MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

How to Set-up File System Permissions and Ownerships for Wordpress?

Published on 09 June 15
354
0
1
How to Set-up File System Permissions and Ownerships for Wordpress? - Image 1

Security of your website is of utmost importance! It is a critical parameter that will keep all the trouble makers at bay. Whenever you think of security, the first thing that comes to your mind would be a security plug-in probably. Nobody gives a second thought to file system permissions and ownership settings, which are critical too. You set privileges and give some rights to a few people within the organization with this setting. When considering security, you cannot forget this element.

Ideally, after installing Wordpress, setting this up should be your first task. You need to be careful when setting the permissions, as setting the wrong permissions can also stem issues. You could cause your website to go blank, or make it vulnerable. In case, you are suffering from a dead website, or one which is receives issues whenever you try to upload images or content, then it is time you change the permissions and ownership.

Some Concepts
Before moving on to file permissions and ownership settings, you need to understand two basic concepts: users and groups as well as the difference between FTP and Terminal

FTP Client & Terminal
Whenever you want to change the user permissions and ownership, you will use terminal. The reason being while FTP can be used to transfer files or change file and folder permissions, you will see that it poses limitations and restrictions when changing the ownerships settings. You will need to be logged into your server using SSH command if you want to use the commands mentioned here.

Users and User Groups
User is basically the one who will access the computer while the groups would be an identifier for the set of users defined within. So, whenever you transfer files using FTP, you are accessing the computer as a user while on the server you fall into one of the several groups, as per the account defined on that PC. Conceptually, both user and groups mean the same thing, except they are identified across two different servers. This concept helps define the privileges. Owners might run all the privileges while the users for different groups have select privileges.

File Permissions: Introduction
File permissions are basically indication of what a particular user can do with the file available on their system. A set of numbers are used to define the permissions. Need to change permissions to a particular file occurs when using plug-ins. There will be some plug-ins that demand change in the permissions so that they are able to work with the particular file. The numbers are indication of who can do what using the system with the file.

First Digit: What the user of the file can do with the file

Second Digit: what others users within the owner's user group can do

Third Digit: What everyone else can do

It is important to define the user privileges and set permissions accordingly. Make sure you make a systematic procedure.

How to Change Permission Modes?
When working with FTP, you will find yourself facing an interface that allows you to set the permission rights for the different users. In case, you have access to the server terminal, you can use chmod command and accordingly change the permission mode of a particular file/folder
sudo chmod 644 <file>

In case you want to change the permission of all the files and folders available on your server, then you should use a combination of chmod and find command. Let's say you want to change permission for all the files on 644

sudo find . -type f -exec chmod 644 {} +

in case you are working with all folders written to 775, here's your code

sudo find . -type d -exec chmod 755 {} +

644 vs 777

It is important to understand permission modes

Let's decode the PHP script for 644
  • Owner's Privileges: "read" (4) + "write" (2) = 6
  • Owner's Group Privileges: "read" (4) = 4
  • Everyone Else's Privileges: "read" (4) = 4


Similarly, let's decode the PHP script for 777

    • Owner's privileges: "read" (4) + "write" (2) + "execute" (1) = 7
    • Owner's Group Privileges: "read" (4) + "write" (2) + "execute" (1) = 7
    • Everyone Else's Privileges: "read" (4) + "write" (2) + "execute" (1) = 7

The basic meaning of this 777 permission mode is that anyone can create, modify and execute a list on any file in any folder. This can make your website vulnerable.

Configuring the Wordpress Server
Before you proceed with configuring the server, you need to understand how the server is being setup. It is important to understand which server configuration suits your website needs the best. Here are two of the most common configuration settings:

Standard Server: you have one user account, while the web server presents itself as another user account

Shared Server Configuration: you have a user account; others having their user accounts but sharing your server may share the same group and the web server runs as the owner of your Wordpress accounts.

Now, that you know the two different configuration, let's set permissions for the server

Permissions for Standard Server
Before you set permissions to the files and folders, you will need to make sure that your user account is the owner of all the files and folders as well as the fact that the user account as well as the web server account are within the same group.


echo exec( 'groups' );

This code helps you to know if the web server is added to the same user group or not. In case they don't belong to the same group, add the two to the same group with the code below

sudo usermod -a -G <a-common-group-name> myuser

to make sure that all the changes belong to the user account and also includes the shared group that you have just added, use the following code

sudo find . -exec chown myuser:a-common-group-name {} +

Setting Permissions for Wordpress

It is time to set permissions for the different files and folders. You should ideally remember this simple formula to help set the permissions

Files should be set to 644

Folders should be set to 775

wp-config.php should be set to 660

You are basically setting the following parameters with this
  • The different user accounts can read and modify any files
  • Wordpress using the web server can read and modify the scripts
  • Wordpress can create, modify or delete the files and folders
  • Other users cannot see the database credentials within wp-config.php


If you don't want to give full privileges, or want to tweak the permissions, here's a code that you can use to do so


sudo find . -type f -exec chmod 664 {} +
sudo find . -type d -exec chmod 775 {} +
sudo chmod 660 wp-config.php

The settings change for shared server

Files at 644
Folders at 775
wp-config.php at 600

The permissions thus granted are
  • User account may read as well as modify the different files
  • Wordpress using the web server can read and modify the scripts
  • Wordpress can essentially create, delete and modify the files and folders
  • Other users cannot see the credentials within wp-config.php


In case you want to change any of the credentials within the Wordpress directory, here's a code you can possibly use


sudo find . -type f -exec chmod 644 {} +
sudo find . -type d -exec chmod 755 {} +
sudo chmod 600 wp-config.php






























































































How to Set-up File System Permissions and Ownerships for Wordpress? - Image 1

Security of your website is of utmost importance! It is a critical parameter that will keep all the trouble makers at bay. Whenever you think of security, the first thing that comes to your mind would be a security plug-in probably. Nobody gives a second thought to file system permissions and ownership settings, which are critical too. You set privileges and give some rights to a few people within the organization with this setting. When considering security, you cannot forget this element.

Ideally, after installing Wordpress, setting this up should be your first task. You need to be careful when setting the permissions, as setting the wrong permissions can also stem issues. You could cause your website to go blank, or make it vulnerable. In case, you are suffering from a dead website, or one which is receives issues whenever you try to upload images or content, then it is time you change the permissions and ownership.

Some Concepts
Before moving on to file permissions and ownership settings, you need to understand two basic concepts: users and groups as well as the difference between FTP and Terminal

FTP Client & Terminal
Whenever you want to change the user permissions and ownership, you will use terminal. The reason being while FTP can be used to transfer files or change file and folder permissions, you will see that it poses limitations and restrictions when changing the ownerships settings. You will need to be logged into your server using SSH command if you want to use the commands mentioned here.

Users and User Groups
User is basically the one who will access the computer while the groups would be an identifier for the set of users defined within. So, whenever you transfer files using FTP, you are accessing the computer as a user while on the server you fall into one of the several groups, as per the account defined on that PC. Conceptually, both user and groups mean the same thing, except they are identified across two different servers. This concept helps define the privileges. Owners might run all the privileges while the users for different groups have select privileges.

File Permissions: Introduction
File permissions are basically indication of what a particular user can do with the file available on their system. A set of numbers are used to define the permissions. Need to change permissions to a particular file occurs when using plug-ins. There will be some plug-ins that demand change in the permissions so that they are able to work with the particular file. The numbers are indication of who can do what using the system with the file.

First Digit: What the user of the file can do with the file

Second Digit: what others users within the owner's user group can do

Third Digit: What everyone else can do

It is important to define the user privileges and set permissions accordingly. Make sure you make a systematic procedure.

How to Change Permission Modes?
When working with FTP, you will find yourself facing an interface that allows you to set the permission rights for the different users. In case, you have access to the server terminal, you can use chmod command and accordingly change the permission mode of a particular file/folder

sudo chmod 644

In case you want to change the permission of all the files and folders available on your server, then you should use a combination of chmod and find command. Let's say you want to change permission for all the files on 644

sudo find . -type f -exec chmod 644 {} +

in case you are working with all folders written to 775, here's your code

sudo find . -type d -exec chmod 755 {} +

644 vs 777

It is important to understand permission modes

Let's decode the PHP script for 644
  • Owner's Privileges: "read" (4) + "write" (2) = 6
  • Owner's Group Privileges: "read" (4) = 4
  • Everyone Else's Privileges: "read" (4) = 4


Similarly, let's decode the PHP script for 777

    • Owner's privileges: "read" (4) + "write" (2) + "execute" (1) = 7
    • Owner's Group Privileges: "read" (4) + "write" (2) + "execute" (1) = 7
    • Everyone Else's Privileges: "read" (4) + "write" (2) + "execute" (1) = 7
The basic meaning of this 777 permission mode is that anyone can create, modify and execute a list on any file in any folder. This can make your website vulnerable.

Configuring the Wordpress Server
Before you proceed with configuring the server, you need to understand how the server is being setup. It is important to understand which server configuration suits your website needs the best. Here are two of the most common configuration settings:

Standard Server: you have one user account, while the web server presents itself as another user account

Shared Server Configuration: you have a user account; others having their user accounts but sharing your server may share the same group and the web server runs as the owner of your Wordpress accounts.

Now, that you know the two different configuration, let's set permissions for the server

Permissions for Standard Server
Before you set permissions to the files and folders, you will need to make sure that your user account is the owner of all the files and folders as well as the fact that the user account as well as the web server account are within the same group.

echo exec( 'groups' );

This code helps you to know if the web server is added to the same user group or not. In case they don't belong to the same group, add the two to the same group with the code below

sudo usermod -a -G myuser

to make sure that all the changes belong to the user account and also includes the shared group that you have just added, use the following code

sudo find . -exec chown myuser:a-common-group-name {} +

Setting Permissions for Wordpress

It is time to set permissions for the different files and folders. You should ideally remember this simple formula to help set the permissions

Files should be set to 644

Folders should be set to 775

wp-config.php should be set to 660

You are basically setting the following parameters with this
  • The different user accounts can read and modify any files
  • Wordpress using the web server can read and modify the scripts
  • Wordpress can create, modify or delete the files and folders
  • Other users cannot see the database credentials within wp-config.php


If you don't want to give full privileges, or want to tweak the permissions, here's a code that you can use to do so

sudo find . -type f -exec chmod 664 {} +
sudo find . -type d -exec chmod 775 {} +
sudo chmod 660 wp-config.php

The settings change for shared server

Files at 644
Folders at 775
wp-config.php at 600

The permissions thus granted are
  • User account may read as well as modify the different files
  • Wordpress using the web server can read and modify the scripts
  • Wordpress can essentially create, delete and modify the files and folders
  • Other users cannot see the credentials within wp-config.php


In case you want to change any of the credentials within the Wordpress directory, here's a code you can possibly use

sudo find . -type f -exec chmod 644 {} +
sudo find . -type d -exec chmod 755 {} +
sudo chmod 600 wp-config.php

This blog is listed under Open Source and Development & Implementations Community

Related Posts:
Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top