What are the correct file permission for WordPress site?

The WordPress setup is straightforward and simple. The beginners or the novice in WordPress can grasp this quickly. Once WordPress is properly set up it is also important to set the correct file permissions.

This file permission means what will be the permission of the files or what will be the permissions of the folder. Who will be the owner of the file/directory? Is that root user or the webserver (apache2, Nginx)?

The file permission needs to be properly set otherwise many damages can happen. If the world has the execute permission to all WordPress files or folder that will be vulnerable.

Following is the correct file and folder permission of WordPress file system.

chown www-data:www-data  -R * # Let Apache be owner
find . -type d -exec chmod 755 {} \;  # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \; 

If we want to tighten the file permission, according to Hardening WordPress, all files except for wp-content should be writable by our user account. wp-content must be writable by the webserver.

chown :  -R * # Let your useraccount be owner
chown www-data:www-data wp-content # Let apache be owner of wp-content


Correct file permissions for WordPress

Changing File Permissions