How to Set File and Folder Permissions in WordPress
WordPress users often come across the term “file and folder permissions” while creating or managing a site. If you are one of the users who don’t fully understand this term, here is a helpful guide to explain file and folder permission, as well as the ways to set them.
Explaining File and Folder Permissions
File and folder permissions represent the level of privileges a WordPress user can have when managing a file or folder. When properly set, they help your WordPress site run smoothly and act as a security feature by preventing unauthorized access, edits or other actions concerning your files and folders. However, when done incorrectly, it can lead to security breaches or errors that may harm your site. These errors include image upload errors, 403 Forbidden error, white screens and many more.
In short, permissions help the server determine which users have the ability to read, write or execute files or folders. More precisely, file permissions include the ability of viewing, editing and running the file as a script, respectively. Folder permissions include viewing the content, adding or removing the files or performing some other actions on the folder.
Each listed action (read, write and execute) has a corresponding number. Not being able to do any of these actions also has a correspondent number. The numbers in question are:
4 – Read
2 – Write
1 – Execute
0 – No access
Permissions given to users are computed as a sum of these 4 numbers. This results in the following combinations:
0 – No access
1 – Execute
2 – Write
3 – Write and execute
4 – Read
5 – Read and execute
6 – Read and write
7 – Read, write and execute
Apart from types of permissions, this categorization also differentiates between types of users ( user, group and world ). The user is the owner of the file/folder, the group determines a group of users who can access the file/folder with the same permissions. The world represents the users who don’t fall into the first two categories, i.e. everyone else.
In conclusion, file and folder permissions both determine what can be done (what action) and by whom (which type of user). They are represented with three-digit numbers. The first digit determines what the (owner) user can do, the second is for the group, while the third tells what the rest (i.e. the world) can do.
Setting a file’s permission to 640 means that the user can read and write/edit the file, the group can only read it, while the world has no access to it.
Setting the Proper File and Folder Permissions in WordPress
Now let’s see how to set file and folder permissions. The suggested permissions are either 755 or 750 for folders/directories and 644 or 640 for files. For the wp-config.php file, the value is either 440 or 400.
We will explain how to set them using two methods – with an FTP client and via cPanel. If your hosting does not offer an option of using cPanel, consult with your hosting provider or simply stick to the first method.
Using an FTP Client
To change the folder permissions, connect to your server using an FTP client, navigate to the folder which has the files of your website, right-click on it and select the “File Attributes” option.
Manually insert either 755 or 750 and select both the “Recurse into subdirectories” and “Apply to directories only” options.
Similarly, to change the file permissions, click on “File Attributes” in the same folder. Then, insert 644 or 640 manually and click on both the “Recurse into subdirectories” and “Apply to directories only” options.
Finally, to change the permissions of the wp-config.php file, for example, find the file in the root WordPress directory (called public_html, in our case), right-click on it and click on the “File Permissions”.
Manually insert 440 or 400.
If you want to set file and folder permissions this way, connect to cPanel using your credentials. Click on the “File Manager” option located near the top of your browser window.
Navigate to your root WordPress directory and select the folder you’re editing. Unfortunately, cPanel doesn’t have the option to recursively apply the change on all subdirectories or files in the folder, so this needs to be done manually.
If you want to apply the change to several directories at once, first select them with a mouse click, while holding the CTRL button. Then, right-click on one of the selected directories and click on “Change Permissions”.
Tick off the appropriate checkboxes so the folder permissions are set to either 755 or 750 and click on “Change Permissions”.
Similarly, select the files with a left-click+CTRL button. Right-click on one of the files and select “Change Permissions”.
Tick off the appropriate checkboxes so that the folder permissions are set to either 644 or 640 and click on “Change Permissions”.
The same two steps (setting folder and file permissions) needs to be done manually for all subdirectories and subfiles.
When you’re done, set the appropriate permissions for the wp-config.php file. Navigate to your root WordPress directory, find the file, right-click on it and select “Change Permissions”.
Tick off the appropriate checkboxes so that the permissions are set to either 440 or 400 and click on “Change Permissions”.
Now you know how File and Folder permissions work, how to change them and how to fix the issues that arise from having them set incorrectly. With this knowledge, you will be fully equipped to optimize your site’s security and management even further.