-
-
Save njpanderson/0f90f386559ba24b966eededaf284436 to your computer and use it in GitHub Desktop.
Fix wordpress file permissions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# This script configures WordPress file permissions based on recommendations | |
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions | |
# | |
# Original Author: Michael Conigliaro <mike [at] conigliaro [dot] org> | |
# Edited By: Neil Anderson <njp.anderson [at] icloud [dot] com> | |
# | |
# This script is provided AS-IS and no warranty is implied. You use this file | |
# AT YOUR OWN RISK and I cannot be held responsible if it damages, corrupts, | |
# deletes or otherwise compromises your server or the filesystem within it. | |
# Please exersize caution when running shell scripts as they may contain | |
# potentially destructive commands, and ONLY run them if you are confident in | |
# their contents and intended purpose. | |
if [ $# -eq 0 ]; then | |
echo "./wordpress-permissions.sh [ftp-user] [/path/to/wordpress/root]" | |
exit 1 | |
fi | |
WP_OWNER=$1 # <-- ftp owner | |
WP_GROUP=$1 # <-- ftp group | |
WP_ROOT=$2 # <-- wordpress root directory | |
WS_GROUP=www-data # <-- webserver group | |
# reset to safe defaults | |
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \; | |
find ${WP_ROOT} -type d -exec chmod 755 {} \; | |
find ${WP_ROOT} -type f -exec chmod 644 {} \; | |
# allow wordpress to manage wp-config.php (but prevent world access) | |
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php | |
chmod 660 ${WP_ROOT}/wp-config.php | |
# allow wordpress to manage wp-content | |
chgrp ${WS_GROUP} ${WP_ROOT}/wp-content | |
# allow wordpress to manage wp-content contents (except themes and plugins) | |
find ${WP_ROOT}/wp-content \( -path ${WP_ROOT}/wp-content/themes -o -path ${WP_ROOT}/wp-content/plugins \) -prune -o -exec chgrp ${WS_GROUP} {} \; | |
find ${WP_ROOT}/wp-content \( -path ${WP_ROOT}/wp-content/themes -o -path ${WP_ROOT}/wp-content/plugins \) -prune -o -type d -exec chmod 775 {} \; | |
find ${WP_ROOT}/wp-content \( -path ${WP_ROOT}/wp-content/themes -o -path ${WP_ROOT}/wp-content/plugins \) -prune -o -type f -exec chmod 775 {} \; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Have altered this gist from Michael Conigliaro slightly to replace the blanket write permission in wp-content with a more fine grained set of commands to avoid making themes and plugins writable, as well as editing and simplifying for my own server setup.