How to Manage WordPress File Permissions to Secure Your Site

Managing WordPress file permissions plays a vital role in improving your site’s security. If you are confused about the whole idea of working with WordPress permissions and look for hints on how to do it right, the following information is for you. 

It’s vital to understand WordPress permissions since they are an indispensable component of your site’s security. Most WordPress hosting services configure file permissions for you. Still, you need to clearly understand these concepts to keep a close eye on your site’s configuration. If you are looking for explanations on the meaning of file permissions or instructions on how to manage permissions on your own, we’ve got you covered in this post. 

What Are WordPress File Permissions? 

WordPress file permissions specify how different users interact with files on your WordPress server. Because file permissions take control of what different users can do to the files on your server, they play a significant role in terms of your site’s security. More specifically, they point out who can:

  • Read the contents of files;
  • Write/alter files;
  • Execute/use files.

With that said, three types of users share WordPress file permissions: 

  • Owner of the file/directory;
  • Group that owns a file;
  • Public – the rest of the users other than the file owner or group.

Every WordPress file or folder is owned by a specific user or a group. One user can belong to different groups. However, one user may have only one primary group. Using WordPress file permissions, you can manage what different types of users can do with files/folders on your server. A file owner has the most permissions, users belonging to one group share similar or fewer permissions, whereas public users have similar or fewer permissions than the group. 

If we compare this model to the way different users work with your WordPress blog, Administrator has full control of all functions of the blog. Editor has similar or fewer rights than the Administrator. An Editor can only work with blog posts, though it’s the Administrator who can add new pieces of functionality and install plugins on your blog. Another group of users who can access your blog are anonymous visitors who have fewer rights than the Editor. 

What’s the Meaning of Numbers in File Permissions? 

WordPress permissions are represented by numbers and characters. A permission mode stands for a file permission represented by a three-digit number (e.g. 777 or 000). In such configurations, every number stands for the actions that a specific user can apply to the file/folder:

  • The first digit defines what the file/folder Owner can do;
  • The second digit defines permissions for other user accounts in the user’s group;
  • Third digit – specifies what Public can do. 

In the permission mode, every digit represents a sum of numbers assigned to every action. If you want to provide a user with no permissions, use 0. Use 1 to let them execute file/folder, 2 – to write, 4 – to read. 

777 is a configuration that provides the maximum permissions to all types of users, where every digit stands for:

  • First digit – 7 – Owner can Read (4), Write (2), and Execute (1)
  • Second digit – 7 – Group can Read (4), Write (2), and Execute (1)
  • Third digit – 7 – Public can Read (4), Write (2), and Execute (1)

What Do the Letters in File Permissions Stand for?

Besides WordPress file permissions represented by digits, you can come across configurations represented by letters and dashes, where the letters bring the following meaning: 

  • r = read permissions
  • w = Write permissions
  • x = Execute permissions
  • – (hyphen) = No permissions

File permissions written in letters feature nine characters overall, where the first three letters defile the Owner’s permissions, the second three digits apply to the Group, and the last three – to the Public. Keeping this in mind, 777 equals rwxrwxrwx.

So, what’s the best configuration of file permissions that a WordPress site owner can define? The 777 configuration means that all types of users have full access to the modification, execution of files, as well as share the possibility to delete files/folders. It would bring you a headache and a lot of issues on your site.

If you set WordPress file permissions to 000, you face the risk of your site to stop functioning entirely. Taking this into account, the perfect file permissions for your WordPress site should be set between 000 and 777. 

Reasons to Change WordPress Permissions

Every good WordPress hosting provider should set up optimal file permissions with the auto-installer. If your WordPress site runs smoothly, you do not need to apply any further modifications to file permissions. 

If you opted for a manual installation, you might face some issues or come across restrictions while trying to add new plugins to your site. In such cases, managing WordPress permissions is a must-do. 

Optimal Permissions

To the biggest degree, the optimal configuration of file permission depends on how your site;’s hosting environment is configured. Configurations that work well for one hosting environment won’t work well for another one. 

It’s generally considered that it’s better to begin with the least permission configurations and move further to providing more permissions to users as the time passes. To begin with, set WordPress file permissions at 400. As soon as you realize that users need more permissions, you can move further to 644. 

Make it a rule of thumb that you never set WordPress permissions at 777. 

The right file permissions in WordPress should be:

  • 644 for files 
  • 755 for folders 

Bottom Line

Managing the right file permissions is an integral part of running a secure and well-functioning WordPress website. There is no need to worry about file permissions configurations if you use a reliable hosting service that configured file permissions with the auto-configure tool. However, if you opted for a manual setup, you need to play wise and edit file permissions carefully in order not to miss a thing.

More articles by themes
If you notice that your website starts redirecting users to unknown websites, it is likely it was hacked. WordPress...
If you notice your WordPress website doesn’t load as fast as it used to, chances are its performance is...
Security is all we need. There are many ways to make your website a safer place on the Internet....

Contact

Feel free to reach out with a member of our team! We are excited to begin our collaboration!
Alex Osmichenko
Alex Osmichenko
CEO, Founder
Dima Osmichenko
Dima Osmichenko
COO
Clutch Logo
Reviewed on Clutch

Send a Project Brief

Fill out and send a form. Our Advisor Team will contact you promptly!

    Note: We will not spam you and your contact information will not be shared.