Overview
This article presents how to set the correct permissions for files within a WordPress installation.
But first...
Only Nexcess Cloud clients have SSH access by default. If you are a Nexcess Classic (non-Cloud) client, first see How to enable SSH access.
Changing permissions
One of the first items to consider is the hosting environment for your site. If you are running Linux, there are two main environments:
The Linux permissions for all files in your WordPress base directory should be set to readable and writable by the owning user (you), and readable only by everyone else. This creates a baseline where the web server can read all files. It will need read access in order to serve static content like images, CSS and Javascript files. Unlike the method above we will be adjusting script permissions to be more stringent later on.find </path/to/wordpress> -type f \-exec chmod 644 {} \;
If possible, the permissions for all files should be set to read and writable to your user, readable by the group, and no permissions for others. In some instances this may cause issues with other software or plugins, but it is possible to restrict these permissions in some instances. find </path/to/wordpress> -type f \-exec chmod 640 {} \;
Change the Linux permissions for all directories in your Magento base directory to listable, file editable, and navigable for the owning user and simply navigable for everyone else. find </path/to/wordpress> -type d \-exec chmod 711 {} \;
In some cases you may find that some plugins require the wp-content folder to be made writeable. Change the permissions of the wp-content folder and all sub folders. find </path/to/wordpress/wp-content/> -type d \-exec chmod 755 {} \;
Lockdown permissions for all PHP scripts so that only your user can read them. This is ideal because only your user should need to know the contents of scripts. find </path/to/wordpress> -type f -name “*.php” \-exec chmod 600 {} \;
777 permissions
You may see instructions for web-based software that states that files must be set to 777 permissions, read/write/execute permissions to all. This may be necessary for some directories, but is rarely the case for files. Permissions of 666, read/write permissions for all, are adequate in these cases if more strict permissions cannot be set. Configuring the 777 permissions sets the execute bit for files as well which most web servers that do not require it in most cases. In many cases a plugin may require more open permissions. Read the plug-in’s documentation or contact the developer to inquire about required permissions
For further reading about WordPress file permissions, visit the WordPress website.
For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal.
Our award-winning customer care team is here for you.
Contact Support