Guide to WordPress File Permissions or File Permissions – File permissions or file permissions given to users to be allowed to read, write or execute files. File permissions are useful for data security and keep files accessed only by certain users.
As a WordPress user, you should also understand the permissions of your WordPress files, because knowing this you can increase the security of your WordPress site and protect your WordPress files. Also, if you want to dig deeper into WordPress security, you must understand your file permissions so that you can protect your file system from being easily hacked by hackers.
In this article, I will provide a clear understanding of file permissions and provide proper file permissions for a WordPress site, and at the same time provide a guide on how to easily change file permissions on files and directories.
File Permissions Explained?
As the name suggests file permissions are the permissions given to a file for users or users. In this case there are three groups of users distinguished:
- User : The user who owns the file (In most cases this means you, the WordPress site owner).
- Group : Groups of users who have been granted access to files, for example, members of your site.
- Public : Everyone connected to the internet, including visitors to your website.
Then what are the different permissions given to each user group on a file or directory:
- Read (4) : Ability to browse files or access file names in directories.
- Write (2) : Ability to write and modify files. For directories, this means the ability to add and remove individual files in a directory or folder.
- Execute (1) : Ability to execute files and run scripts in them. For directories, this means that users are allowed to access the files contained in them.
As you can see above, each action is assigned a separate digit value, and this is why file permissions are usually displayed in the form of a number string like “
644“. To understand these string numbers, you must first know that three digits give permission to different groups of users.
- The first sequence number indicates the access granted to “User“.
- The second sequence number indicates the access granted to “Group“.
- The third number shows the access granted to “Public“.
For each user group, the permissions are calculated based on the value of the action. Below are all possible combinations of their actions and values. The higher the value, the greater the permissions granted to the user. Note that 1, 2 and 4 are excluded because they have already been analyzed.
- 0 – The user is granted access to files.
- 3 (2 + 1) : The user can (write + execute) the file. These values are placed here for understanding purposes only, and are not really used in practice.
- 5 (4 + 1) : The user can (write + execute) the file.
- 6 (4 + 2) : Users can (read + write) files.
- 7 (4 + 2 + 1) : The user has full rights to files, including reading, writing and executing files (Read, Write and Execute).
Therefore, we often encounter the maximum file permissions that can be given is
777, which means that everyone, including “Users”, “Group”, and “Public” can perform any action on files, while the least access is
444 which means all files are read only.
If you are still a little confused about how file permissions are granted, the example below may help your understanding.
Why are File Permissions Important?
In theory you can give whatever permissions you want to files and directories. However, if you do not understand about the file permissions you grant, it can compromise the security of your site and the proper functioning of some WordPress features and plugins.
If you give “Group” and “Public” excess permissions for your website files, it means you are taking the risk of exposing your WordPress site to hackers and other attackers as they can easily gain access to your files, modify files, and then break your site in no time.
However, if you give all files the same permissions with the lowest value for example
444, there’s also a problem. For example, if you want to install WordPress themes and plugins, WordPress needs to access and write files in a folder
/wp-content/. If the permissions are not provided, you will have to upload the theme or plugin files manually.
So that the conclusion is to ensure the security of the site and the functionality of WordPress, the file permissions must be appropriate. Now the problem is, what are the “proper” permissions for your WordPress files?
What are the proper file permissions for WordPress?
Depending on the server settings, the file permissions may differ from one server to another. If you’ve installed WordPress with care, it’s possible that files and directories have got the proper file permissions to work.
However, if something goes wrong on your site due to improper file permissions, you need to check every file permissions given to the files and directories to make sure they are not causing problems. To save time, we recommend that you only make the following changes to fix common problems with WordPress.
- Set file permissions for files with values
- Set file permissions for directories by value
If you want to go deeper into changing the permissions of some important WordPress files for increased security, here are some suggestions for you to use:
wp-config.php– Default 644 permissions, while you can change file permissions to
600so that only the user or owner can access the file.
- Htaccess – recommended permissions are
644, but you can still change to
604to make files more secure.
- Folder or directory
/wp-includes/only gives permission to “write” to “User” only. DO NOT give write permission to other people (group or public).
One important thing to remember is that you don’t have to use
777, the most dangerous permissions for each file or directory.
How to Modify File Permissions?
There are several ways to make changes to these file permissions: using cPanel, FTP client, or the command line (chmod method). However, since the command line is only suitable for experienced WordPress users, here I will introduce two simple methods.
Use cPanel to change file permissions
If you use the file manager in cPanel for file management on hosting You can then follow these steps to check and change file permissions on your WordPress files and directories.
- Login to your cPanel account.
- Search for “File Manager” and access the file or directory you want.
- Right click the file or directory and click “Change Permissions”.
- Then a popup appears, you will see the file permissions given to the file and can change the value you want by checking / un-ticking the appropriate checkbox.
- Finally, click “Change Permissions” to save changes.
Using the FTP Client
Changing file permissions with an FTP client is also very easy. I’ll use FileZilla as an example. Once you are logged in with the FTP client, you can quickly find a file or directory, right click on the file or directory you want and select “file permissions”.
Then a popup will appear, you can change the file permissions by checking or un-checking the boxes according to the action you want, or by entering a number string in the “number value” field.
If you don’t want to save changes, FileZilla also allows you to convert back to file permissions by default by entering “xxx” for the “value number”.
Above is a complete explanation of the guide to file permissions or file permissions on WordPress, I hope this article is useful and increases your knowledge. 🙂