WordPress File & Folder Security Permissions

What are the correct file and folder permissions for WordPress to ensure security and a fully functional website?


What are the correct file and folder permissions for WordPress to ensure security and a fully functional website?

Incorrect file permissions are one of the leading causes of website security breaches. Allowing “world writeable” files can lead to an attacker injecting code or overwriting a file completely. Settings that are too restrictive however, can break your WordPress install. So getting them right is really important to say the least.

Here’s the permissions WordPress requires:

  • 644
    
All PHP files
  • 755
    All folders

Here’s a few handy command line commands speed up the process and recursively make the permission changes for you.

find ./ -type f -exec chmod 644 {} \;
find ./ -type d -exec chmod 755 {} \;

For more information on WordPress permissions and FTP Client options checkout WordPress.org:

https://wordpress.org/support/article/changing-file-permissions/

Even more secure

To take things to another level you can secure your wp-config.php file even further. This is the most sensitive file in the entire WordPress install and contains passwords to your database. You can use the following to lock it down even further:

  • 440
    wp-config.php

Be careful when using this however, as it will make the file only readable for even the owner of the file, which is you. So to make any changes you’ll first have to change the permissions to 640.

Stay Informed

Subscribe to our newsletter for updates and upcoming releases. We won't share your information. Period.