Magento Security

How to Set Secure File & Folder Permissions in Magento 1.x & 2.x?

Updated on: March 29, 2020

How to Set Secure File & Folder Permissions in Magento 1.x & 2.x?

Article Summary

Even though open source CMS(s) are the current go-to software in the cyber world, it opens doors to threat as well. To keep your files secure, you need to have the most secured file permissions handy. Not having enough strict file & folder permissions will elevate the risk of it getting compromised. So, with this article I will let you through the ins and outs of Magento File Permissions.

Magento is an open-source CMS for e-commerce websites. Being open source, basically means anyone is free to write/change its source codes. Even though open source CMS(s) are the current go-to CMS type in the cyber world, it opens doors to threat as well. To keep your files out of reach of the hackers, you need to have the most secured file permissions handy. Not having enough strict file & folder permissions will elevate the risk of it getting compromised. So, with this article, I will let you through the ins and outs of Magento File Permissions.

What is Magento File permissions?

When you install Magento extension, the default Magento file permissions are 777. 777, basically, is the permission for everyone (the owner, the group/server, & the users) to read(r), write(w) and execute(x) your files. Also, r, w, x have numeric codes attached to them, r=4, w=2, x=1. If you ask me, 777 is the most vulnerable file permission there is and I will most definitely suggest you against it. Further, it invites security threats and problems.

We hope, we have much emphasized the fact that setting correct file permissions will put an extra barrier to your Magento website. It sure will guard your website from some common attacks. Plus, it is a great enhancement to the current security measures active on your website.

Without further ado, let us get this done.

How to set Magento File Permissions?

These are the File Permissions that we are going to set in today’s tutorial:

Setting Magento Directory/Folder Permissions: 755

Here is the step-by-step method for setting strong file permissions:

By FTP

  1. Log into your account Via FTP.
  2. Navigate to the folder where Magento is installed. Ex: (/path/to/your/Magento/install/)
  3. Right click on the folder where your Magento is installed, click the File Permissions option in the menu.
  4. Once you click on the option, a new window will open. In the Numeric value field input the value “755”.
  5. Then enable the “Recurse into subdirectories” option. In the list seen below, select the checkbox titled “Apply to directories only”.
  6. Once ready, click the OK button.
  7. The process may take several minutes for a large number of files.

By Chmod Command

To change the Magento directory permissions through chmod command, run the following command

ls -al

drwxr-xr-x

Setting Magento File Permissions: 644

By FTP

  1. Right click on the folder where your Magento is installed, click the File Permissions option in the menu.
  2. Once you click on the option, a new window will open. In the Numeric value field input the value “644”.
  3. Then enable the Recurse into subdirectories option. In the list seen below, select the checkbox titled “Apply to files only”.
  4. Once ready, click the OK button.
  5. The process may take several minutes for a large number of files.

By chmod command

In addition to the FTP method, you can also change the file permissions through command, Just run this command-

ls -al

-rw-r–r–

Related Guide – Complete Step by Step Guide to Magento Security (Reduce the risk of getting hacked by 90%)

Astra Security Suite for Magento

Astra Security Suite is tailored for Magento e-commerce. Our Web Application Firewall & Immediate Malware Cleanup is highly compatible with Magento versions 1.x & 2.x. Astra’s Malware Scanner scans your website in less than 10 minutes and less than a minute for subsequent scans.

Astra uncovers Security Vulnerabilities in your Magento Store through our program Magento Security Audit and Pentesting. In this program, our engineers vigilantly scans each code line to find and mend vulnerability in your website.

Take an Astra Demo Now

Was this post helpful?

Was this post helpful?

Tags:

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.

Questions? Got something to add? Let’s Talk

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany