There are different permissions that specify which files and directories can be read, written, modified and accessed on computer file systems. This is important because WordPress may require access to write to files in your wp-content directory to enable certain functions.
A WordPress website security depends greatly on the permissions it assigns to the files and folders. So, it’s crucial to set the correct permissions to those files and folders.
Although, changing the permissions on wordpress files can result in an error message. This article will discuss what WordPress file permissions are and what they do, plus how to fix wordpress file permissions errors via Cpanel, FTP or .htaccess.
You need to make sure your WordPress permission settings are correct in order to keep your site secure. Regular users shouldn’t be able to access the core files of WordPress. So let’s get started!
Your web server comes with different permissions for each file and folder.
These are the permissions that govern who can interact with the files, and what they can do with them.
For example, you can set a folder as read-only for non-admin users so you can manage the files, but everyone can still see them.
Three types of users can be found: User, Group, and World.
All users will have access to three types of permissions:
For exemple, If you’re using WordPress, the wp-config.php file is so critical that the tiniest mistake can break your website, so you can’t allow your editors to edit it.
Thus, you would simply provide ‘Read the file’ access to Your editors . Nothing else.
The file permissions are summed up to three numbers
Each number represents a specific level of authorization as follow:
If it’s not clear, let’s look at this example:
644 permission: Users can read and write files through this system (first 6). Groups (4) and other users (4) only have access to read files. As a result no one else will be allowed to make changes to the files, this right will be reserved solely for the owner.
Got it? Now let’s see how to fix the file and folder permissions error in WordPress!
The first thing to do when you try to fix an Error in WordPress is always to back up your website! Then, you will have to update your directories’ permission settings, and your files’ permissions.
First, find the WordPress root folder, which is normally named public_html or www, or after your site’s title.
Inside you’ll find three folders (wp-admin, wp-content, and wp-includes), plus some other loose files.
Pick up those three folders by right clicking on them and choosing Set Permissions.
The Change file attributes screen should appear, which contains the Read, Write, and Execute permissions for the owner, the owner’s group, and the regular user.
A user’s access level can be up to seven, which allows them Read, Write and Execute rights.
For the three folders above mentioned (wp-admin, wp-content, and wp-includes) we need to set the value 755 and check the option that says Apply only to directories.
The result is that WordPress gets full access, your users have access as well (but can’t delete anything), and your files remain unaffected, which leads us to the second step.
We’ve just changed permissions levels on all of your directories. Now we’ll do the same thing for our files.
Return to the root of your site and select every file and folder within, including those we used earlier in this process. Use the right-click menu to set permissions again.
What you are doing this time is replacing the existing number in the Numeric value field with 644.
Since you own the files, you have the ability to read and modify each file. Your visitors and your group, however, may only read them.
Security experts suggest this setting as it obviates entry points to potential attacks.
Warning: Be sure to tick the Recurse into subdirectories option, and then check the box Apply to files only. Therefore, only the WordPress files will have the 644 value applied, and the folders will retain the settings you set during the last step.
All that’s left is to attempt to access your site again.
If you followed the above instructions, you should no longer be encountering any file permissions errors, and your website should be fully functional.
The wp-config.php file contains everything you need about database connections and your website’s base configuration, and this is why it is considered as one of the most important files to lock for security.
The apt authorization for this file should be 600. It means the user or groups will be permitted to read, but others will not be permitted access.
Make sure your wp-config.php is not left with a 755 value before shutting down your FTP client.