Setting strong and right WordPress file permissions is very important to ensure the basic security of your site. Default permissions aren't strong enough to secure your site. That's why you should keep basic knowledge of the WordPress file and folder permissions. Hopefully, after reading this post you will learn this very well. So let's get started…
The successful operation of your new WordPress site depends on WordPress or the public being able to read, write, or execute different files on the server. On computer file systems, different files and folders have permissions that specify who and what can read, write, modify and access them. The permission mode is computed by adding up the following values for the user, the filegroup, and for everyone else. The three types of file permissions are discussed below:
WordPress File Permissions
- This file can be opened and viewed.
- Represented by the value ‘4'
Reading controls whether or not a file can be accessed, whether it can be opened and viewed. Almost all of your files need to be readable.
- This file can be modified.
- Represented by the value ‘2'
Writing controls whether the file can be modified and has a different impact depending on whether the permissions are present for the file or for the directory it is in.
- This file can be run as a program on the server.
- Represented by the value ‘1'
WordPress Recommendations For File Permissions
There are standard recommendations for file permissions in a WordPress installation but there are some variations in the real world. Server configuration matters.
The WordPress codex recommends that folders have permissions at 755, most files at 644, Wp-config at 600, and .htaccess at 644 or 600.
What do all these numbers mean?
File permissions on almost all web servers follow the same pattern of permissions. There are three permission categories: the owner, the group, and the world.
Each digit in these permission codes represents a permission category. So 644 means that the owner has the permission of six, the group has a four, and the world also has a four. These numbers represent how a category of users can manipulate this file. The sixth means that the owner of the file has permission to read and write the file.
Values are Additive
All of these numbers are additive. The ability to read equals four, write is two, and one is executed. So permission of six means read+write. Permission of seven is read+write+execute. And if you have zero there are no permissions at all.
File Permissions Troubleshooting
With all these variables at play, you have three questions to ask.
- what permissions does this file have?
- What permissions does this file need?
- What the user is having trouble with?
If the problem you are having is viewing an image on the front end of your site then the user is the world and the missing permission is read.
If the problem is writing an edit to a theme file then the user may be either the owner of the group and the permission problem is with writing.
Checking File Permissions
The permissions on a file can be checked using the command line for most FTP clients or from within a file directory tool in cPanel. Within cPanel, locate the File Manager and browse to the relevant WordPress files. The files' permissions are visible on the screen. To alter them, click on the “Permissions” link at the top of the admin bar.
Here you can see the numeric values for each permission and who has been assigned those permissions.
WordPress recommends 600 for certain files because they contain secure information and it's best to restrict access to these files as much as possible. However, some server setups don't allow permissions to be set to zero, so you may need to allow reading.
How does WordPress “use” files?
The exact structure of permissions varies from host to host. A big variable is what user WordPress runs as. In this owner, group, world scheme who exactly is WordPress? Files should be owned by your user account on your web server. And WordPress may operate as your user.
In that case, WordPress is the owner of the files. However, if WordPress operates as a separate user and is not the owner of the files, then it will need to be a member of a group with write access.
In that case, the file permissions need to be more permissive to the group account, 664 for files instead of 644. Knowing this distinction with your host will help solve file problems.