What are the correct file permission for WordPress site?

The WordPress setup is straightforward and simple. The beginners or the novice in WordPress can grasp this quickly. Once WordPress is properly set up it is also important to set the correct file permissions.

This file permission means what will be the permission of the files or what will be the permissions of the folder. Who will be the owner of the WordPress files/directories? Is that the root user or the web server (apache2, Nginx)?

The file permission needs to be properly set otherwise many damages can happen. If the world has the execute permission to all WordPress files or folders that will be vulnerable.

Following is the correct file and folder permission of WordPress file system.

# Let Apache be owner
chown www-data:www-data  -R * 

# Change directory permissions rwxr-xr-x
find . -type d -exec chmod 755 {} \; 
find . -type f -exec chmod 644 {} \; 

If we want to tighten the file permission, according to Hardening WordPress, all files except for wp-content should be writable by system user (SSH, FTP etc) account. wp-content must be writable by the webserver.

# Let your useraccount be owner
chown <username>:<username>  -R * 

# Let apache be owner of wp-content
chown www-data:www-data wp-content 

755 or 644 means what?

The number 755 or 644 are composed combining following numbers. Each number indicates different access level.

  • 0 – No access
  • 1 – Execute
  • 2 – Write
  • 4 – Read
  • 3 – (2+1) Write and execute
  • 5 – (4+1) Read and execute
  • 6 – (4+2) Read and write
  • 7 – (4+3) Read, write and execute