Fix WordPress File Permission

permissions.sh

#!/bin/bash -ex
#
# configures wordpress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# script is aware of .git directories by default. edit if you need to consider
# other folders as well.
#
# you will find a log file in /tmp/ in case you fucked up.

WP_OWNER=www-data # <-- wordpress owner
WP_GROUP=www-data # <-- wordpress group
WP_ROOT=$(pwd) # <-- wordpress root directory / run from root or edit
WS_GROUP=www-data # <-- webserver group
LOG=`mktemp "${TMPDIR:-/tmp}"/permissions.XXXXXXXXXX` # create log

# reset to safe defaults
find ${WP_ROOT} -not -iwholename '*.git*' -exec chown -v ${WP_OWNER}:${WP_GROUP} {} \; >> $LOG
find ${WP_ROOT} -not -iwholename '*.git*' -type d -exec chmod -v 755 {} \; >> $LOG
find ${WP_ROOT} -not -iwholename '*.git*' -type f -exec chmod -v 644 {} \; >> $LOG

# allow wordpress to manage wp-config.php (but prevent world access)
chgrp -v ${WS_GROUP} ${WP_ROOT}/wp-config.php >> $LOG
chmod -v 660 ${WP_ROOT}/wp-config.php >> $LOG

# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess 
chgrp -v ${WS_GROUP} ${WP_ROOT}/.htaccess >> $LOG
chmod -v 664 ${WP_ROOT}/.htaccess >> $LOG

# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp -v ${WS_GROUP} {} \; >> $LOG
find ${WP_ROOT}/wp-content -type d -exec chmod -v 775 {} \; >> $LOG
find ${WP_ROOT}/wp-content -type f -exec chmod -v 664 {} \; >> $LOG

there are many reasons why file permissions on a wordpress install can be completely messed up.

example:

 curl -sS wordpress.org/latest.tar.gz | tar -xvz --strip-components=1

now, if you're in mode, you can pipe it to the shell.

wget -O - https://gist.githubusercontent.com/heyalexej/11351829/raw/permissions.sh | sh

This looks nice, but I’m feeling sorry for you that you’re working with WordPress ;)

Sometimes a man's gotta do what a man's gotta do.