WP Umbrella Logo

How to Fix Folder and File Permissions in WordPress

The WP Umbrella Team

Are you trying to understand how folder and file permissions work in WordPress in order to troubleshoot an error? You are in the right place!

Understanding permissions is a key aspect of troubleshooting various WordPress issues.

In the world of computing, permissions define what kind of interactions (read, write, modify, etc.) are allowed with files and folders. This is important because WordPress may require access to write to files in your wp-content directory to enable certain functions.

It’s important to understand how permissions works in WordPress cause your website security greatly depends on it.

This article will discuss what WordPress file permissions are, what they are used for, and how to fix file permissions errors in WordPress.

So let’s get started!

Understanding File and Folder Permissions in WordPress

File permissions WordPress

Understanding folder and file permissions in WordPress is about understanding your website’s infrastructure. At its core, these permissions govern how various elements such as files, directories, and scripts interact within your WordPress site.

They determine who can read, modify, or execute specific actions, essentially serving as the gatekeepers to your website’s core functionalities.

When configured properly, these permissions ensure that only authorized individuals or processes can make changes, thereby enhancing the site’s security.

On the other hand, incorrect permissions can lock you out of crucial functionalities or let the door wide open to malwares and hackers.

What Are The Different Files and Folders Permissions

file attributes and permissions

File and folder permissions dictate who can read, write, modify, and access files on your computer’s file system. This is especially relevant for WordPress, which may need specific permissions to function correctly. The wrong settings can result in error messages such as the ‘Failed to Open Stream: No Such File or Directory’ or the ‘Installation Failed: Could Not Create Directory‘ and even security vulnerabilities.

Let’s breakdown users and permissions.

Types of Users: Individual, Group, and Public

Three types of users can be found: User, Group, and World.

  • World: Anyone who’s on the internet.
  • Group: A group of people with roles such as contributors or subscribers, etc.
  • User – WordPress administrator

Permission Actions: Reading, Writing, and Executing

Each type of user can be granted different levels of access:

  • Read – They can only view the file’s contents
  • Write – They can modify the content of the file 
  • Execute – They can run codes in the file.

It’s vital to assign these actions carefully. For instance, giving a non-admin user write access to crucial files like wp-config.php can pose a security risk.

Thus, you would simply provide ‘Read the file’ access to Your editors. Nothing else. 

Decoding the Numeric Representation of Permissions

The file permissions are summed up into three numbers

  •     First Number – Permissions that are offered to the user.
  •     Second Number – Access is provided to the group.
  •     Third Number – Authorizations that are offered to the world.

Each number represents a specific level of authorization as follows:

  • 0 is for no access at all.
  • 1 is for executing.
  • 2 is for writing.
  • 3 is for writing and executing.
  • 4 is for reading.
  • 5  is for reading and executing.
  • 6 is for reading and writing.
  • 7 is for reading, writing, and executing.

For example, a 644 permission means that the owner can read and write (6), but the group and the public can only read (4).

Got it? Now let’s see how to fix the file and folder permissions error in WordPress!

How to Fix File and Folder Permissions in WordPress

The first thing to do when you try to fix an Error in WordPress is always to back up your website! Then, you will have to update your directories’ permission settings, and your files’ permissions.

Secure your WordPress websites with automated backup, safe update and security monitoring with WP Umbrella

Install WP Umbrella on your websites in a minute and discover a new way to manage multiple WordPress sites.

Get Started for free

Step 1: Update Directory Permissions

First, find the WordPress root folder, which is normally named public_html or www, or after your site’s title.

Inside you’ll find three folders (wp-admin, wp-content, and wp-includes), plus some other loose files.

set up file permissions in WordPress

Pick up those three folders by right clicking on them and choosing Set Permissions.

The Change file attributes screen should appear, which contains the Read, Write, and Execute permissions for the owner, the owner’s group, and the regular user. 

  • The first number represents your permissions;
  • The second number represents your group;
  • the third is your user’s permission level.  

A user’s access level can be up to seven, which allows them Read, Write and Execute rights.

Set up the 755 permission in WordPress

For the three folders above mentioned (wp-admin, wp-content, and wp-includes) we need to set the value 755 and check the option that says Apply only to directories.

The result is that WordPress gets full access, your users have access as well (but can’t delete anything), and your files remain unaffected, which leads us to the second step.

Step 2: Update File Permissions

We’ve just changed permissions levels on all of your directories. Now we’ll do the same thing for our files.

Return to the root of your site and select every file and folder within, including those we used earlier in this process. Use the right-click menu to set permissions again.

What you are doing this time is replacing the existing number in the Numeric value field with 644.

Since you own the files, you have the ability to read and modify each file. Your visitors and your group, however, may only read them. 

Prioritizing Security Through File and Folder Permissions

The devil is in the details. One overlooked permission can serve as a vulnerable point for attackers to exploit. That’s why setting your WordPress permissions wisely is not just good practice, it’s mandatory.

Lax permissions can make your website an easy target for hackers. Experts recommend a permissions setting of 600 for sensitive files like wp-config.php, as this restricts access to only the owner.

Remember, the goal is to give just enough permissions for the website to function while limiting potential entry points for cyber threats.