. /var/www/html
) and run:
TL;DR
- Directories should have permissions set to 755
- Files (except
wp-config.php
) should have permissions set to 644 - Permissions for
wp-config.php
should be set to 660 wp-config.php
should be owned by youruser:serveruser (e.g.sudo chown david:www-data wp-config.php
)
Combined command to set file & directory permissions from the current working directory, which should be the WordPress root directory:
Set proper permissions/ownership on wp-config.php
:
comments powered by Disqus