Fix wordpress file permissions

fix-wordpress-permissions.sh

#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro <mike [at] conigliaro [dot] org>
#
WP_OWNER=www-data # <-- wordpress owner
WP_GROUP=www-data # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=www-data # <-- webserver group

# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

thanks! :)

this worked perfect for me. Thanks!

This saved me! thank you! my site was totally offline for some reason and this solved it. double thumbs up

So, I used this because my wp-content/uploads was giving me permission errors (on a new install).
It works now, however since the data is now "owned" by www-data, i can no longer edit files via ftp.
I tried adding the user that I use to ftp to the www-data group, but that doesn't seem to work. Any thoughts?

https://codex.wordpress.org/Changing_File_Permissions

Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared hosts, files should never be owned by the webserver process itself (sometimes this is www, or apache, or nobody user).

This works link a charm. Thank for the resource.

Worked like magic.

Fixed all my problems thanks

I'm sorry, but i dont know how this works, someone can explain it pls? I've got a problem w/ wordpress permissions and this seems to be a solution.

thanks

thanks man..

hi bro, why show me this:

felipe@felipeurrego:/var/www/html$ sudo ./fix-wordpress-permissions.sh
chgrp: cannot access ‘/wp-config.php’: No such file or directory
chmod: cannot access ‘/wp-config.php’: No such file or directory
find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory

Also getting the

find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory

You need to supply the folder your wordpress is in, e.g. ./fix-wordpress-permissions.sh wordpress

Thank you!!!
I was wondering if you could tell me why I'm getting this error when trying to update the core:
"The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php"

NaitNog - "You need to supply the folder your wordpress is in, e.g. ./fix-wordpress-permissions.sh wordpress". I get a permission denied when trying to run this. Also just wondering, is it necessary to set this? Is this something that should be set when installing wordpress out of the box every time? I'm just wondering because I had a few permissions issues after installing wordpress with wget in terminal, but it was resolved by running chown -R ftpusername:ftpusername *

find: `/wp-content': No such file or directory

That is happening because that is not the path to your directory. You may need to add /var/www/vhosts/domainname.com/httpsdocs/wp-content/

which would be the full folder path. This example path might not be the same as yours, it is just an example. Basically you need a more precise path.

#create fix-wordpress-permissions.sh ("sudo nano fix-wordpress-permissions.sh" and put the content in it)
chmod +x fix-wordpress-permissions.sh (give execute permissions)
./fix-wordpress-permissions.sh . (execute)

@Adirael Thanks for this script - it worked fine! Many of the questions above would go away if you could add this explanation after line 6 of the original script:

# Source for this script: http://www.conigliaro.org/script-to-configure-proper-wordpress-permissions/
#
# To use this script, supply the full path to your wordpress directory
# That directory is often in /var/www, and the wordpress directory is frequently named 'wordpress'
# The example below operates on /var/www/wordpress directory
#
# sudo sh ./fix-wordpress-permissions.sh /var/www/wordpress

thanks!

Thank you so much! Can't believe I just found this now.

the struggle for this one is real. tried so many time and failed. finally worked with the help @richb-hanover comment.

So i will explain the thing further.

1. you need to make a .sh file.
2. create a new file under the name of fix-wordpress-permissions and use .sh as its extension
3. add the above content.

now comes the tricky part.

you need to upload the file, where your website or wordpress is being hosted i.e. the directory/path/wordpress for eg.

/home/admin/web/mywebsite/public_html

I am using Ubuntu 16 on amazon ec2 and i have installed VestaCP. Therefore the path of my directory is the one mentioned. You path can be

/Var/www/wesite/yourwebiste or something.

It all depends where the website is installed.

How i got here?

I used SSH to login and navigated here using CD command.

cd /home/admin/web/mywebsite/public_html.

4. You need to upload the .sh file over here using filezilla or scp or cybercuk or whatever software you want to use..

5. now execute the command as mentioned by @pankaj

chmod +x fix-wordpress-permissions.sh (gives execute permissions)

You need to be in the directory of your wordpress (do remember this prior executing the command)
now

sudo sh ./fix-wordpress-permissions.sh /home/admin/web/yourwebsite-goes-here/public_html (use this command to execute).

Please do note that this is my directory and your directory can be different. you need to be in the directory of your wordpress installation to execute the command.

When you press enter it will work. Wait for sometime.

Works great! Thank you :D

It's work. Thanks !!

i love this and use it frequently, you rock

Very helpful! Thanks

Thanks, it works perfect, but something like this, at start, would be fine to prevent no parameter error:
# alert if no parameters if [[ $# -eq 0 ]] ; then echo 'Error. You need to spacify folder, example: ./fix-wordpress-permissions.sh public_html' exit 0 fi

Thanks a lot!

nice work

Thank you! I only regret not finding this earlier.

Holy crap, what a simple and elegant solution! THANK YOU!!!!

Great script, but it did not fix my update problems, at least not for Wordpress version updates. It is still necessary to enter FTP credentials. However it works for plugin or theme updates. Any ideas on avoiding to enter FTP data when trying to update?
I am talking about a Webserver with several websites, where customers upload their files with FTP. Ownership and Permissions should be right but it still does not work. I searched around in Google but did not find a solution for that. Why is this that complicated?

Thanks it worked!

Just wanted to say thanks, I use this all of the time and it's a life saver!

This worked perfectly and is definitely something all WP developers should have on hand since nothing did the job as well as this. Thanks!

Adirael-
You are a rockstar for making this, got my moved site back up and running after some file / folder permissions got whacked. Kudos to you sir. Surprised there isn't a "Fix Broken WP permissions" plugin?

@daudi250
Thanks for taking the time to explain how to properly use this script! I just needed a little guidance to actually execute the .sh and it got it all going. Cheers to you!

Wouldn't it be faster to use

chown -R ${WP_OWNER}:${WP_GROUP} ${WP_ROOT}

instead of

find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;

?

It worked great! thank you!

I'm using centos/cpanel/litespeed and I have the following error:
chown: invalid user: www-data:www-data
chgrp: invalid group: www-data

how should I fix it ?

Very helpful. I especially appreciate daudi250's comments.

That saves lifes and files haha.

This saved me from a tiring job! Thanks! @Adirael and @daudi250

if the .sh file is in root directory

run

 sudo sh ./fix-wordpress-permissions.sh ./

Following daudi250 I had to change around based on CentOS usage

WP_OWNER=cpanelusername # <-- wordpress owner
WP_GROUP=nobody # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=nobody # <-- webserver group

However it still did not fix my permission issues. I don't understand how my permissions got messed up, was updating fine, haven't installed any plugins, then today I couldn't do it. I had to run:

find . -type f -print -exec chmod 777 {} \;
find . -type d -print -exec chmod 777 {} \;

Perform the update

then revert permissions back

find . -type f -print -exec chmod 644 {} \;
find . -type d -print -exec chmod 755 {} \;

Thx it works for me.

thanks man. save my day ;)

thanks! perfect way to restore messed up permissions.

Thanks

Great solution! Thanks!

Great work, solved my problems (well, the Wordpress one anyway :-))

chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
This line will do nothing, might as well remove it. I can't think of a scenario where the WS_GROUP and WP_GROUP wouldnt be identical.

Worked for me, thank you.

Been trying to fix my permissions to get my VPS install of WP working for days now, scratching my head and getting extremely pissed off but this solved it instantly! Thank you!

Thanks!!

Kudos for this script ! 🥇

Voila this script helped save my wordpress instances.

We have a fix for this.
if you are using a LAMP server, you need to add yourself to the group www-data.
Or try adding root to www-data.
One of these must work.
See this post : https://www.techify.club/2019/11/09/fix-linux-lamp-server-permission-issues-ultimate-fix-2020/

thank you very much

I have been scratching my head since days and finally it worked like a charm for me too. Thanks to this post, which explains various aspects of the issue in a well defined manner. I think you should have a look at this post - How to Fix WordPress File and Folder Permissions Error?. Thanks!

WP_ROOT=$1 # <-- wordpress root directory

$1 need to be replace with the path to wordpress root directory, or, is it obtained otherwise?

WP_ROOT=$1 # <-- wordpress root directory

$1 need to be replace with the path to wordpress root directory, or, is it obtained otherwise?

Just use it like "fix-wordpress-permissions.sh /var/www/your-wordpress-folder"

@ZeroCool In bash, $1 is the first command line argument given to your program (see : https://stackoverflow.com/questions/29258603/what-do-0-1-2-mean-in-shell-script). As said by https://gist.github.com/Adirael/3383404#gistcomment-3133780, if you want the script to point to your wordpress folder, you have to call it with, as first argument, a string that contains the path to your wordpress folder.

Oh ! Ok.
Then i can make the same in my script.
https://gist.github.com/ZerooCool/4a22e96a52c4268b68679e4269e66f73

But, i use read, and not $1.

OMG - thanks so much - a few echo 's would have been icing on the cake - maybe i will fork it :-) thank you

I'm using centos/cpanel/litespeed and I have the following error:
chown: invalid user: www-data:www-data
chgrp: invalid group: www-data

how should I fix it ?

@msesxi
I use VPS with Openlitespeed 1.6.8 try change group with nogroup and user with nobody
should be like this :
WP_OWNER=nobody # <-- wordpress owner (if you use shared host, but if use VPS like me try your user and group instead)
WP_GROUP=nogroup # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=nogroup # <-- webserver group

Great improvements in these forks:

• with validation of input parameter: https://gist.github.com/kyleskrinak/3f78dff0ab8526c2cf20
• with confirm questions to continue: https://gist.github.com/blizzrdof77/f35dc9fd404414ba0f97066e747219d2

I added those and anhanced it in a Github repository here:

• https://github.com/rubo77/fix-wordpress-permissions.sh/blob/master/fix-wordpress-permissions.sh

especially those is an enhancement:

PS4="# "; set -x
: ::: Change owner and group. Put this line in a cronjob if you plan to both upload by Wordpress, which is usually the user www-data, and autodeploy by WP_OWNER regularly:
find ${WP_ROOT} -not '(' -user  ${WP_OWNER} -a -group ${WP_GROUP} ')' -exec chown $VERBOSE ${WP_OWNER}:${WP_GROUP} {} \;

: ::: Resetting permissions to safe defaults
find ${WP_ROOT} -type d -not -perm 755 -exec chmod 755 {} \;
find ${WP_ROOT} -type f -not -perm 644 -exec chmod 644 {} \;

: ::: Allowing wordpress to manage wp-config.php, but prevent world access
chgrp ${WWW_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

: ::: Allowing wordpress to manage wp-content
find ${WP_ROOT}/wp-content -not -group ${WWW_GROUP} -exec chgrp $VERBOSE ${WWW_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -not -perm 775 -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -not -perm 664 -exec chmod 664 {} \;

Now I use the passage of the site by parameter.
I revised my script which seems to work perfectly for CHMOD.
I still encounter a problem for chown, when I am in production, however, the chown work good when I am in local.
I'll check that out, and read your examples again.

If anyone wishes to test my script, I would like to have your opinion.
I am looking to use a more dynamic script, which will give the administrator more choice.
This script will modify CHOWN and CHMOD, depending on whether one is in development or in production.
This script also allows to configure the following files in a specific way (index.html index.htm index.php, configuration.php, wp-config.php, LocalSettings.php)

https://github.com/ZerooCool/fix-apache-permissions.sh

Thank you!

Anyone guide me where I paste that query to solve my problem.......?Or tell me how I put my .sh file to fix that bug.Thanks.Waiting for reply.

tell me here i upload the file...????

@M-Faizan480 it is a script not a web query. You need shell / ssh access to your server. Login to the Linux terminal of your host then execute the file.

Many thanks for this. It works like a charm.

It's 2020. Still works like a charm! Thank you 👍

Isn't putting everything to www-data going to be insecure?

www-data is for developpement.
root or other is for production

If you use root, a file can't be modified by apache
For exemple, if you use a CMS ( WP / Joomla ... ) and if all your file is for root, a CMS update can't change the existing files.
Then, your CMS is a little more protected. Only root can change the good right. Use www-data:www-data for apply a CMS update and protect all file with root:root or root:www-data ( need read more information for that. )

still I am getting the errors although I did what you have suggested . I am using architect theme
this is the message :
Fatal error: Uncaught Error: Call to undefined function ctype_xdigit()
in /hermes/bosnacweb05/bosnacweb05ab/b1567/ipg.zohair9856655/mysite.com/wordpress/wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-colors.php on line 205

Call stack:

Redux_Colors::sanitize_hex()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-colors.php:276
Redux_Colors::sanitize_color()
wp-content/plugins/redux-framework/redux-core/inc/validation/color/class-redux-validation-color.php:42
Redux_Validation_Color::validate()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-validate.php:39
Redux_Validate::__construct()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-validation.php:197
Redux_Validation::validate()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-options-constructor.php:907
Redux_Options_Constructor::validate_options()
wp-includes/class-wp-hook.php:289
WP_Hook::apply_filters()
wp-includes/plugin.php:206
apply_filters()
wp-includes/formatting.php:4899
sanitize_option()
wp-includes/option.php:368
update_option()
wp-admin/options.php:314