[Lesson 4] Understand And Fix WordPress File Permissions In 5 Minutes

Published on: March 31, 2020

WordPress file permissions: Various components and files and their appropriate permissions

list of wordpress file permissions

Correct file permissions for wp-content

wp-content stores all the themes, plugins and uploads to your WordPress account. Allowing random modifications to these files may cause errors to your site. Hence, set proper permissions to restrict editing by users in this folder. The correct WordPress file permission for this folder would be 755, and all the files within the folder must have 644. This will ensure your website’s safety as no one can write anything within the folder except the owner.

Correct file permissions for wp-includes

wp-includes is where all the core files reside. In addition to core files, it also includes all the other important files that are necessary for the proper functioning of the WordPress admin and API. Protect this folder by allowing editing permission to the owner only, i.e, the permission of 755.

Correct file permission for wp-content/uploads:

The wp-content/uploads file contains all your uploads to the website. Generally, only the owner should have editing access to files. However, wp-content is an exception. It needs to be writable by www-data too. That is, we need to allow the server writing access. Set 755 permission and add the user to the www-data group. Or, use ‘su’ temporarily to change the user to www-data. The appropriate permission for this file can be 755.

Correct file permissions for all the files

The appropriate permission for all files in WordPress should be 644. This means that the users have read and write permissions and groups and others can only read the files. This will ensure that no one accessing the files can alter them, apart from the owner.

Correct file permissions for all folders

The safe permission of all the folders is 755. This means permission to read, write and execute for the user; only read & execute access to the group and none at all to others.

Correct file permissions for wp-config

The wp-config is the configuration file of your WordPress and is one of the most sensitive files in the entire directory. Protect this with permission of 400. This means even the user and the server has no right to edit, whereas others can not even read.

Correct file permission for the PHP file in the wp-root

PHP file in the wp-root is a blank file that hides the entire directory. Without this, the entire file directory will be bare for all to see. The suggested file permission for this PHP file is 444. It is permission to read-only for all, including the user and the group.

Files/FoldersPermissions
wp-content755
wp-includes755
All .php files644
All folders755
wp-config.php (public_html folder)400
index.php (public_html folder)444

This is precisely how file & folder permissions should be set in your WordPress.

Was this post helpful?

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany