An important step when using WordPress is to change file permissions. What are File Permissions? Basically it’s the level of access for your folders and files for your WordPress installation. Permissions will define who and what can read, write, modify and access them. You do not want to allow everyone in the world the ability to change your files now, do you?
As soon as you have your site up and running, you need to check your file permissions and make any changes that need to be done. To check your file permissions, simply sign into your web hosting Control Panel, aka cPanel. When you signed up for your hosting, you received an email telling you how to do this.
Once you are signed in, scroll down until you see an icon that depicts a folder with the words File Manager and click on it. You will get a pop up that looks like, or similar to, the one below. If you have more than one domain name hosted on this hosting account, choose the domain name that you are currently working on. Be sure to click on the box that says to Show Hidden Files (dot files). If you do not do this, you will not see your .htaccess file.
You will now see your folders and files. To change the permission for a file:
File permissions will vary, (check instructions on any plugins or themes that you install) but here’s a general rule of thumb to get you started with your new installation. Don’t forget to look inside the directories as well. You may only need to change a few of them.
Here is more information about file permissions on WordPress.org.
Changing file permissions is the first step to securing your website. For more information on this topic you should visit WordPress.org’s suggestions, visit the forums there, and they even have IRC (live chat). And always, always create backups for your website. Do not rely on your web host to do it for you, even though they say that they do.