WordPress File Permissions:
It all starts with defining who can access a file, and there are three options:
- User – The administrator of your site
- Group – Other users of your site such as editors, contributors, subscribers, and other user roles
- World – Anyone on the internet
There are also three different kinds of actions that the user, group, and world can make:
- Read: This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.
- Write: The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
- Execute: In Windows, an executable program usually has an extension “.exe” and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it.
The following table shows, and the total of each set of permissions provides a number for that set.
|Number||Octal Permission Representation||Ref|
|3||Execute and write permission: 1 (execute) + 2 (write) = 3||-wx|
|5||Read and execute permission: 4 (read) + 1 (execute) = 5||r-x|
|6||Read and write permission: 4 (read) + 2 (write) = 6||rw-|
|7||All permissions: 4 (read) + 2 (write) + 1 (execute) = 7||rwx|
NORMAL FILE PERMISSIONS :
- Owner permissions – Read and write boxes checked
- Group permissions – Read box checked, and
- Public permissions – Read box checked
How to Set WordPress File Permissions Using cPanel:
Through the cPanel File Manager, you can see the different files and their permissions.
- Right-click on the files you wish to change the permissions of and then select “Change Permission“.
- A checkbox will pop up where you can select the boxes and adjust the permissions.
- Once done, confirm the changes, and you are good to go.
Various components and files and their appropriate permissions:
Example Permission Modes Example Permission Modes
|0477||-r–rwxrwx||Owner has Read only (4), other and group has rwx (7)|
|0677||-rw-rwxrwx||Owner has Read & Write only(6), Other and Group has rwx (7)|
|0444||-r–r–r–||All ( Owner, Other, Group) have Read only (4)|
|0666||-rw-rw-rw-||All ( Owner, Other, Group) have Read & Write only (6)|
|0400||-r——–||Owner has Read only(4), Group and Others have no permission(0)|
|0600||-rw——-||Owner has Read & Write only, Group and others have no permission|
|0470||-r–rwx—||Owner has Read only, Group has rwx, others have no permission|
|0407||-r—–rwx||Owner has Read only, other has rwx, Group has no permission|
|0670||-rw-rwx—||Owner has Read & Write only, Group has rwx, others have no permission|
|0607||-rw—-rwx||Owner has Read & Write only, Group has no permission and others have rwx|
WordPress file permissions:
Recommended File Permissions for wp-content
This folder stores all the themes, plugins and uploads to your WordPress account. Generally editing the files may cause errors and damage to the site. Protecting this folder will ensure that attackers cannot access the content supplied by the user. The correct WordPress file permission for this folder would be 755, and all the files within the folder must have 644. Thus, this will ensure that no one can write anything within the folder except the owner.
Recommended File Permissions for wp-includes
This folder includes all the core files and all the files that are necessary for the proper functioning of WordPress admin and API. The suitable permission for this folder is 755.
Recommended File Permissions for wp-content/uploads:
Apart from the user, no one should have writing privileges to files. However, wp-content has to be writable by www-data too. This can be done by giving wp-content write access for a group by specifying 755 and then adding the user to www-data group. Or, using ‘su’ temporarily change to the user to www-data. the wp-content/uploads file contains all your uploads to the website and thus needs to be protected. The appropriate permission for this file can be 755.
Recommended File Permissions for all the files
The appropriate permission for all files in WordPress should be 644. This means that the users have read and write permissions and groups and others can only read the files. This will ensure that no one accessing the files can alter them, apart from the owner.
Recommended WordPress folder permissions
The suggested permissions for all the folders are 755. This translates to read, write and execute permissions for the user and only read and execute permissions for groups and others.
Recommended file permissions for wp-config:
The wp-config is one of the most sensitive files in the entire directory since it contains all the information about base configuration and also the database connection information. The appropriate permission for this file will be 400/440. This means that the user and groups have permission to only read and others will not be able to access the file.
Correct file permission for the PHP file in the wp-root
This blank file present in the wp-root hides the entire directory, and without this file, the entire file directory will be naked. The suggested file permission will be 444. This permission gives reading authority to all, including the user and the group.
|All .php files||644|
|wp-config.php (public_html folder)||400/440|
|index.php (public_html folder)||444/644|