Wordpress File and Folder permissions – what should they be?
It’s important to ensure that WordPress files and folders have the correct ownership and permissions. Not only does this allow WordPress to keep itself updated, it also prevents attackers from exploiting poor file security and taking control of your site.
WordPress folders should always have 0755 permissions, and WordPress files should always have 0644 permissions – although this can vary from host to host.
If you’re getting errors when attempting to install plugins, or upload new media, don’t be tempted to set any folder permissions to 0777. Instead, work with your web host to ensure that PHP is run with the correct user, and that the folders are owned by the same user.
If you’ve got shell access, you can run a few commands to ensure WordPress is secure:
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;
find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;
If you know the user and group that should have ownership of the WordPress files and folders, use:
sudo chown -R username:group /path/to/your/wordpress/install