How to Correctly Set WordPress File Permissions for Optimal Security?

WordPress File Permissions Correction

When considering WordPress file permissions best practices, security is paramount. Avoid overly permissive permissions such as 777.

Folder permissions

• Root folder: 755
• wp-admin: 755
• wp-content: 755 (strictly 700 after installation)
• wp-includes: 755

File Permissions

• All files in all folders: 644
• wp-content folder: 755 (strictly after installation 644)
• exception: .htaccess file should be 644

Post-installation hardening

After installing WordPress, Permissions should be tightened to only allow the user account to write to all files except wp-content.

• Change ownership of all files to :
• Change ownership of wp-content to www-data:www-data
• Keep wp-content writable on www-data.

Other considerations

• Temporarily access wp-content: Use su to temporarily switch to the www-data user and modify wp -content permissions and join the www-data group.
• ACL (Access Control List): Grants access to wp-content to specific users or groups.

It is critical to ensure that the files and directories have read and write permissions for www-data. Following these permissions best practices can help ensure the security and reliability of your WordPress site.

The above is the detailed content of How to Correctly Set WordPress File Permissions for Optimal Security?. For more information, please follow other related articles on the PHP Chinese website!