Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Fix wordpress file permissions
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro <mike [at] conigliaro [dot] org>
#
WP_OWNER=www-data # <-- wordpress owner
WP_GROUP=www-data # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=www-data # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php
# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;
@timbru31

This comment has been minimized.

Copy link

@timbru31 timbru31 commented Jun 8, 2014

thanks! :)

@tcope25

This comment has been minimized.

Copy link

@tcope25 tcope25 commented Jul 23, 2014

this worked perfect for me. Thanks!

@solarjohn

This comment has been minimized.

Copy link

@solarjohn solarjohn commented Jan 28, 2015

This saved me! thank you! my site was totally offline for some reason and this solved it. double thumbs up

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jun 3, 2015

So, I used this because my wp-content/uploads was giving me permission errors (on a new install).
It works now, however since the data is now "owned" by www-data, i can no longer edit files via ftp.
I tried adding the user that I use to ftp to the www-data group, but that doesn't seem to work. Any thoughts?

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jun 3, 2015

https://codex.wordpress.org/Changing_File_Permissions

Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared hosts, files should never be owned by the webserver process itself (sometimes this is www, or apache, or nobody user).

@smuralii

This comment has been minimized.

Copy link

@smuralii smuralii commented Nov 3, 2015

This works link a charm. Thank for the resource.

@alagu

This comment has been minimized.

Copy link

@alagu alagu commented Apr 10, 2016

Worked like magic.

@malhal

This comment has been minimized.

Copy link

@malhal malhal commented May 14, 2016

Fixed all my problems thanks

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented May 24, 2016

I'm sorry, but i dont know how this works, someone can explain it pls? I've got a problem w/ wordpress permissions and this seems to be a solution.

@kiajimmy

This comment has been minimized.

Copy link

@kiajimmy kiajimmy commented Jun 13, 2016

thanks

@h3nr1ke

This comment has been minimized.

Copy link

@h3nr1ke h3nr1ke commented Aug 22, 2016

thanks man..

@johnfelipe

This comment has been minimized.

Copy link

@johnfelipe johnfelipe commented Aug 25, 2016

hi bro, why show me this:

felipe@felipeurrego:/var/www/html$ sudo ./fix-wordpress-permissions.sh
chgrp: cannot access ‘/wp-config.php’: No such file or directory
chmod: cannot access ‘/wp-config.php’: No such file or directory
find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory
@DevelopIntelligenceBoulder

This comment has been minimized.

Copy link

@DevelopIntelligenceBoulder DevelopIntelligenceBoulder commented Sep 13, 2016

Also getting the


find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory
find: `/wp-content': No such file or directory
@malhal

This comment has been minimized.

Copy link

@malhal malhal commented Sep 28, 2016

You need to supply the folder your wordpress is in, e.g. ./fix-wordpress-permissions.sh wordpress

@NatiNog

This comment has been minimized.

Copy link

@NatiNog NatiNog commented Oct 18, 2016

Thank you!!!
I was wondering if you could tell me why I'm getting this error when trying to update the core:
"The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php"

@kikoking

This comment has been minimized.

Copy link

@kikoking kikoking commented Feb 5, 2017

NaitNog - "You need to supply the folder your wordpress is in, e.g. ./fix-wordpress-permissions.sh wordpress". I get a permission denied when trying to run this. Also just wondering, is it necessary to set this? Is this something that should be set when installing wordpress out of the box every time? I'm just wondering because I had a few permissions issues after installing wordpress with wget in terminal, but it was resolved by running chown -R ftpusername:ftpusername *

@primedime

This comment has been minimized.

Copy link

@primedime primedime commented Mar 10, 2017

find: `/wp-content': No such file or directory

That is happening because that is not the path to your directory. You may need to add /var/www/vhosts/domainname.com/httpsdocs/wp-content/

which would be the full folder path. This example path might not be the same as yours, it is just an example. Basically you need a more precise path.

@pankaj9296

This comment has been minimized.

Copy link

@pankaj9296 pankaj9296 commented Mar 15, 2017

#create fix-wordpress-permissions.sh ("sudo nano fix-wordpress-permissions.sh" and put the content in it)
chmod +x fix-wordpress-permissions.sh (give execute permissions)
./fix-wordpress-permissions.sh . (execute)

@richb-hanover

This comment has been minimized.

Copy link

@richb-hanover richb-hanover commented Mar 28, 2017

@Adirael Thanks for this script - it worked fine! Many of the questions above would go away if you could add this explanation after line 6 of the original script:

# Source for this script: http://www.conigliaro.org/script-to-configure-proper-wordpress-permissions/
#
# To use this script, supply the full path to your wordpress directory
# That directory is often in /var/www, and the wordpress directory is frequently named 'wordpress'
# The example below operates on /var/www/wordpress directory
#
# sudo sh ./fix-wordpress-permissions.sh /var/www/wordpress
@boaglio

This comment has been minimized.

Copy link

@boaglio boaglio commented May 6, 2017

thanks!

@CallMeJess

This comment has been minimized.

Copy link

@CallMeJess CallMeJess commented May 25, 2017

Thank you so much! Can't believe I just found this now.

@daudi250

This comment has been minimized.

Copy link

@daudi250 daudi250 commented Jun 13, 2017

the struggle for this one is real. tried so many time and failed. finally worked with the help @richb-hanover comment.

So i will explain the thing further.

  1. you need to make a .sh file.
  2. create a new file under the name of fix-wordpress-permissions and use .sh as its extension
  3. add the above content.

now comes the tricky part.

you need to upload the file, where your website or wordpress is being hosted i.e. the directory/path/wordpress for eg.

/home/admin/web/mywebsite/public_html

I am using Ubuntu 16 on amazon ec2 and i have installed VestaCP. Therefore the path of my directory is the one mentioned. You path can be

/Var/www/wesite/yourwebiste or something.

It all depends where the website is installed.

How i got here?

I used SSH to login and navigated here using CD command.

cd /home/admin/web/mywebsite/public_html.

  1. You need to upload the .sh file over here using filezilla or scp or cybercuk or whatever software you want to use..

  2. now execute the command as mentioned by @pankaj

chmod +x fix-wordpress-permissions.sh (gives execute permissions)

You need to be in the directory of your wordpress (do remember this prior executing the command)
now

sudo sh ./fix-wordpress-permissions.sh /home/admin/web/yourwebsite-goes-here/public_html (use this command to execute).

Please do note that this is my directory and your directory can be different. you need to be in the directory of your wordpress installation to execute the command.

When you press enter it will work. Wait for sometime.
screen shot 2017-06-13 at 11 19 08 pm

@briann-cs

This comment has been minimized.

Copy link

@briann-cs briann-cs commented Jul 20, 2017

Works great! Thank you :D

@neel92

This comment has been minimized.

Copy link

@neel92 neel92 commented Sep 27, 2017

It's work. Thanks !!

@PabloWestphalen

This comment has been minimized.

Copy link

@PabloWestphalen PabloWestphalen commented Oct 12, 2017

i love this and use it frequently, you rock

@fsspencer

This comment has been minimized.

Copy link

@fsspencer fsspencer commented Oct 24, 2017

Very helpful! Thanks

@tonicastillo

This comment has been minimized.

Copy link

@tonicastillo tonicastillo commented Nov 23, 2017

Thanks, it works perfect, but something like this, at start, would be fine to prevent no parameter error:
# alert if no parameters if [[ $# -eq 0 ]] ; then echo 'Error. You need to spacify folder, example: ./fix-wordpress-permissions.sh public_html' exit 0 fi

@ptykamikaze

This comment has been minimized.

Copy link

@ptykamikaze ptykamikaze commented Nov 24, 2017

Thanks a lot!

@bossfight

This comment has been minimized.

Copy link

@bossfight bossfight commented Dec 23, 2017

nice work

@dmarcelino

This comment has been minimized.

Copy link

@dmarcelino dmarcelino commented Jan 13, 2018

Thank you! I only regret not finding this earlier.

@Mythwrestler

This comment has been minimized.

Copy link

@Mythwrestler Mythwrestler commented Jan 20, 2018

Holy crap, what a simple and elegant solution! THANK YOU!!!!

@tschabet

This comment has been minimized.

Copy link

@tschabet tschabet commented Feb 9, 2018

Great script, but it did not fix my update problems, at least not for Wordpress version updates. It is still necessary to enter FTP credentials. However it works for plugin or theme updates. Any ideas on avoiding to enter FTP data when trying to update?
I am talking about a Webserver with several websites, where customers upload their files with FTP. Ownership and Permissions should be right but it still does not work. I searched around in Google but did not find a solution for that. Why is this that complicated?

@g30h

This comment has been minimized.

Copy link

@g30h g30h commented Mar 16, 2018

Thanks it worked!

@chrislovessushi

This comment has been minimized.

Copy link

@chrislovessushi chrislovessushi commented Apr 6, 2018

Just wanted to say thanks, I use this all of the time and it's a life saver!

@starsky135

This comment has been minimized.

Copy link

@starsky135 starsky135 commented Apr 7, 2018

This worked perfectly and is definitely something all WP developers should have on hand since nothing did the job as well as this. Thanks!

@409industries

This comment has been minimized.

Copy link

@409industries 409industries commented Apr 8, 2018

Adirael-
You are a rockstar for making this, got my moved site back up and running after some file / folder permissions got whacked. Kudos to you sir. Surprised there isn't a "Fix Broken WP permissions" plugin?

@daudi250
Thanks for taking the time to explain how to properly use this script! I just needed a little guidance to actually execute the .sh and it got it all going. Cheers to you!

@gjongenelen

This comment has been minimized.

Copy link

@gjongenelen gjongenelen commented May 29, 2018

Wouldn't it be faster to use

chown -R ${WP_OWNER}:${WP_GROUP} ${WP_ROOT}

instead of

find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;

?

@miguelmx

This comment has been minimized.

Copy link

@miguelmx miguelmx commented Jun 1, 2018

It worked great! thank you!

@msesxi

This comment has been minimized.

Copy link

@msesxi msesxi commented Jun 8, 2018

I'm using centos/cpanel/litespeed and I have the following error:
chown: invalid user: www-data:www-data
chgrp: invalid group: www-data

how should I fix it ?

@kcwebguy

This comment has been minimized.

Copy link

@kcwebguy kcwebguy commented Jun 11, 2018

Very helpful. I especially appreciate daudi250's comments.

@ovflowd

This comment has been minimized.

Copy link

@ovflowd ovflowd commented Jun 15, 2018

That saves lifes and files haha.

@xlucasfelix

This comment has been minimized.

Copy link

@xlucasfelix xlucasfelix commented Jun 27, 2018

This saved me from a tiring job! Thanks! @Adirael and @daudi250

@shakee93

This comment has been minimized.

Copy link

@shakee93 shakee93 commented Jul 3, 2018

if the .sh file is in root directory

run

 sudo sh ./fix-wordpress-permissions.sh ./
@DogByteMarketing

This comment has been minimized.

Copy link

@DogByteMarketing DogByteMarketing commented Jul 7, 2018

Following daudi250 I had to change around based on CentOS usage

WP_OWNER=cpanelusername # <-- wordpress owner
WP_GROUP=nobody # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=nobody # <-- webserver group

However it still did not fix my permission issues. I don't understand how my permissions got messed up, was updating fine, haven't installed any plugins, then today I couldn't do it. I had to run:

find . -type f -print -exec chmod 777 {} \;
find . -type d -print -exec chmod 777 {} \;

Perform the update

then revert permissions back

find . -type f -print -exec chmod 644 {} \;
find . -type d -print -exec chmod 755 {} \;
@devzons

This comment has been minimized.

Copy link

@devzons devzons commented Jul 17, 2018

Thx it works for me.

@rickslayer

This comment has been minimized.

Copy link

@rickslayer rickslayer commented Jul 28, 2018

thanks man. save my day ;)

@tasaduq

This comment has been minimized.

Copy link

@tasaduq tasaduq commented Oct 22, 2018

thanks! perfect way to restore messed up permissions.

@chihebnabil

This comment has been minimized.

Copy link

@chihebnabil chihebnabil commented Dec 31, 2018

Thanks

@alvarovelezgalvez

This comment has been minimized.

Copy link

@alvarovelezgalvez alvarovelezgalvez commented Jan 3, 2019

Great solution! Thanks!

@coljenki

This comment has been minimized.

Copy link

@coljenki coljenki commented Feb 24, 2019

Great work, solved my problems (well, the Wordpress one anyway :-))

@larssn

This comment has been minimized.

Copy link

@larssn larssn commented Mar 23, 2019

chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
This line will do nothing, might as well remove it. I can't think of a scenario where the WS_GROUP and WP_GROUP wouldnt be identical.

@richpeck

This comment has been minimized.

Copy link

@richpeck richpeck commented Mar 30, 2019

Worked for me, thank you.

@Milestacular

This comment has been minimized.

Copy link

@Milestacular Milestacular commented May 22, 2019

Been trying to fix my permissions to get my VPS install of WP working for days now, scratching my head and getting extremely pissed off but this solved it instantly! Thank you!

@perrout

This comment has been minimized.

Copy link

@perrout perrout commented Sep 24, 2019

Thanks!!

@antoine-briand

This comment has been minimized.

Copy link

@antoine-briand antoine-briand commented Oct 21, 2019

Kudos for this script ! 🥇

@ic0dews

This comment has been minimized.

Copy link

@ic0dews ic0dews commented Nov 1, 2019

Voila this script helped save my wordpress instances.

@midhunvnadh

This comment has been minimized.

Copy link

@midhunvnadh midhunvnadh commented Nov 9, 2019

We have a fix for this.
if you are using a LAMP server, you need to add yourself to the group www-data.
Or try adding root to www-data.
One of these must work.
See this post : https://www.techify.club/2019/11/09/fix-linux-lamp-server-permission-issues-ultimate-fix-2020/

@bc24

This comment has been minimized.

Copy link

@bc24 bc24 commented Dec 23, 2019

thank you very much

@larsonreever

This comment has been minimized.

Copy link

@larsonreever larsonreever commented Jan 2, 2020

I have been scratching my head since days and finally it worked like a charm for me too. Thanks to this post, which explains various aspects of the issue in a well defined manner. I think you should have a look at this post - How to Fix WordPress File and Folder Permissions Error?. Thanks!

@ZerooCool

This comment has been minimized.

Copy link

@ZerooCool ZerooCool commented Jan 9, 2020

WP_ROOT=$1 # <-- wordpress root directory

$1 need to be replace with the path to wordpress root directory, or, is it obtained otherwise?

@obj

This comment has been minimized.

Copy link

@obj obj commented Jan 10, 2020

WP_ROOT=$1 # <-- wordpress root directory

$1 need to be replace with the path to wordpress root directory, or, is it obtained otherwise?

Just use it like "fix-wordpress-permissions.sh /var/www/your-wordpress-folder"

@antoine-briand

This comment has been minimized.

Copy link

@antoine-briand antoine-briand commented Jan 10, 2020

@ZeroCool In bash, $1 is the first command line argument given to your program (see : https://stackoverflow.com/questions/29258603/what-do-0-1-2-mean-in-shell-script). As said by https://gist.github.com/Adirael/3383404#gistcomment-3133780, if you want the script to point to your wordpress folder, you have to call it with, as first argument, a string that contains the path to your wordpress folder.

@ZerooCool

This comment has been minimized.

Copy link

@ZerooCool ZerooCool commented Jan 13, 2020

Oh ! Ok.
Then i can make the same in my script.
https://gist.github.com/ZerooCool/4a22e96a52c4268b68679e4269e66f73

But, i use read, and not $1.

@aveeshkumar

This comment has been minimized.

Copy link

@aveeshkumar aveeshkumar commented Feb 13, 2020

OMG - thanks so much - a few echo 's would have been icing on the cake - maybe i will fork it :-) thank you

@parkisutama

This comment has been minimized.

Copy link

@parkisutama parkisutama commented Feb 27, 2020

I'm using centos/cpanel/litespeed and I have the following error:
chown: invalid user: www-data:www-data
chgrp: invalid group: www-data

how should I fix it ?

@msesxi
I use VPS with Openlitespeed 1.6.8 try change group with nogroup and user with nobody
should be like this :
WP_OWNER=nobody # <-- wordpress owner (if you use shared host, but if use VPS like me try your user and group instead)
WP_GROUP=nogroup # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=nogroup # <-- webserver group

@rubo77

This comment has been minimized.

Copy link

@rubo77 rubo77 commented Apr 6, 2020

Great improvements in these forks:

I added those and anhanced it in a Github repository here:

especially those is an enhancement:

PS4="# "; set -x
: ::: Change owner and group. Put this line in a cronjob if you plan to both upload by Wordpress, which is usually the user www-data, and autodeploy by WP_OWNER regularly:
find ${WP_ROOT} -not '(' -user  ${WP_OWNER} -a -group ${WP_GROUP} ')' -exec chown $VERBOSE ${WP_OWNER}:${WP_GROUP} {} \;

: ::: Resetting permissions to safe defaults
find ${WP_ROOT} -type d -not -perm 755 -exec chmod 755 {} \;
find ${WP_ROOT} -type f -not -perm 644 -exec chmod 644 {} \;

: ::: Allowing wordpress to manage wp-config.php, but prevent world access
chgrp ${WWW_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

: ::: Allowing wordpress to manage wp-content
find ${WP_ROOT}/wp-content -not -group ${WWW_GROUP} -exec chgrp $VERBOSE ${WWW_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -not -perm 775 -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -not -perm 664 -exec chmod 664 {} \;
@ZerooCool

This comment has been minimized.

Copy link

@ZerooCool ZerooCool commented Apr 10, 2020

Now I use the passage of the site by parameter.
I revised my script which seems to work perfectly for CHMOD.
I still encounter a problem for chown, when I am in production, however, the chown work good when I am in local.
I'll check that out, and read your examples again.

If anyone wishes to test my script, I would like to have your opinion.
I am looking to use a more dynamic script, which will give the administrator more choice.
This script will modify CHOWN and CHMOD, depending on whether one is in development or in production.
This script also allows to configure the following files in a specific way (index.html index.htm index.php, configuration.php, wp-config.php, LocalSettings.php)

https://github.com/ZerooCool/fix-apache-permissions.sh

@ingageco

This comment has been minimized.

Copy link

@ingageco ingageco commented Jul 3, 2020

Thank you!

@M-Faizan480

This comment has been minimized.

Copy link

@M-Faizan480 M-Faizan480 commented Jul 16, 2020

Anyone guide me where I paste that query to solve my problem.......?Or tell me how I put my .sh file to fix that bug.Thanks.Waiting for reply.

@M-Faizan480

This comment has been minimized.

Copy link

@M-Faizan480 M-Faizan480 commented Jul 16, 2020

image

tell me here i upload the file...????

@JonnyTech

This comment has been minimized.

Copy link

@JonnyTech JonnyTech commented Jul 16, 2020

@M-Faizan480 it is a script not a web query. You need shell / ssh access to your server. Login to the Linux terminal of your host then execute the file.

@ciberjohn

This comment has been minimized.

Copy link

@ciberjohn ciberjohn commented Jul 24, 2020

Many thanks for this. It works like a charm.

@prasannjeet

This comment has been minimized.

Copy link

@prasannjeet prasannjeet commented Sep 27, 2020

It's 2020. Still works like a charm! Thank you 👍

@jjxtra

This comment has been minimized.

Copy link

@jjxtra jjxtra commented Oct 8, 2020

Isn't putting everything to www-data going to be insecure?

@ZerooCool

This comment has been minimized.

Copy link

@ZerooCool ZerooCool commented Oct 9, 2020

www-data is for developpement.
root or other is for production

If you use root, a file can't be modified by apache
For exemple, if you use a CMS ( WP / Joomla ... ) and if all your file is for root, a CMS update can't change the existing files.
Then, your CMS is a little more protected. Only root can change the good right. Use www-data:www-data for apply a CMS update and protect all file with root:root or root:www-data ( need read more information for that. )

@zohairmohamed

This comment has been minimized.

Copy link

@zohairmohamed zohairmohamed commented Nov 3, 2020

still I am getting the errors although I did what you have suggested . I am using architect theme
this is the message :
Fatal error: Uncaught Error: Call to undefined function ctype_xdigit()
in /hermes/bosnacweb05/bosnacweb05ab/b1567/ipg.zohair9856655/mysite.com/wordpress/wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-colors.php on line 205

Call stack:

Redux_Colors::sanitize_hex()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-colors.php:276
Redux_Colors::sanitize_color()
wp-content/plugins/redux-framework/redux-core/inc/validation/color/class-redux-validation-color.php:42
Redux_Validation_Color::validate()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-validate.php:39
Redux_Validate::__construct()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-validation.php:197
Redux_Validation::validate()
wp-content/plugins/redux-framework/redux-core/inc/classes/class-redux-options-constructor.php:907
Redux_Options_Constructor::validate_options()
wp-includes/class-wp-hook.php:289
WP_Hook::apply_filters()
wp-includes/plugin.php:206
apply_filters()
wp-includes/formatting.php:4899
sanitize_option()
wp-includes/option.php:368
update_option()
wp-admin/options.php:314

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.