How to Fix Folder and File Permissions in WordPress

Are you trying to understand how folder and file permission work in WordPress in order to troubleshoot an error? You are in the right place!

There are different permissions that specify which files and directories can be read, written, modified and accessed on computer file systems. This is important because WordPress may require access to write to files in your wp-content directory to enable certain functions.

A WordPress website’s security depends greatly on the permissions it assigns to the files and folders. So, it’s crucial to set the correct permissions to those files and folders.

File permissions WordPress

Although, changing the permissions on WordPress files can result in an error message. This article will discuss what WordPress file permissions are and what they do, plus how to fix WordPress file permissions errors via Cpanel, FTP, or .htaccess.

You need to make sure your WordPress permission settings are correct in order to keep your site secure. Regular users shouldn’t be able to access the core files of WordPress. So let’s get started!

What You Need to Know About File and Folder Permissions in WordPress

Your web server comes with different permissions for each file and folder.

These are the permissions that govern who can interact with the files, and what they can do with them.

For example, you can set a folder as read-only for non-admin users so you can manage the files, but everyone can still see them.

Users, Group and World

Three types of users can be found: User, Group, and World.

file attributes and permissions
  • World: Anyone who’s on the internet.
  • Group: A group of people with roles such as contributors or subscribers, etc.
  • User – WordPress administrator

Read, Write and Execute

All users will have access to three types of permissions:

  • Read – They can only view the file’s contents
  • Write – They can modify the content of the file 
  • Execute – They can run codes in the file.

For example, If you’re using WordPress, the wp-config.php file is so critical that the tiniest mistake can break your website, so you can’t allow your editors to edit it.

Thus, you would simply provide ‘Read the file’ access to Your editors. Nothing else. 

The file permissions are summed up into three numbers

  •     First Number – Permissions that are offered to the user.
  •     Second Number – Access is provided to the group.
  •     Third Number – Authorizations that are offered to the world.

Each number represents a specific level of authorization as follows:

  • 0 is for no access at all.
  • 1 is for executing.
  • 2 is for writing.
  • 3 is for writing and executing.
  • 4 is for reading.
  • 5  is for reading and executing.
  • 6 is for reading and writing.
  • 7 is for reading, writing, and executing.

If it’s not clear, let’s look at this example:

644 permission: Users can read and write files through this system (first 6). Groups (4) and other users (4) only have access to read files. As a result no one else will be allowed to make changes to the files, this right will be reserved solely for the owner.

Got it? Now let’s see how to fix the file and folder permissions error in WordPress!

How To Fix The File and Folder Permissions Error in WordPress

The first thing to do when you try to fix an Error in WordPress is always to back up your website! Then, you will have to update your directories’ permission settings, and your files’ permissions.

Step 1: Fix Your Directories’ Permission Settings

First, find the WordPress root folder, which is normally named public_html or www, or after your site’s title.

Inside you’ll find three folders (wp-admin, wp-content, and wp-includes), plus some other loose files.

set up file permissions in WordPress

Pick up those three folders by right clicking on them and choosing Set Permissions.

The Change file attributes screen should appear, which contains the Read, Write, and Execute permissions for the owner, the owner’s group, and the regular user. 

  • The first number represents your permissions;
  • The second number represents your group;
  • the third is your user’s permission level.  

A user’s access level can be up to seven, which allows them Read, Write and Execute rights.

Set up the 755 permission in WordPress

For the three folders above mentioned (wp-admin, wp-content, and wp-includes) we need to set the value 755 and check the option that says Apply only to directories.

The result is that WordPress gets full access, your users have access as well (but can’t delete anything), and your files remain unaffected, which leads us to the second step.

Step 2: Modify Your WordPress Files Permissions

We’ve just changed permissions levels on all of your directories. Now we’ll do the same thing for our files.

Return to the root of your site and select every file and folder within, including those we used earlier in this process. Use the right-click menu to set permissions again.

What you are doing this time is replacing the existing number in the Numeric value field with 644.

Since you own the files, you have the ability to read and modify each file. Your visitors and your group, however, may only read them. 

The best file permission for security

Security experts suggest this setting as it obviates entry points to potential attacks.

Warning: Be sure to tick the Recurse into subdirectories option, and then check the box Apply to files only.  Therefore, only the WordPress files will have the 644 value applied, and the folders will retain the settings you set during the last step.

All that’s left is to attempt to access your site again.

If you followed the above instructions, you should no longer be encountering any file permissions errors, and your website should be fully functional.

One Last Tip About WordPress’s permission

The wp-config.php file contains everything you need about database connections and your website’s base configuration, and this is why it is considered as one of the most important files to lock for security.

The apt authorization for this file should be 600. It means the user or groups will be permitted to read, but others will not be permitted access.

Make sure your wp-config.php is not left with a 755 value before shutting down your FTP client.