Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WordPress Permissions Configuration Script
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=changeme # <-- wordpress owner
WP_GROUP=changeme # <-- wordpress group
WP_ROOT=/home/changeme # <-- wordpress root directory
WS_GROUP=changeme # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php
# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess
# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;
@macbleser

This comment has been minimized.

Copy link
Owner Author

macbleser commented Feb 21, 2014

Save the file as wordpress-perms.sh and set appropriate permissions for that script file using the following command:

chmod +x wordpress-perms.sh

Run the script with the following command:

./wordpress-perms.sh

After successful execution delete wordpress-perms.sh script file and then you are done.

rm wordpress-perms.sh
@vancouverwill

This comment has been minimized.

Copy link

vancouverwill commented Apr 13, 2015

hey @macbleser this script was great super helpful. I would suggest returning the .git directory back to the sysadmin owner after processing as this directory shouldn't be controllable by the apache user.

see https://gist.github.com/vancouverwill/b409515938548497bc7e

thanks

Will

@jacksierkstra

This comment has been minimized.

Copy link

jacksierkstra commented Oct 10, 2015

I made a minor alteration to this script namely:

#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=changeme # <-- wordpress owner
WP_GROUP=changeme # <-- wordpress group
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=www-data # <-- webserver group

And then you can call this script like the following:
./wp-permissions-script /var/www/wordpress-directory

That was useful to me as I had more Wordpress installations on my webserver.

@bradbakerdx

This comment has been minimized.

Copy link

bradbakerdx commented Nov 26, 2015

WS_GROUP makes sense - that's going to be www-data or apache depending on your distro
WP_OWNER makes sense - that's going to be whatever user needs to interact with the files

But what is WS_GROUP? What's that supposed to be set to?

@NeonMonk

This comment has been minimized.

Copy link

NeonMonk commented May 3, 2016

Good work @jacksierkstra, that means it can be run on all wordpress directories like this: find /var/www -maxdepth 1 -type d -exec wp-permissions-script {} ;

@bradbakerdx: WS_GROUP is generally the same as WP_GROUP. Some people may have a different setup, if it's not immediately obvious to you, you don't. :)

@tech4eleven

This comment has been minimized.

Copy link

tech4eleven commented May 9, 2016

Is it possible to run this script on a wordpress installation on a windows server 2008 server? if so, how exactly?

@s1037989

This comment has been minimized.

Copy link

s1037989 commented Aug 18, 2016

Wow, this is helpful! I wish Wordpress would include this in the tarball! Every time I do a new installation I struggle to get the permissions right before handing it over to the developer and then it's constant back and forth: "try again!"

What do you think about this updated version:

#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro (https://gist.github.com/macbleser/9136424)
#
WP_ROOT=${1:-.} # <-- wordpress root directory, current directory by default
[ -e "$WP_ROOT/wp-config.php" ] || { echo "Usage: $0 /path/to/wordpress"; exit; } # <-- detect that the directory is a wordpress root
WP_OWNER=$(id -u $(logname)) # <-- wordpress owner (This assumes the wordpress owner is the logged in user)
WP_GROUP=$(id -g $(logname)) # <-- wordpress group (This assumes the wordpress owner is the logged in user)
WS_GROUP=$(
     source /etc/apache2/envvars 2>/dev/null && # This works on debian-based systems at least
     echo "$APACHE_RUN_GROUP" ||
     echo nobody  
) # <-- webserver group
echo "Fixing permissions on $WP_ROOT"
echo "Wordpress owner.group: $WP_OWNER.$WP_GROUP"
echo "Web Server group: $WS_GROUP"

echo 'reset to safe defaults'
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

echo 'allow wordpress to manage wp-config.php (but prevent world access)'
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

echo 'allow wordpress to manage .htaccess'
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess

echo 'allow wordpress to manage wp-content'
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;
@jaysin586

This comment has been minimized.

Copy link

jaysin586 commented Sep 8, 2016

I want to thank you so much for this!

For those of you looking into a default AWS word press install please use the below variables:

WP_OWNER=apache # &lt;-- wordpress owner
WP_GROUP=apache # &lt;-- wordpress group
WP_ROOT=/var/www/html # &lt;-- wordpress root directory
WS_GROUP=apache # &lt;-- webserver group
@KontrivedMedia

This comment has been minimized.

Copy link

KontrivedMedia commented Sep 15, 2016

How would I get this working on my local machine (Mac running Mamp Pro) as the above script doesn't work for me and sets the group to nobody. Which renders my site a whitescreen.

@jult

This comment has been minimized.

Copy link

jult commented Oct 26, 2016

This assumes apache is the webserver. I have to admin several servers and sites that run solely using nginx and php5-fpm.

@phidomo

This comment has been minimized.

Copy link

phidomo commented Dec 10, 2016

How do I get the WP_OWNER, WP_GROUP and WS_GROUP of my current WordPress installation?

@michaelwdc

This comment has been minimized.

Copy link

michaelwdc commented Mar 21, 2017

This is great! I've been struggling with getting the correct file/folder permissions. This script makes it easy.

@burbridgeconsulting

This comment has been minimized.

Copy link

burbridgeconsulting commented Apr 2, 2017

I can't tell you how helpful this is. Thanks!

@milesstewart88

This comment has been minimized.

Copy link

milesstewart88 commented Aug 30, 2018

I needed this!

@KarlYee

This comment has been minimized.

Copy link

KarlYee commented Oct 4, 2018

Wonderful! Something that should come bundled w/ the WP install package.

@inventortechie

This comment has been minimized.

Copy link

inventortechie commented Dec 4, 2018

Why is there a separate WordPress group, and a Server Group?

@kl3sk

This comment has been minimized.

Copy link

kl3sk commented Dec 28, 2018

To automatically find webserver user, symfony provide a command:

HTTPDUSER=$(ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1)

source: https://symfony.com/doc/3.3/setup/file_permissions.html#using-acl-on-a-system-that-supports-setfacl-linux-bsd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.