MinhTech.com

Yet another technology tutorial blog.

Lockdown WordPress File Permissions

By • Sep 9th, 2009 • Category: Linux

Here is how to lockdown WordPress file permissions on a Linux server.

First, Set Default File Permissions:

> cd /var/www/html
> find . -type d -exec chmod 755 {} \;
> find . -type f -exec chmod 644 {} \;

Navigate to the WordPress root directory. For all sub-directories, grant full privileges to the owner, and then only read and execute privileges to all others. For files, grant full privileges to the owner, and then only the read privilege to all others.

Next, Set Permissions for the Uploads Directory:

> cd /var/www/html/wp-content
> chmod 777 uploads
> cd uploads
> find . -type d -exec chmod 777 {} \;
> find . -type f -exec chmod 666 {} \;

WordPress intended this folder to be writeable by all. Note that we do not grant execute privileges to the files.

Optionally Allow Write on Theme Files:

> cd /var/www/html/wp-content/themes/themename
> chmod 666 *.php
> chmod 666 *.css

Grant read and write privileges to all for the PHP and Cascading Style Sheet (CSS) files if you wish to use the built-in theme editor in the WordPress administration console.

Optionally Allow Write on .htaccess:

> cd /var/www/html
> chmod 666 *.htaccess

Grant read and write privileges to all for the .htaccess file in the WordPress root directory if you wish to allow WordPress to automatically generate rewrite rules for you. It is good practice to remove the write privilege from all others (chmod 644 .htaccess) after you are done configuring WordPress in the administration console. Unless you are making changes to settings, WordPress does not normally need write access to this file.

Optionally Allow Additional Permissions:

> cd /var/www/html
> chmod 666 sitemap.xml
> chmod 666 sitemap.xml.gz

Third party themes and plugins may require additional permissions. Please refer to their documentation for instructions. In this example, read and write privileges are granted to all for files manipulated by the popular Google (XML) Sitemaps Generator plugin.

is a technology junkie.
Email this author | All posts by

One Response »

  1. Minh,
    Many thanks for this post. I had a development site that i promoted from my desktop to my web server and I couldn’t update any files from the WP admin side. After running through these Linux commands, everything started to work!

    -JEff

Leave a Reply