When we talk about WordPress security, setting correct WordPress file permissions always comes up in the conversation as a security measure. Yet, not many people know how to set file permissions in their WordPress websites or even what they are! In the most basic terms, file permissions decide who has permission to do what to your WP files.
Incorrect file & folder permissions can lead to security risks and cause loading errors to your website. Therefore, it is extremely crucial that you make sure your WP website files and folders have correct and secure permissions to them.
If you have no clue how to do this, we are here to help you out. Read through.
WordPress File Permission?
WordPress file permissions are the permissions given to a certain user to maintain the website, dissected as permission to read, write, and execute.
When permissions are set properly, it adds a security layer by preventing unauthorized access to your WordPress files and folders.
However, if the permissions are not set properly, it can result in security breaches and server errors. These errors may vary from 403 forbidden errors to a white screen, etc.
All the actions (read, write, and execute) have a number to denote the said action. The list of the privilege permissions using numbers can be given as:
- No access(0)
- Write and Execute(3)
- Execute and Read(5)
- Read and Write(6)
- Read, Write, and Execute(7)
Some of the important file and folder permissions for WordPress
From the above image, it is clear that the recommended permission for files is 644 or 640 and for folders is 750 or 755. In this article, we will discuss in two ways(via FTP client and via cPanel) how to set correct permissions.
Changing permissions using an FTP client
You can change the permissions to the files and folders of your WordPress website easily using FTP client. Follow these steps to change the settings:
- Log in to your server via an FTP client.
- Right-click on the folder containing files of your website and select ‘File Attributes’.
- For folder permissions, enter 750 or 755 in the numeric value field and then select both ‘Recurse into subdirectories’ and ‘Apply to directories only’.
Source: Qode interactive
- Similarly, in order to change the file permission, enter 640 or 644 as the permission value, and check the boxes against ‘Recurse into subdirectories’ and ‘Apply to files only’.
Source: Qode interactive
Now, in order to change the file permissions of the wp-config.php file, navigate to the root WordPress directory, and select ‘File Permissions’. Now, manually enter 400 or 440.
Changing permissions using cPanel
To change the file and folder permissions of your WordPress website using cPanel, follow these steps:
- Use your credentials to connect to the cPanel.
- Select the option ‘File Manager; from the top-left of your browser.
- Select the folder you wish to edit from the root WordPress directory. Since cPanel does not have the option to apply the changes recursively to all subdirectories, you will have to perform this step manually.
- Right-click on the selected directory and select ‘Change Permissions’.
- Now, set the permission to 750 or 755 by selecting the appropriate checkboxes.
- Repeat the above two-steps for changing file permission and set the permission to 640 or 644 by selecting the appropriate checkboxes.
- Repeat the above-mentioned steps to change permission for all subdirectories and subfiles.
- To change the file permission of wp-config.php, find the file from your root WordPress directory, and select ‘Change Permissions’.
- Set permission to 400 or 440 by selecting appropriate checkboxes.
It is clear from the article that correct WordPress file permissions are important for the security of your WordPress website. Incorrect permissions can invite hackers than can lead to hack & planting of backdoors in the wordpress site. It is possible to ignore this step while setting up a website but it is never too late to set things straight. These steps will help you in securing the file permissions of your website and will help you in reducing the risk against a security threat.
There are several other steps that you can take to secure your website other than setting file permissions.