How to Set-up File System Permissions and Ownerships for Wordpress?
Ideally, after installing Wordpress, setting this up should be your first task. You need to be careful when setting the permissions, as setting the wrong permissions can also stem issues. You could cause your website to go blank, or make it vulnerable. In case, you are suffering from a dead website, or one which is receives issues whenever you try to upload images or content, then it is time you change the permissions and ownership.
Some Concepts
Before moving on to file permissions and ownership settings, you need to understand two basic concepts: users and groups as well as the difference between FTP and Terminal
FTP Client & Terminal
Whenever you want to change the user permissions and ownership, you will use terminal. The reason being while FTP can be used to transfer files or change file and folder permissions, you will see that it poses limitations and restrictions when changing the ownerships settings. You will need to be logged into your server using SSH command if you want to use the commands mentioned here.
Users and User Groups
User is basically the one who will access the computer while the groups would be an identifier for the set of users defined within. So, whenever you transfer files using FTP, you are accessing the computer as a user while on the server you fall into one of the several groups, as per the account defined on that PC. Conceptually, both user and groups mean the same thing, except they are identified across two different servers. This concept helps define the privileges. Owners might run all the privileges while the users for different groups have select privileges.
File Permissions: Introduction
File permissions are basically indication of what a particular user can do with the file available on their system. A set of numbers are used to define the permissions. Need to change permissions to a particular file occurs when using plug-ins. There will be some plug-ins that demand change in the permissions so that they are able to work with the particular file. The numbers are indication of who can do what using the system with the file.
First Digit: What the user of the file can do with the file
Second Digit: what others users within the owner's user group can do
Third Digit: What everyone else can do
It is important to define the user privileges and set permissions accordingly. Make sure you make a systematic procedure.
How to Change Permission Modes?
When working with FTP, you will find yourself facing an interface that allows you to set the permission rights for the different users. In case, you have access to the server terminal, you can use chmod command and accordingly change the permission mode of a particular file/folder
In case you want to change the permission of all the files and folders available on your server, then you should use a combination of chmod and find command. Let's say you want to change permission for all the files on 644
in case you are working with all folders written to 775, here's your code
644 vs 777
It is important to understand permission modes
Let's decode the PHP script for 644
- Owner's Privileges: "read" (4) + "write" (2) = 6
- Owner's Group Privileges: "read" (4) = 4
- Everyone Else's Privileges: "read" (4) = 4
Similarly, let's decode the PHP script for 777
- Owner's privileges: "read" (4) + "write" (2) + "execute" (1) = 7
- Owner's Group Privileges: "read" (4) + "write" (2) + "execute" (1) = 7
- Everyone Else's Privileges: "read" (4) + "write" (2) + "execute" (1) = 7
The basic meaning of this 777 permission mode is that anyone can create, modify and execute a list on any file in any folder. This can make your website vulnerable.
Configuring the Wordpress Server
Before you proceed with configuring the server, you need to understand how the server is being setup. It is important to understand which server configuration suits your website needs the best. Here are two of the most common configuration settings:
Standard Server: you have one user account, while the web server presents itself as another user account
Shared Server Configuration: you have a user account; others having their user accounts but sharing your server may share the same group and the web server runs as the owner of your Wordpress accounts.
Now, that you know the two different configuration, let's set permissions for the server
Permissions for Standard Server
Before you set permissions to the files and folders, you will need to make sure that your user account is the owner of all the files and folders as well as the fact that the user account as well as the web server account are within the same group.
This code helps you to know if the web server is added to the same user group or not. In case they don't belong to the same group, add the two to the same group with the code below
to make sure that all the changes belong to the user account and also includes the shared group that you have just added, use the following code
It is time to set permissions for the different files and folders. You should ideally remember this simple formula to help set the permissions
Files should be set to 644
Folders should be set to 775
wp-config.php should be set to 660
You are basically setting the following parameters with this
- The different user accounts can read and modify any files
- Wordpress using the web server can read and modify the scripts
- Wordpress can create, modify or delete the files and folders
- Other users cannot see the database credentials within wp-config.php
If you don't want to give full privileges, or want to tweak the permissions, here's a code that you can use to do so
sudo find . -type d -exec chmod 775 {} +
sudo chmod 660 wp-config.php
The settings change for shared server
Files at 644
Folders at 775
wp-config.php at 600
The permissions thus granted are
- User account may read as well as modify the different files
- Wordpress using the web server can read and modify the scripts
- Wordpress can essentially create, delete and modify the files and folders
- Other users cannot see the credentials within wp-config.php
In case you want to change any of the credentials within the Wordpress directory, here's a code you can possibly use
sudo find . -type d -exec chmod 755 {} +
sudo chmod 600 wp-config.php