Want to know how to Set correct file permissions for WordPress files and folders ?
Setting up correct file permissions in WordPress is really necessary to prevent your blog or website from unethical practices and hackers.
What is the risk?
If your files permissions are weak or vulnerable then there are chance that sooner or later you will loose at-least a part of your website or complete website in worst cases. There are hackers around the world looking for every single opportunity prove themselves better or get into any website they can, they might steal your data and you won’t even know that or they might completely break your website.
Correct file permissions is the solution.
If you have correct file permissions setup to your WordPress then there are fair chances that you will never have to face any of the hackers attack.
/: root folder should have write permissions only by user account but
.htaccess: should have write permissions by apache if your are allowing automatic or default setting for rewrite rules.
/wp-content: folder should have write permission by the users and web server processes.
/wp-admin/: This contains admin section files and should only be writeable by user account.
/wp-includes/: This contains all the system files and should only be writeable by user account.
/wp-content/themes/: If you are using built-in theme editor then all files need to be writable by the web server processes. If you are not using the built-in theme editor then all files can be writable only by your user account
/wp-content/plugins/: Should only be editable by user account.
- All other files and directory under
/wp-contentshould haver permissions recommended by the plugins and themes you are using.
Code for changing file permissions
chown www-data:www-data -R * // to make files editable by web server processes. chown : -R * # Let your useraccount be owner to edit files chown www-data:www-data wp-content # Let apache(web server precesses) be owner of wp-content
Feel free to comment is you have any query or suggestion.