How to set secure File Permissions in Magento 1.x & 2.x?

Magento is an open-source CMS for e-commerce websites. Being open source, basically means anyone is free to write/change its source codes. Even though open source CMS(s) are the current go-to CMS type in the cyber world, it opens doors to threat as well. To keep your files out of reach of the hackers, you need to have the most secured file permissions handy. Not having enough strict file & folder permissions will elevate the risk of it getting compromised. So, with this article, I will let you through the ins and outs of Magento File Permissions.

What is Magento File permissions?

When you install Magento extension, the default Magento file permissions are 777. 777, basically, is the permission for everyone (the owner, the group/server, & the users) to read(r), write(w) and execute(x) your files. Also, r, w, x have numeric codes attached to them, r=4, w=2, x=1. If you ask me, 777 is the most vulnerable file permission there is and I will most definitely suggest you against it. Further, it invites security threats and problems.

We hope, we have much emphasized the fact that setting correct file permissions will put an extra barrier to your Magento website. It sure will guard your website from some common attacks. Plus, it is a great enhancement to the current security measures active on your website.

Without further ado, let us get this done.

How to set Magento File Permissions?

These are the File Permissions that we are going to set in today’s tutorial:

Setting Magento Directory/Folder Permissions: 755

Here is the step-by-step method for setting strong file permissions:

By FTP

  1. Log into your account Via FTP.
  2. Navigate to the folder where Magento is installed. Ex: (/path/to/your/Magento/install/)
  3. Right click on the folder where your Magento is installed, click the File Permissions option in the menu.
  4. Once you click on the option, a new window will open. In the Numeric value field input the value “755”.
  5. Then enable the “Recurse into subdirectories” option. In the list seen below, select the checkbox titled “Apply to directories only”.
  6. Once ready, click the OK button.
  7. The process may take several minutes for a large number of files.

By Chmod Command

To change the Magento directory permissions through chmod command, run the following command

ls -al

drwxr-xr-x

Setting Magento File Permissions: 644

By FTP

  1. Right click on the folder where your Magento is installed, click the File Permissions option in the menu.
  2. Once you click on the option, a new window will open. In the Numeric value field input the value “644”.
  3. Then enable the Recurse into subdirectories option. In the list seen below, select the checkbox titled “Apply to files only”.
  4. Once ready, click the OK button.
  5. The process may take several minutes for a large number of files.

By chmod command

In addition to the FTP method, you can also change the file permissions through command, Just run this command-

ls -al

-rw-r–r–

Related article- Steps to Secure Magento Admin Panel

Astra Security Suite for Magento

Astra Security Suite is tailored for Magento e-commerce. Our Web Application Firewall & Immediate Malware Cleanup is highly compatible with Magento versions 1.x & 2.x. Astra’s Malware Scanner scans your website in less than 10 minutes and less than a minute for subsequent scans.

Astra uncovers Security Vulnerabilities in your Magento Store through our program Magento Security Audit and Pentesting. In this program, our engineers vigilantly scans each code line to find and mend vulnerability in your website.

Take an Astra Demo Now

Was this post helpful?

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Aakanchha Keshri

Aakanchha is a tech & cybersecurity enthusiast. She is an active reader and writer of the cybersecurity genre.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close