Modify the Directory Permissions
Each file and directory in a file system on your server has permissions. The most common Permission Scheme is as follows:
- Read: Permission to read the file
- Write: Permission to write/change the file
- Execute: Permission to run the file
In the web world there are no executable files to Run, so the most important permission settings are Read and Write permissions. There are also user groups which can own the ability to write or read in servers. They are categorized often as:
- User: The owner of the file or directory
- Group: The group of users that the owner of the file or directory is in
- World: All users including guests
Those user groups and specific permissions that we can grant to them are decided with the combination of numbers in most systems. For more detailed information click here. The best permission combination for WordPress is 755 for Folders and 644 for files.
Permissions will be different from host to host, so this guide only details general principles. It cannot cover all cases. Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared hosts, files should never be owned by the webserver process itself (sometimes this is www, or apache, or nobody user).
Any file that needs write access from WordPress should be owned or group-owned by the user account used by the WordPress (which may be different to the server account). For example, you may have a user account that lets you FTP files back and forth to your server, but your server itself may run using a separate user, in a separate user group, such as dhapache or nobody. If WordPress is running as the FTP account, that account needs to have write access, i.e. be the owner of the files, or belong to a group that has write access. In the latter case, that would mean permissions are set more permissively than default (for example, 775 rather than 755 for folders, and 664 instead of 644).
The file and folder permissions of WordPress should be the same for most users, depending on the type of installation you performed and the settings of your system environment at the time of install.
Modifying Files and Directory Permissions Using the Hosting Control Panel
The best way to change permissions is to use the Control Panel that your hosting service provider gives you. For more information on how to change the file and directory permissions on cPanel click here. For Plesk information click here. If your hosting service provider uses other systems you need to consult with your hosting service provider.
Modifying Files and Directory Permissions Using the FTP Client
An alternative way to change file and directory permissions is to use your FTP client software. Filezilla is a popular client software for FTP access. To change file permissions using that software you need to select the files, right click and select the permission change menu. For more information click here. There are plenty of other clients you can use and to change the permissions you need to consult with their documentation.
We recommend to set the folder permissions to 755 and file permissions to 644 to gain a better security. But sometimes, the website needs to have the FTP credentials to interact with the files. In those cases, we recommend you to add these lines in wp-config.php and change the “username”, “password” and the “hostname” as your correct FTP credentials. If you are using SFTP, please change the FTP_SSL to true.
define( ‘FS_CHMOD_DIR’, ( 0755 & ~ umask() ) );
define( ‘FS_CHMOD_FILE’, ( 0755 & ~ umask() ) );
define(‘FTP_CONTENT_DIR’, __DIR__ .’/wp-content/’);
define(‘FTP_PLUGIN_DIR’, __DIR__ .’/wp-content/plugins/’);