Magento is an open-source CMS for e-commerce websites. Being open source, basically means anyone is free to write/change its source codes. Even though open source CMS(s) are the current go-to CMS type in the cyber world, it opens doors to threat as well. To keep your files out of reach of the hackers, you need to have the most secured file permissions handy. Not having enough strict file & folder permissions will elevate the risk of it getting compromised. So, with this article, I will let you through the ins and outs of Magento File Permissions.
What is Magento File permissions?
When you install Magento extension, the default Magento file permissions are 777. 777, basically, is the permission for everyone (the owner, the group/server, & the users) to read(r), write(w) and execute(x) your files. Also, r, w, x have numeric codes attached to them, r=4, w=2, x=1. If you ask me, 777 is the most vulnerable file permission there is and I will most definitely suggest you against it. Further, it invites security threats and problems.
We hope, we have much emphasized the fact that setting correct file permissions will put an extra barrier to your Magento website. It sure will guard your website from some common attacks. Plus, it is a great enhancement to the current security measures active on your website.
Without further ado, let us get this done.
How to set Magento File Permissions?
These are the File Permissions that we are going to set in today’s tutorial:
Setting Magento Directory/Folder Permissions: 755
Here is the step-by-step method for setting strong file permissions:
By FTP
- Log into your account Via FTP.
- Navigate to the folder where Magento is installed. Ex: (/path/to/your/Magento/install/)
- Right click on the folder where your Magento is installed, click the File Permissions option in the menu.
- Once you click on the option, a new window will open. In the Numeric value field input the value “755”.
- Then enable the “Recurse into subdirectories” option. In the list seen below, select the checkbox titled “Apply to directories only”.
- Once ready, click the OK button.
- The process may take several minutes for a large number of files.
By Chmod Command
To change the Magento directory permissions through chmod command, run the following command
ls -al
drwxr-xr-x
Setting Magento File Permissions: 644
By FTP
- Right click on the folder where your Magento is installed, click the File Permissions option in the menu.
- Once you click on the option, a new window will open. In the Numeric value field input the value “644”.
- Then enable the Recurse into subdirectories option. In the list seen below, select the checkbox titled “Apply to files only”.
- Once ready, click the OK button.
- The process may take several minutes for a large number of files.
By chmod command
In addition to the FTP method, you can also change the file permissions through command, Just run this command-
ls -al
-rw-r–r–
Related Guide – Complete Step by Step Guide to Magento Security (Reduce the risk of getting hacked by 90%)
Astra Security Suite for Magento
Astra Security Suite is tailored for Magento e-commerce. Our Web Application Firewall & Immediate Malware Cleanup is highly compatible with Magento versions 1.x & 2.x. Astra’s Malware Scanner scans your website in less than 10 minutes and less than a minute for subsequent scans.
Astra uncovers Security Vulnerabilities in your Magento Store through our program Magento Security Audit and Pentesting. In this program, our engineers vigilantly scans each code line to find and mend vulnerability in your website.