{"id":3426,"date":"2024-05-23T17:56:17","date_gmt":"2024-05-23T12:26:17","guid":{"rendered":"https:\/\/www.veeble.org\/kb\/?p=3426"},"modified":"2025-04-09T12:43:14","modified_gmt":"2025-04-09T07:13:14","slug":"correct-permissions-for-wordpress-files-and-directories","status":"publish","type":"post","link":"https:\/\/www.veeble.com\/kb\/correct-permissions-for-wordpress-files-and-directories\/","title":{"rendered":"Correct Permissions for WordPress Files and Directories"},"content":{"rendered":"\n
\n
\"Correct<\/a><\/figure>\n<\/figure>\n\n\n\n

Setting the right file permissions for your WordPress files and directories is crucial for maintaining its security and functionality. Incorrect permissions can leave your site vulnerable to hackers or cause issues with running WordPress. This guide will walk you through the correct permissions for WordPress files and directories via cPanel and Linux shell.<\/p>\n\n\n\n

Before you read this tutorial, please checkout: Linux Permissions Explained<\/a><\/pre>\n\n\n\n
<\/p>\n\n\n
WordPress Directories<\/h4>\n\n\n
For WordPress directories, the recommended permission is 755<\/strong>.
In other words; the owner can read, write, and execute. The group<\/a> and other users can read and execute.<\/p>\n\n\n\n
\nhttps:\/\/www.veeble.org\/kb\/what-do-chmod-755-644-and-others-mean\n<\/div><\/figure>\n\n\n\n
To set this permission for all WordPress directories via Linux shell, you can use the “find command<\/a>“:<\/strong><\/p>\n\n\n\n
find \/path\/to\/your\/wordpress\/ -type d -exec chmod 755 {} \\;<\/code><\/pre>\n\n\n\n
Replace the “\/path\/to\/your\/wordpress\/” with the exact path of your WordPress installation.<\/em><\/p>\n\n\n\n
Example Screenshot:<\/p>\n\n\n\n
\n
\"Using<\/a><\/figure>\n<\/figure>\n\n\n\n
<\/p>\n\n\n\n
To set 755 permission via cPanel;<\/strong>

Locate the “File Manager” option in the “Files” section on your cPanel account followed by navigating to the directory where your WordPress installation is. 
Then right-click on the directory you need to change permission (e.g., wp-content<\/code>, wp-includes<\/code>).
Select “Change Permissions.” from the popup and set the permissions to 755<\/strong>. After all, click “Change Permissions.”<\/p>\n\n\n\n
\n
\"How<\/a><\/figure>\n<\/figure>\n\n\n\n
<\/p>\n\n\n
WordPress Files<\/h4>\n\n\n
For WordPress files, the recommended permission is 644<\/strong>. 
This means the owner can read and write. And group and other users can just read the file.<\/p>\n\n\n\n
To set this permission for all files using a Linux shell, you can use the following command:<\/strong><\/p>\n\n\n\n
find \/path\/to\/your\/wordpress\/ -type f -exec chmod 644 {} \\;<\/code><\/pre>\n\n\n\n
Replace the “\/path\/to\/your\/wordpress\/” with the exact path of your WordPress installation.<\/em><\/p>\n\n\n\n
Example Screenshot:<\/p>\n\n\n\n
\n
\"Using<\/a><\/figure>\n<\/figure>\n\n\n\n
<\/p>\n\n\n\n
In the same way, we changed permissions earlier for a directory in cPanel, a file permission can be also modified in cPanel:<\/strong>

Locate the “File Manager” option in the “Files” section on your cPanel account followed by navigating to the directory where your WordPress installation is. 
Then right-click on the file you need to change permission (e.g., index.php<\/code>).
Select “Change Permissions.” from the popup and set the permissions to 755<\/strong>. After all, click “Change Permissions.”<\/p>\n\n\n\n
\n
\"Change<\/a><\/figure>\n<\/figure>\n\n\n\n
<\/p>\n\n\n
Special Files and Directories<\/h4>\n\n\n
There are some files and directories that need different permission settings in order to work correctly and securely.

wp-config.php<\/strong>

The wp-config.php<\/code> file contains sensitive information about your WordPress installation. It should have stricter permissions.
The recommended permission is 440<\/strong> or 400<\/strong>
That means the User can have read, write, and execute permissions, and group and others lack any permissions.

Use one of the following commands in the Linux shell to set these permissions:<\/p>\n\n\n\n
chmod 440 \/path\/to\/your\/wordpress\/wp-config.php<\/code><\/pre>\n\n\n\n
OR<\/p>\n\n\n\n
chmod 400 \/path\/to\/your\/wordpress\/wp-config.php<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
Uploads Directory<\/strong>

The wp-content\/uploads<\/code> directory might need slightly different permissions to allow file uploads.
Typically, 755<\/strong> should work, but if you encounter issues, you might need to change it to 775<\/strong> which is supposed to give user and group full permissions (read, write, execute) and other users; read and execute.<\/p>\n\n\n\n
chmod -R 775 \/path\/to\/your\/wordpress\/wp-content\/uploads<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n
File and Directory Permissions Table<\/h4>\n\n\n
File\/Directory<\/th>Permission<\/th><\/tr><\/thead>
Root directory (WordPress installation directory : usually public_html)<\/td>755 or 750<\/td><\/tr>
wp-admin<\/td>755<\/td><\/tr>
wp-includes<\/td>755<\/td><\/tr>
wp-content<\/td>755<\/td><\/tr>
wp-content\/themes<\/td>755<\/td><\/tr>
wp-content\/plugins<\/td>755<\/td><\/tr>
wp-content\/uploads<\/td>755<\/td><\/tr>
wp-content\/languages<\/td>755<\/td><\/tr>
wp-content\/mu-plugins<\/td>755<\/td><\/tr>
wp-content\/upgrade<\/td>755<\/td><\/tr>
wp-content\/cache<\/td>755<\/td><\/tr>
.htaccess<\/td>644<\/td><\/tr>
index.php<\/td>644<\/td><\/tr>
wp-config.php<\/td>400 or 440<\/td><\/tr>
wp-cron.php<\/td>644<\/td><\/tr>
wp-load.php<\/td>644<\/td><\/tr>
wp-login.php<\/td>644<\/td><\/tr>
wp-mail.php<\/td>644<\/td><\/tr>
wp-settings.php<\/td>644<\/td><\/tr>
wp-signup.php<\/td>644<\/td><\/tr>
wp-activate.php<\/td>644<\/td><\/tr>
wp-blog-header.php<\/td>644<\/td><\/tr>
xmlrpc.php<\/td>644<\/td><\/tr>
license.txt<\/td>644<\/td><\/tr>
readme.html<\/td>644<\/td><\/tr>
wp-links-opml.php<\/td>644<\/td><\/tr>
wp-trackback.php<\/td>644<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n
By setting these permissions, you ensure that WordPress can manage your media files properly while maintaining security.<\/p>\n\n\n\n
<\/div>\n\n\n\n
Take Control of Your Hosting<\/h3>
Root access, dedicated resources, and scalable solutions. Our KVM VPS puts you in the driver’s seat.<\/p><\/div>
Choose Your Plan<\/path><\/svg><\/a><\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n
Also Read:<\/strong><\/p>\n\n\n\n
\nhttps:\/\/www.veeble.org\/kb\/linux-file-permissions\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"
Setting the right file permissions for your WordPress files and directories is crucial for maintaining its security and functionality. Incorrect permissions can leave your […]<\/p>\n","protected":false},"author":7,"featured_media":8531,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[29,5],"tags":[],"class_list":["post-3426","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","category-linux"],"uagb_featured_image_src":{"full":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/05\/Correct-Permissions-for-WordPress-Files-and-Directories.jpg",1536,1024,false],"thumbnail":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/05\/Correct-Permissions-for-WordPress-Files-and-Directories-150x150.jpg",150,150,true],"medium":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/05\/Correct-Permissions-for-WordPress-Files-and-Directories-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/05\/Correct-Permissions-for-WordPress-Files-and-Directories-768x512.jpg",768,512,true],"large":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/05\/Correct-Permissions-for-WordPress-Files-and-Directories-1024x683.jpg",1024,683,true],"1536x1536":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/05\/Correct-Permissions-for-WordPress-Files-and-Directories.jpg",1536,1024,false],"2048x2048":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/05\/Correct-Permissions-for-WordPress-Files-and-Directories.jpg",1536,1024,false]},"uagb_author_info":{"display_name":"Adrian Antony","author_link":"https:\/\/www.veeble.com\/kb\/author\/adrian\/"},"uagb_comment_info":0,"uagb_excerpt":"Setting the right file permissions for your WordPress files and directories is crucial for maintaining its security and functionality. Incorrect permissions can leave your […]","_links":{"self":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/3426","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/comments?post=3426"}],"version-history":[{"count":23,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/3426\/revisions"}],"predecessor-version":[{"id":7375,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/3426\/revisions\/7375"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/media\/8531"}],"wp:attachment":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/media?parent=3426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/categories?post=3426"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/tags?post=3426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}