Skip to content

Instantly share code, notes, and snippets.

@ebta

ebta/file-permission-wordpress.md

Created May 10, 2023 06:13
Show Gist options
  • Save ebta/6ce99e514193b3f03c5ce46bdeaee9ca to your computer and use it in GitHub Desktop.
Save ebta/6ce99e514193b3f03c5ce46bdeaee9ca to your computer and use it in GitHub Desktop.
Download ZIP
File permission wordpress and Hardening it
Raw
file-permission-wordpress.md

When you setup WP you (the webserver) may need write access to the files. So the access rights may need to be loose.

chown www-data:www-data  -R * # Let Apache be owner
find . -type d -exec chmod 755 {} \;  # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \;  # Change file permissions rw-r--r--

After the setup you should tighten the access rights, according to Hardening WordPress all files except for wp-content should be writable by your user account only. wp-content must be writable by www-data too.

chown <username>:<username>  -R * # Let your useraccount be owner
chown www-data:www-data wp-content # Let apache be owner of wp-content

Maybe you want to change the contents in wp-content later on. In this case you could

  • temporarily change to the user to www-data with su,
  • give wp-content group write access 775 and join the group www-data or
  • give your user the access rights to the folder using ACLs.

Whatever you do, make sure the files have rw permissions for www-data.

Ref: https://stackoverflow.com/a/23755604

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment