How to Set-up File System Permissions and Ownerships for WordPress?

Security of your website is of utmost importance! It is a critical parameter that will keep all the trouble makers at bay. Whenever you think of security, the first thing that comes to your mind would be a security plug-in probably. Nobody gives a second thought to file system permissions and ownership settings, which are critical too. You set privileges and give some rights to a few people within the organization with this setting. When considering security, you cannot forget this element.

Ideally, after installing WordPress, setting this up should be your first task. You need to be careful when setting the permissions, as setting the wrong permissions can also stem issues. You could cause your website to go blank, or make it vulnerable. In case, you are suffering from a dead website, or one which is receives issues whenever you try to upload images or content, then it is time you change the permissions and ownership.

Some Concepts
Before moving on to file permissions and ownership settings, you need to understand two basic concepts: users and groups as well as the difference between FTP and Terminal

FTP Client & Terminal
Whenever you want to change the user permissions and ownership, you will use terminal. The reason being while FTP can be used to transfer files or change file and folder permissions, you will see that it poses limitations and restrictions when changing the ownerships settings. You will need to be logged into your server using SSH command if you want to use the commands mentioned here.

Users and User Groups
User is basically the one who will access the computer while the groups would be an identifier for the set of users defined within. So, whenever you transfer files using FTP, you are accessing the computer as a user while on the server you fall into one of the several groups, as per the account defined on that PC. Conceptually, both user and groups mean the same thing, except they are identified across two different servers. This concept helps define the privileges. Owners might run all the privileges while the users for different groups have select privileges.

File Permissions: Introduction
File permissions are basically indication of what a particular user can do with the file available on their system. A set of numbers are used to define the permissions. Need to change permissions to a particular file occurs when using plug-ins. There will be some plug-ins that demand change in the permissions so that they are able to work with the particular file. The numbers are indication of who can do what using the system with the file.

First Digit: What the user of the file can do with the file

Second Digit: what others users within the owner’s user group can do

Third Digit: What everyone else can do

It is important to define the user privileges and set permissions accordingly. Make sure you make a systematic procedure.

How to Change Permission Modes?
When working with FTP, you will find yourself facing an interface that allows you to set the permission rights for the different users. In case, you have access to the server terminal, you can use chmod command and accordingly change the permission mode of a particular file/folder

sudo chmod 644 <file>

In case you want to change the permission of all the files and folders available on your server, then you should use a combination of chmod and find command. Let’s say you want to change permission for all the files on 644

sudo find . -type f -exec chmod 644 {} +

in case you are working with all folders written to 775, here’s your code

sudo find . -type d -exec chmod 755 {} +

644 vs 777

It is important to understand permission modes

Let’s decode the PHP script for 644

  • Owner’s Privileges: “read” (4) + “write” (2) = 6
  • Owner’s Group Privileges: “read” (4) = 4
  • Everyone Else’s Privileges: “read” (4) = 4

Similarly, let’s decode the PHP script for 777

  • Owner’s privileges: “read” (4) + “write” (2) + “execute” (1) = 7
  • Owner’s Group Privileges: “read” (4) + “write” (2) + “execute” (1) = 7
  • Everyone Else’s Privileges: “read” (4) + “write” (2) + “execute” (1) = 7

The basic meaning of this 777 permission mode is that anyone can create, modify and execute a list on any file in any folder. This can make your website vulnerable.

Configuring the WordPress Server
Before you proceed with configuring the server, you need to understand how the server is being setup. It is important to understand which server configuration suits your website needs the best. Here are two of the most common configuration settings:

Standard Server: you have one user account, while the web server presents itself as another user account

Shared Server Configuration: you have a user account; others having their user accounts but sharing your server may share the same group and the web server runs as the owner of your WordPress accounts.

Now, that you know the two different configuration, let’s set permissions for the server

Permissions for Standard Server
Before you set permissions to the files and folders, you will need to make sure that your user account is the owner of all the files and folders as well as the fact that the user account as well as the web server account are within the same group.

echo exec( ‘groups’ );

This code helps you to know if the web server is added to the same user group or not. In case they don’t belong to the same group, add the two to the same group with the code below

sudo usermod -a -G <a-common-group-name> myuser

to make sure that all the changes belong to the user account and also includes the shared group that you have just added, use the following code

sudo find . -exec chown myuser:a-common-group-name {} +

Setting Permissions for WordPress
It is time to set permissions for the different files and folders. You should ideally remember this simple formula to help set the permissions

Files should be set to 644

Folders should be set to 775

wp-config.php should be set to 660

You are basically setting the following parameters with this

  • The different user accounts can read and modify any files
  • WordPress using the web server can read and modify the scripts
  • WordPress can create, modify or delete the files and folders
  • Other users cannot see the database credentials within wp-config.php

If you don’t want to give full privileges, or want to tweak the permissions, here’s a code that you can use to do so

sudo find . -type f -exec chmod 664 {} +

sudo find . -type d -exec chmod 775 {} +

sudo chmod 660 wp-config.php

The settings change for shared server

Files at 644

Folders at 775

wp-config.php at 600

The permissions thus granted are

  • User account may read as well as modify the different files
  • WordPress using the web server can read and modify the scripts
  • WordPress can essentially create, delete and modify the files and folders
  • Other users cannot see the credentials within wp-config.php

In case you want to change any of the credentials within the WordPress directory, here’s a code you can possibly use

  • User account may read as well as modify the different files
  • WordPress using the web server can read and modify the scripts
  • WordPress can essentially create, delete and modify the files and folders
  • Other users cannot see the credentials within wp-config.php

Deepa is a passionate blogger associated with Semaphore Software. A leading Offshore WordPress development company. She loves sharing information regarding WordPress tips & tricks. If you are looking for Hire WordPress Programmers then just get in touch with her.

About deeparanganathan