WordPress powers around 35% of the websites on the Internet. It is an open-source project so everyone knows about its files and folder structures. Due to its popularity and open-source behavior, WordPress powered website becomes the main target for attackers. There are several ways to protect your website from being hacked. One of them is setting correct permissions to the files and folders, so no one can access the file system apart from valid users.
You must check your WordPress project’s file system and if the wrong permissions are set for your files or folders, you must modify its permissions without any further delay.
Keeping the wrong WordPress file permissions would exploit your website for hackers. Hackers can take the benefit of wrongly configured file permissions.
Correct File and Folder Permissions in WordPress
To protect your files, you should keep recommended permissions for files and folders of your WordPress project.
- For all folders and subfolders, permission should be 755 or 750.
- All files should have permission set to 644 or 640 except
wp-config.php
file. - 440 or 400 permission for
wp-config.php
file.
If you keep 644 or 640 permission to wp-config.php
then you are giving read access to other users on a server. Don’t do it. Always keep 440 or 400 permission to wp-config.php
.
Set Correct Permissions using FileZilla
One can set the permissions to their files and directories using FileZilla software. Connect your project with this FTP client. Once connected, go to the root directory of your project.
Select all directories, right-click and then click on File permissions.
After clicking on File permissions, a new dialog box appears. Type 755 in the numeric value field. Select the checkbox for ‘Recurse into subdirectories’ and then choose the option for ‘Apply to directories only’. Click on the OK button and your FTP client would start to set permissions 755 for all your folders and sub-folders. Wait for a few moments until the process is finished.
After completing the folder’s permissions let’s change file permissions. Again, select all files and folders from the root folder. Right-click and select the File permissions.
The file permissions dialog box would appear. This time enter 644 in the numeric value field. Select the checkbox for ‘Recurse into subdirectories’ and then choose the option for ‘Apply to files only’.
Click the OK button. Now your FTP client will set 644 permissions to all files inside your folders and sub-folders.
In the same way, modify the permission for wp-config.php
file. While changing permission for wp-config.php
, you just need to enter 440 or 400 in the numeric field and hit the OK button.
Set Correct Permissions using Shell Access
If you have shell access to your server then by running a few commands you can set the permissions to your files and folders.
Change folder permissions to 755 by running the below command.
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;
To change file permissions to 644, run the command as follows.
find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;
Let’s say in my case, /path/to/your/wordpress/install/ will be replaced by /var/www/html/ so the commands are:
find /var/www/html/ -type d -exec chmod 755 {} \; find /var/www/html/ -type f -exec chmod 644 {} \;
In the above commands, ‘-type d’ for directories and -type f for files.
Note: Never give 777 permission to any file or directory. If any file has 777 permission that means the file is readable, writable, and executable by everyone.
I hope you understand how to set correct files and folders permissions in WordPress. Please share your thoughts and suggestions in the comment section below.
Related Articles
- How To Disable File Editor in WordPress
- How to use WordPress Nonce
- How To Protect WordPress Against Brute-Force Attack
If you liked this article, then please subscribe to our YouTube Channel for video tutorials.
Thanks a lot. Was exactly what I was searching for!