Skip to content

Intro to WordPress File Permissions: Here’s How They Work

File permissions are a key component of any file system. WordPress file permissions determine who can access, read, and modify folders and files on your server. In other words, they determine who has control over your website and who can change it.

Knowing how to change file permissions is a skill that will come in handy when running a website. At some point, you may need to access the server directly and configure file permissions for key components of your site. It’s a simple process, but one that can go wrong quickly if you don’t set permissions properly. 🛡

WordPress file permissions.

In this article, we’ll go over what file permissions are and how they work. We’ll also discuss the ideal permission settings for WordPress and show you how to set them. Let’s get to it! 🙋‍♂️

An introduction to file permissions

File permissions determine who can read, write, and execute files and directories. In the context of WordPress, file permissions can limit access to your site’s core files to keep them secure.

👉 WordPress file permissions are based on Unix-based systems. That means the administrator can assign any of the following permissions to a file or directory:

  • Read (r): The ability to read the contents of a file or list the contents of a directory.
  • Write (w): You can modify a file or directory, including creating, editing, or deleting it.
  • Execute (x): This permission enables you to run a file as a program or script, or enter a directory.

As the administrator, you should be the only person with a full set of permissions. Other users should be assigned permissions depending on their role and what they need to do. As a rule of thumb, no user should have more permissions than are required to carry out their work.

When you change file permissions in a Unix-based system, you do so using a numerical system. Each file and directory has unique permission settings codified in three-digit numbers. The first number represents who owns the file/directory; the second represents user accounts in owner groups; and the third represents public users.

👉 Aside from those figures, each action corresponds to a different number. Read is four, write is two, and execute is one. Here are some examples of what these file permissions look like and what they mean:

  • 777. This setting offers the highest level of permissions. It means all users have read, write, and execute access. The sevens in each position represent the sum of 4+2+1, which stands for all the available actions.
  • 744. This code means the owner of the file/directory has full permissions. Other users only have read access.
  • 644. This setting means the owner has read/write permissions and other users have read access.
  • 444. With this code, the file or directory becomes read-only for all users.

Ideal permission settings vary from one file or directory to the other. However, there are several agreed-upon settings for specific WordPress components, which we’ll cover in the next section.

What are the optimal WordPress file permissions

These permission settings recommendations come from our experience using WordPress and the official Codex. The goal of these permissions is to protect your website by limiting all access to its core files and directories except when needed.

👉 In this section, we’ll cover four different types of files and directories and explain the optimal permission settings for each of them. Let’s start with WordPress folders:

  1. WordPress folders. These are the folders and directories that house all the WordPress core files. The ideal permission level for the root folder and all its subdirectories is 755. This gives you full access, where other users will only be able to read and execute directories. Keep in mind this shouldn’t apply to internal files, just to the directories.
  2. WordPress files. These are all the files contained in the root folder and its subdirectories. With the two exceptions below, the ideal setting for these files is 644. This gives you read and write access. Other users will only be able to read files and not modify or execute them.
  3. wp-config.php. A lot of WordPress web hosts will use a similar 644 permission setting for the wp-config.php file. The official WordPress codex recommends setting permissions to 440, so you and other users in your group have read access. Other users get no access at all.
  4. .htaccess. Similar to wp-config.php, a lot of web hosts will default to 644 permissions for this file. That is also the configuration the WordPress Codex recommends. A more secure setting would be 444 to limit all access to read-only.

Depending on your web host, you might not need to modify WordPress file permissions. A lot of managed hosting providers typically optimize permission settings to maximize security. In any case, it pays to know how to modify file permissions if you need to make some changes.

How to change WordPress file permissions (3 steps)

Changing file permissions in WordPress requires you to use File Transfer Protocol (FTP). However, the process is fairly simple. Here’s how it works:

Step 1: Connect to your website via FTP

To connect to your site via FTP, you’ll need a client. We recommend using FileZilla as it’s easy to set up and requires basically no configuration.

Once you open the client, enter your FTP credentials to connect to your website. Typically, you’ll be able to find these credentials in your hosting control panel. You may also have received them in an email when signing up for hosting:

FTP credentials.

When you connect to the server, you’ll see a collection of files and directories appear in the client. Locate your WordPress root directory, which contains all of your site’s files. The directory may be called public_html, public, www, or named after your site.

Root directory.

Now enter the root directory and move on to step number two.

Step 2: Set the permissions for directories

Locate the wp-content, wp-admin, and wp-includes folders. You’re going to right-click on one of them and select the File Permissions setting:

Configure WordPress directory permissions.

A new window will open, including the option to set file permissions manually or with a numeric value. Enter 755 in the Numeric value field and toggle the Recurse into subdirectories setting. Select the Apply to directories only option and click on OK:

Apply permission settings to subdirectories.

That configuration will apply the 755 permission setting to the three folders and all their subdirectories. However, it won’t affect files, which is precisely what we want. Files have different optimal permission settings, which we’ll configure in the next step.

Step 3: Set the permissions for files

The WordPress root directory has hundreds of files. That means manually changing permissions for each of them can take a long time. Your best option is to apply permission settings using the same recursive approach as with directories.

To do this, select all files and directories in the root folder (except perhaps wp-config.php and .htaccess) and right-click to open the File Permissions menu. Set the numeric value for the permissions to 644 and select the option to apply this setting recursively to files only:

WordPress file permissions.

Click on OK and that’s it. You can double-check if the permissions are assigned correctly by selecting directories or files at random and checking their permission levels.

Changing permissions shouldn’t alter the way your site works or break any part of it. If any part of your site stops working after changing permissions, it’s probably due to a wrong value set for a directory or a core file.

Conclusion 🧐

WordPress file permissions are easy to set, but if you input the wrong values, they can break your website. Understanding how file permissions work and what the recommended configurations are in WordPress will help improve your site’s security and prevent errors.

If you want to review your WordPress permissions, start by re-reading the section on the recommended settings for files and directories. Once you know what settings to use, follow these steps:

  1. Connect to your website via FTP.
  2. Set the permissions for directories.
  3. Set the permissions for files.

Do you have any questions about how to set WordPress file permissions? Let’s talk about them in the comments section below!

Don’t forget to join our crash course on speeding up your WordPress site. Learn more below:

Yay! 🎉 You made it to the end of the article!
John Hughes

Inline Feedbacks
View all comments

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!

Would love your thoughts, please comment.x

Most Searched Articles

Best JavaScript Libraries and Frameworks: Try These 14 in 2024

In this post, we look at the best JavaScript libraries and frameworks to try out this year. Why? Well, with JavaScript being available in every web browser, this makes it the most accessible programming language of ...

20 Best Free WordPress Themes for 2024 (Responsive, Mobile-Ready, Beautiful)

If you're looking for only the best free WordPress themes in the market for this year, then you're in the right place. We have more than enough such themes for you right ...

12 Best WordPress Hosting Providers of 2024 Compared and Tested

Looking for the best WordPress hosting that you can actually afford? We did the testing for you. Here are 10+ best hosts on the market ...

Handpicked Articles

How to Make a WordPress Website: Ultimate Guide for All Users – Beginners, Intermediate, Advanced

Many people wonder how to make a WordPress website. They’ve heard about WordPress, its incredible popularity, excellent features and designs, and now they want to join the pack and build a WordPress website of their own. So, where does one get ...

How to Start an Ecommerce Business: Ultimate Guide for 2024

Is this going to be the year you learn how to start an eCommerce business from scratch? You’re certainly in the right place! This guide will give you a roadmap to getting from 0 to a fully functional eCommerce business. ...