How to Set Them Up Properly in 2021 | Cheema Developers Blog

Looking for the optimum WordPress file permissions? Or confused by what file permissions are within the first place and why it is advisable to care about them in any respect?

Both method, we’ve bought the solutions for you on this put up, as a result of we’re going to cowl every little thing it is advisable to find out about WordPress file permissions.

We’ll clarify what file permissions are and why they matter. Then, we’ll inform you the right file permissions for WordPress and present you the right way to modify file permissions through FTP.

📚 Desk of contents:

⚠️ Word – if you happen to already know what file permissions are and also you’re simply searching for the optimum configuration for WordPress, we suggest clicking here to find the optimal permissions.

What are file permissions?

File permissions do just about what the identify says – they management the permissions that several types of customers have for interacting with recordsdata in your web site’s server.

For instance, file permissions management whether or not a selected sort of consumer can edit a sure file or folder in your server.

There are three particular permissions:

  • Learn – having the ability to view/learn the contents of a file with out altering it.
  • Write – having the ability to edit/alter a file.
  • Execute – having the ability to use/execute a file. For instance, operating a script.

File permissions management what “customers” can do, however it’s not fairly like “customers” within the WordPress sense. As a substitute, it’s customers in your internet server, that are normally configured by your internet hosting supplier.

There are three varieties of customers:

  • Proprietor – the entity that’s assigned to be the proprietor of a file or folder.
  • Group – entities which might be members of a gaggle that owns the file or folder.
  • Public – all different customers.

Once more, your internet hosting supplier is the one chargeable for establishing these kind of customers. Should you don’t completely perceive, that’s positive. Non-developers don’t actually need to grasp these particulars – we’re simply sharing it as a result of these are phrases that you just’ll see when studying about file permissions.

In whole, you’ll have 9 totally different permission configurations as a result of there are three varieties of customers and every sort of consumer has three potential permissions:

  • Proprietor can learn, write, and/or execute.
  • Group can learn, write, and/or execute.
  • Public can learn, write, and/or execute.

While you configure your website, you’ll sometimes give the Proprietor probably the most permissions, adopted by Group, after which Public ought to all the time have the fewest permissions.

For instance, a typical configuration for WordPress recordsdata is as follows:

  • Proprietor can learn and write.
  • Group can learn.
  • Public can learn.

Why do WordPress file permissions matter?

Having the right WordPress file permissions is vital for the safety and functioning of your website.

Should you make your file permissions too permissive, that may be a safety situation as a result of folks may have the ability to modify or execute recordsdata/folders that they shouldn’t have entry to. For instance, they may use this to insert malicious code in your website.

However on the identical time, if you happen to make your file permissions too restrictive, your website won’t have the ability to perform correctly. If sure customers can’t even learn recordsdata in your server, your WordPress website gained’t work.

For instance, file permissions which might be too strict can typically trigger points with WordPress plugins as a result of the plugin won’t be allowed to change sure recordsdata that it must edit.

For that cause, you’ll sometimes give file customers some permissions, however not all.

Does everybody have to set their file permissions?

Truthfully, no. Most individuals won’t ever have to work together with WordPress file permissions.

Why? As a result of if you happen to choose a quality WordPress hosting provider, they need to routinely configure WordPress to make use of the optimum file permissions for that host’s atmosphere.

I’ve been utilizing WordPress for over a decade and I’ve by no means wanted to manually mess with file permissions. It’s because I’ve all the time relied on my host to do issues for me.

Nonetheless, that doesn’t imply there aren’t conditions the place you may have to make a tweak. Issues can get tousled in bizarre methods and checking file permissions is a crucial step in troubleshooting a lot of issues, comparable to the “403 Forbidden” error.


  • Should you’re utilizing high-quality WordPress internet hosting and also you don’t have a selected cause to consider your file permissions, you most likely don’t have to do something.
  • Should you’re attempting to debug a sure situation/error otherwise you not too long ago migrated a site from a local development environment to dwell internet hosting, you may have to manually dig into your website’s file permissions.

What do the totally different numbers in file permissions imply?

File permissions are sometimes represented by a sequence of three numbers – e.g. 644. You may also see letters and dashes like rw-rw-r--, however that format is much less frequent.

Every digit within the three-number sequence corresponds to a selected sort of consumer:

  • First digit – Proprietor.
  • Second digit – Person accounts within the proprietor’s teams.
  • Third digit – Public.

Then, every motion is assigned a quantity:

  • Learn – 4
  • Write – 2
  • Execute – 1

The quantity in every digit place is then the sum of the actions that that sort of consumer can carry out. For instance, if the quantity within the first digit is “6”, that implies that the Proprietor (first digit) can Learn (4) and Write (2) … 4+2 is 6 which is why the digit is 6.

If a sure sort of consumer has all permissions, the quantity could be 7 (4+2+1).

This is the reason 777 is probably the most permissive mode. It implies that all three varieties of customers can carry out all three actions.

Nonetheless, you need to just about by no means set any WordPress file permissions to 777. It’s an enormous safety threat – except you completely know what you’re doing, you need to by no means set any file or folder to 777.

What are the right WordPress file permissions?

Now that you just perceive what file permissions are, let’s go over the optimum configuration for WordPress.

However first – I have to specify that a few of this relies on your internet hosting supplier and the way your host has configured your server.

When unsure, we suggest all the time following the recommendation of your host as they’ll have a greater understanding of the optimum configuration for his or her atmosphere.

With that being stated, the file permissions that we’ll share beneath ought to work for the overwhelming majority of WordPress websites.

We’ll cowl the optimum file permissions for 4 totally different areas:

  • WordPress recordsdata
  • WordPress folders
  • wp-config.php
  • .htaccess

The final two recordsdata are delicate, which is why they deserve particular consideration.

WordPress file permissions

All WordPress recordsdata ought to have 644 file permissions, with the potential exception of the 2 recordsdata that we’ll single out beneath.

WordPress folder permissions

All WordPress folders ought to have 755 file permissions.

WordPress wp-config.php file permissions

Your website’s wp-config.php file is among the most sensitive WordPress files, so it deserves some additional consideration.

Nonetheless, the optimum wp-config.php file permissions could be a little difficult as a result of it relies on how your host has configured issues.

Some hosts will configure the wp-config.php file to be 644 like different WordPress recordsdata. That is true of some popular managed WordPress hosts that I’ve examined.

Nonetheless, the official WordPress Codex recommends 440 or 400 for the wp-config.php file. Some specialists, like iThemes Safety, suggest 444, and others 640 or 600.

Principally, you’ll see a number of totally different choices right here. When unsure, it’s all the time a good suggestion to ask in your host’s suggestion based mostly on their particular configuration. Or, simply begin with 440 or 400.

WordPress .htaccess file permissions

The .htaccess file is one other vital configuration file that you may want additional prohibit entry to.

As with the wp-config.php file, some hosts will configure the .htaccess file to be 644 like different WordPress recordsdata. That is additionally the configuration beneficial by the Codex, so it’s a great place to start out. It’s because a number of plugins want to write down to the .htaccess file, together with many caching plugins.

Nonetheless, some specialists, comparable to iThemes Safety, suggest utilizing 444 as an alternative. Simply take into account that if you happen to use 444 your plugins gained’t have the ability to write to .htaccess, which could trigger points.

How you can change file permissions

Now that what the file permissions needs to be, let’s cowl how one can go and truly change your WordPress file permissions.

The best solution to change WordPress file permissions is to make use of FTP and your favourite FTP consumer – I like FileZilla as a result of it’s free and open-source. In case your host makes use of cPanel, you can even use cPanel File Supervisor. Nonetheless, I’m going to concentrate on the FTP methodology on this part.

To get began, you’ll need to hook up with your WordPress website’s server utilizing FTP. Should you’re unsure how to try this, check out our full guide to WordPress FTP.

The interface screenshots beneath are based mostly on FileZilla – it could be a bit totally different in different FTP purchasers.

When you’ve related, navigate to the folder that accommodates your WordPress website. This would be the identical folder that accommodates the wp-admin and wp-content folders.

To edit file permissions, right-click on a number of recordsdata or folders and select the File Permissions choice. For instance, if you happen to right-click on the wp-content folder, you’ll be able to see that its permissions are 755, which is what you need.

Should you wanted to edit the permissions, you can simply enter the numbers within the Numeric worth field and click on OK:

Changing WordPress file permissions with FileZilla

That will help you save time, FileZilla offers you an choice to Recurse into subdirectories. Primarily, this allows you to apply the identical file permissions to the entire recordsdata and folders inside the listing that you just’ve chosen.

Nonetheless, keep in mind that WordPress recordsdata and folders ought to have totally different file permissions, so be sure to use the sub-options to Apply to recordsdata solely or Apply to directories solely.

For instance, to immediately set the right file permissions for your entire folders, you can:

  1. Choose the entire folders.
  2. Proper-click and select File Permissions.
  3. Enter 755.
  4. Choose Recurse into subdirectories.
  5. Choose Apply to directories solely (so that you just don’t change the file permissions for recordsdata contained in the folders that you just’ve chosen).
  6. Click on OK.
Using the recurse into subdirectories feature

That can allow you to immediately apply 755 permissions to the entire folders in your server. You should use the identical thought to use 644 permissions to all recordsdata.

Get your WordPress file permissions sorted right this moment

Having the right WordPress file permissions is vital for the safety and functioning of your website. With that being stated, most high quality WordPress hosts deal with configuring file permissions for you, so that you don’t normally want to vary them your self.

You might need conditions the place you do, although, which is why we went over the optimum WordPress file permissions on this put up and confirmed you the right way to change them utilizing FileZilla and FTP.

For another methods to safe your WordPress website, try our posts with the key WordPress security tips and the best WordPress security plugins.

Do you continue to have any questions on WordPress file permissions? Tell us within the feedback part and we’ll attempt to assist.

Free information

5 Important Tricks to Velocity Up
Your WordPress Website

Cut back your loading time by even 50-80%
simply by following easy ideas.

#Set #Correctly