Understanding WordPress File Permissions and Ownership
When you’re setting up WordPress, you’ll often need to alter file permissions and ownership. This enables the webserver (which is executing WordPress) to write into the necessary files or directories for the smooth operation of your website. However, it’s also essential to lock these permissions down again once your setup is finished to ensure your site’s security.
File Ownership in WordPress
Right after you install WordPress, you’ll need to provide WordPress with write access to certain files and directories. A quick and effective way to achieve this is by making Apache, the web server, an owner. This is done using the command:
chown www-data:www-data -R *
The chown
command changes ownership of files and directories, www-data
is commonly the user name for Apache server and -R *
applies the change to all files and directories.
Setting WordPress Directory and File Permissions
Next, you’ll need to set the appropriate directory and file permissions. For directories, we usually set the permissions to 755
. This means that the owner can read, write and execute, while the rest can only read and execute.
find . -type d -exec chmod 755 {} \;
For files, the permissions are often set to 644
, allowing the owner to read and write to a file, and the rest can only read the file.
find . -type f -exec chmod 644 {} \;
Hardening WordPress with Tighter Permissions
Once your WordPress setup is completed, for added security, it’s recommended to tighten the file permissions, which means you reduce the access rights for certain files to make them less vulnerable to threats. According to the WordPress hardening guide, apart from wp-content
, all other files should be writable by your user account only, and wp-content
should be writable by both you and www-data
.
To implement this, you can change the ownership back to your user account, and let Apache be the owner of wp-content
only with two commands:
chown : -R * chown www-data:www-data wp-content
More Options for WordPress Content Manipulation
In the future, if you want to modify the contents in the wp-content
directory, you have a few options. You can either:
- Temporarily switch to the
www-data
user with thesu
command, - Give
wp-content
group write access 775 and join thewww-data
group, - Give your user the access rights to the folder using ACLs.
All these options each has their merits, and whichever you choose, always make sure that the files have read and write (rw) permissions for www-data
.
Always remember, correct file permissions and ownership are critical for your WordPress site’s security and smooth operation. It’s always a balance between giving WordPress the abilities it needs to function properly, while also ensuring the security of your files and content.