WordPress Server Configurations Link Now we know about permissions and how to read them. But before proceeding to change all of our permissions, we need to understand how our server is set up. Because permissions deal with user accounts and groups, we need to know how our WordPress website runs. A lot of different server configurations are out there. Different configurations need different sets of permission modes for WordPress to work correctly and securely. We’ll talk about just the two most common configurations and the proper permissions for them: Standard server configuration: You have a user account. Your Web server runs as another user account. Shared server configuration or suEXEC configuration: You have a user account. Other people who use the server have user accounts and might share the same group with your user account. Your Web server runs as the owner of your WordPress files. The main difference between these two is in how the Web server runs. Permissions For A Standard WordPress Server Configuration Link Standard WordPress configurations require a bit more work than shared server configurations because the Web server has no relationship to our user account.
FILE AND FOLDER OWNERSHIP FOR WORDPRESS LINK First, we need to adjust the file and folder ownerships of our WordPress files. We’ll have to make sure of the following: that your user account is the owner of all WordPress files and folders, that your user account and the Web server’s user account belong to the same group. To find out the groups that your user account belongs to, you can use this command in your server’s terminal: groups Then, to find out the groups that your Web server belongs to, you can temporarily insert this PHP snippet in one of your WordPress scripts: echo exec( 'groups' ); If your user and the Web server don’t belong to the same group, you can use the following command in the terminal to add your user to one of your Web server’s groups: sudo usermod -a -G myuser Lastly, to ensure that everything in our WordPress folder belongs to our user account and has the shared group that we just added, perform this command in your WordPress folder: sudo find . -exec chown myuser:a-common-group-name {} +
PERMISSIONS FOR WORDPRESS LINK All of our files and folders should now have the correct ownership. Now it’s time to adjust the permission modes. To make things simpler, you’ll only need to remember the following: All files should be 664. All folders should be 775. wp-config.php should be 660. Here’s what we’re trying to achieve with this set of permission modes: Our user account may read and modify our files. WordPress (via our Web server) may read and modify our scripts. WordPress may create, modify or delete files and folders. Other people may not see our database credentials in wp-config.php. You might be thinking that allowing WordPress full privileges with our folders is not secure. Don’t worry — we’re doing this because WordPress needs certain features to create and modify files. WordPress allows us to upload and remove themes and plugins and even edit scripts and styles from the administrative back end. Without this type of permission, we would have to manually upload themes and plugins every time using FTP. You can use your FTP client to change the permission modes, or you can use the following commands in your WordPress directory to quickly adjust the permissions of all of your files and folders:
sudo find . -type f -exec chmod 664 {} +
sudo find . -type d -exec chmod 775 {} +
sudo chmod 660 wp-config.php
Note that some Web servers are stricter than others. If yours is strict, then setting your wp-config.php to 660 might stop your website from working. In this case, just leave it as 664.