Server File Permissions
On computer filesystems, different files and directories have permissions that specify who and what can read, write, modify and access them. This is important because
Permission Modes
7 7 7 user group world r+w+x r+x r+x 4+2+1 4+0+1 4+0+1 = 755
The permission mode is computed by adding up the following values for the user, the file group, and for everyone else. The diagram shows how.
- Read 4 – Allowed to read files
- Write 2 – Allowed to write/modify files
- eXecute1 – Read/write/delete/modify/directory
7 7 4 user group world r+w+x r r 4+2+1 4+0+0 4+0+0 = 644
Example Permission Modes
Mode | Str Perms | Explanation |
---|---|---|
0477 | -r–rwxrwx | owner has read only (4), other and group has rwx (7) |
0677 | -rw-rwxrwx | owner has rw only(6), other and group has rwx (7) |
0444 | -r–r–r– | all have read only (4) |
0666 | -rw-rw-rw- | all have rw only (6) |
0400 | -r——– | owner has read only(4), group and others have no permission(0) |
0600 | -rw——- | owner has rw only, group and others have no permission |
0470 | -r–rwx— | owner has read only, group has rwx, others have no permission |
0407 | -r—–rwx | owner has read only, other has rwx, group has no permission |
0670 | -rw-rwx— | owner has rw only, group has rwx, others have no permission |
0607 | -rw—-rwx | owner has rw only, group has no permission and others have rwx |
Permission Scheme for WordPress
All files should be owned by your user account on your web server, and should be writable by your username. Any file that needs write access from WordPress should be group-owned by the user account used by the webserver. For example, you may have a user account that lets you FTP files back and forth to your server, but your server itself may run using a separate user, in a separate usergroup. A user such as dhapache or nobody.
The file and folder permissions of wordpress should be the same for most users, depending on the type of installation you performed and the umask settings of your system environment at the time of install.
For core WordPress files, all should be writable only by your user account. However, if you utilize mod_rewrite Permalinks or other .htaccess features you should make sure that WordPress can also write to your /.htaccess
file.
If you want to use the built-in theme editor, all files need to be group writable. Try using it before modifying file permissions, it should work.
Some plugins require the /wp-content/ folder be made writeable, but in such cases they will let you know during installation. In some cases, this may require assigning 755 permissions or higher (e.g. 777 on some hosts). The same is true for /wp-content/cache/
and maybe /wp-content/uploads/
Additional directories under /wp-content/ should be documented by whatever plugin / theme requires them. Permissions will vary.
/ |- index.php |- wp-admin | `- wp-admin.css |- wp-blog-header.php |- wp-comments-post.php |- wp-commentsrss2.php |- wp-config.php |- wp-content | |- cache | |- plugins | |- themes | `- uploads |- wp-cron.php |- wp-includes `- xmlrpc.php