Change File Permissions


WordPress file permissions

file permissions

An important step when using WordPress is to change file permissions. What are File Permissions? Basically it’s the level of access for your folders and files for your WordPress installation. Permissions will define who and what can read, write, modify and access them. You do not want to allow everyone in the world the ability to change your files now, do you?

As soon as you have your site up and running, you need to check your file permissions and make any changes that need to be done. To check your file permissions, simply sign into your web hosting Control Panel, aka cPanel. When you signed up for your hosting, you received an email telling you how to do this.

Once you are signed in, scroll down until you see an icon that depicts a folder with the words File Manager and click on it. You will get a pop up that looks like, or similar to, the one below. If you have more than one domain name hosted on this hosting account, choose the domain name that you are currently working on. Be sure to click on the box that says to Show Hidden Files (dot files). If you do not do this, you will not see your .htaccess file.


file manager


You will now see your folders and files. To change the permission for a file:

  • Locate it in the list. Click on the row for that file so that the row changes color. You can do more than one at a time by holding down the ctrl key (or cmd for mac) as you click on the rows.
  • Click on the Change Permission icon at the top of that screen
  • You will get a pop up window. Check the appropriate boxes to change to the appropriate permission value (755, 644, etc.). They will look like the image up above on the left. I have taken screen shots so that you can see which boxes need to be checked for each value.
  • Click on Change Permissions in that pop up box to save your changes.

File permissions will vary, (check instructions on any plugins or themes that you install) but here’s a general rule of thumb to get you started with your new installation. Don’t forget to look inside the directories as well. You may only need to change a few of them.

  • Folders (directories)  should have a file permission of 755
  • Most files should have a permission of 644, 664 at most. Try 644 first. If you use the Editor for WordPress and get an error, change the file you are trying to edit to 666, but then change it back to 644 or 664 after you make your changes. Never have a file greater than 666 unless specifically told to do so. What is the Editor? It’s where you can change the code for files like your header, footer, theme functions, etc.. It has nothing to do with your pages and posts.
  • wp-config.php should be set to 600
  • .htaccess – 604
  • cgi-bin/php.ini – 600
  • cgi-bin/php.cgi – 711
  • cgi-bin/php5.cgi – 100
  • Never have anything set to 777. If the web host or any plugins that you chose insists that they be set this way, only change it to 777 or as long as you need to run the plugin or make edits and then change it right back. It is unsafe to have a permission of 777, leaving your site vulnerable to people and bots that love to ruin websites. Another possible option would be to add an .htaccess file to the sub directory that the plugin is located in. WordPress.org has instructions for for adding .htaccess files to sub directories.

Here is more information about file permissions on WordPress.org.

Changing file permissions is the first step to securing your website. For more information on this topic you should visit WordPress.org’s suggestions, visit the forums there, and they even have IRC (live chat). And always, always create backups for your website. Do not rely on your web host to do it for you, even though they say that they do.

Powered by WordPress | Designed by elegant themes