How to Control WordPress File and Folder Permissions

In addition to common security issues such as brute force attacks, data breaches or cross-site scripting (XSS), you should also pay attention to file and folder permissions. Unlike other external vulnerabilities, this problem is due to a faulty installation in the root directory at server level.

If something bad happens to the rights of WordPress files and folders, your site is easily vulnerable. Therefore, you cannot interact with the site just to download an image. Not to mention the fact that you even see a blank screen when the page is loaded.

In this article we will show you how to control who can perform certain actions on your files and folders to make sure your WordPress site runs smoothly.

Before we get to the heart of the matter, let’s see what rights are available for files and folders and how important it is to set them correctly.

In this article you will learn:

What are the permissions for WordPress files and folders?

WordPress files and folders

WordPress works primarily as a publishing platform that helps you to easily create and distribute content around the world. More than a third of website owners love this content management system for its simplicity.

If you are considering extending the standard WordPress features, you can easily ask for help with support tools such as themes, plugins, images, etc. These are stored in files and folders in the WordPress root folder.

There are different folders and files with different functions that make your website work well. The important folders are wp-admin and wp content, and the index.php or about.php files belong to WordPress. Each folder can also contain many subfolders.

Permission for files and folders

Each WordPress file and folder stored on your hosting must have its own access limitation that indicates who has the right to manage and modify it. For example, for example… B. only administrators read, write, or execute the wp-admin folder. Editors, on the other hand, can only read or revise. Normal users can’t even see this folder.

By granting permissions to configure files and folders, you can share tasks with authorized users, creating a loophole for hacker attacks. To avoid this nightmare, it is important that you understand exactly how the WordPress folder permissions work.

To change the permissions in the WordPressfolder

The authorization mode consists of three digits or a combination of dashes and letters, depending on the network protocol you are using, for example. B. File transfer protocol (FTP) or shell access (SSH).

WordPress offers three options for classifying who has access to your standard folders:

  • Users/owners – Site Administrators
  • Groups – The set of roles of other users of your site, such as. B. Publishers, subscribers, authors and others.
  • Peace – Who’s on the Internet

In addition, there are 4 basic controls that any type of user can use to work with folders, including

  • Playback (4) – Allows users to play files or folders only.
  • Write (2) – Allows users to edit content
  • Execute (1) – enable the user to read, delete, modify and change the directory of codes
  • Hyphen – (0) – Prohibits users from doing anything with your files and folders.

If you intend to change the access rights, you must use the manageability value calculation. The first value affects the control of the user/owner. The second value defines the rights of the group and the third value defines the rights of the world.

Here are a few examples to better understand.

User Group international
r+b+x r+x r+x
4+2+1 4+0+1 4+0+1 = 755

755 means that users can read, write and execute a folder, while groups and the whole world can only read and execute a folder. This is the best solution for wp-admin, wp-content and wp-inclusive files.

User Group international
r r+b+x r+b+x
4+0+0 4+2+1 4+2+1 = 477

477 : Users can only read folders, but the group and the world can have full read, write and export permissions.

It is recommended to read the WordPress Permission to Edit Files section for other permission modes.

What can happen to WordPress folder permissions?

As mentioned before, the file cleanups are somewhat related to the security of the site. Giving other users permission to edit WordPress files or folders is a bit like giving access to your laptop and moving things around.

Without proper rights, people who are not allowed to change files and folders may face security breaches. For example, you should be aware that customizing folders for users in global groups and categories is not ideal.

Once hackers have full control over your website, they can add spam, send malware or even copy and delete your important files from your own website.

In addition, if authorized users accidentally make mistakes when changing codes, your website will be compromised. As a result, you will soon receive an error message about the file resolution. This affects both the activity of your website and SEO performance. Just when search engines and web hosts discover these problems on your WordPress site, they can block them until the error is fixed.

Fortunately, setting file and folder permissions is relatively simple and clear, especially if you already know what they are and how to change their different modes.

We’ll see what to do if you have problems with the WordPress folder permissions.

3 Ways to configure WordPress file and folder permissions

The two most common tools used by many WordPress sites are FTP and cPanel. You need to know which customer you are using so that you can follow the instructions more easily. You can also use WordPress plugins to manage and protect your files and folders.

1) Use an FTP client to change file and folder permissions

Do you use an FTP client? Let’s connect to the server first. Then go to the root of the folder and select the desired files or folders. Then right-click on it and select File rights.

A pop-up window will appear indicating which functions each specific type of user can have. Depending on the rights you want to give to users, you can enter the correct number in the numeric field.

Setting file permissions requires the same process. Don’t forget to check the Apply only to files checkbox before saving the changes.

2) Use cPanel to set the appropriate permissions for WordPressfiles and folders.

As with FTP, you can use cPanel to set the appropriate permissions for your WordPress folders. Start with these 4 steps:

  • Log in to your cPanel account and open the root directory
  • Select all files or folders for which you want to reset the authorizations.
  • Right-click and select Change permissions.
  • Enter the correct number in the Resolution field and save the settings.

The same steps apply for authorizing your WordPress files.

3) Use the PDA Gold plugin to protect WordPressfiles and folders.

The above methods require you to go to your site’s server and update the root directory rights. On the other hand, thanks to the Direct Access Alert (PDA) and the associated access restriction, you can manage file and folder rights in a completely different way. You can manage everything directly in the WordPress administration panel.

The plugin protects both your media files and the folders in your WordPress upload folder. For example, you can also specify who has access to your secure files in these folders. B. Administrators or incoming users.

Follow these 4 easy steps to get WordPress folders and their :

  • Download and install the PDA Gold plug-in and the extension of the access restrictions.
  • Click on the plugin icon in the management navigation menu and go to the Folder Protection tab.
  • From the Select folder drop-down list box, select the folders you want to protect
  • Select the specific roles that the files in the protected folders are allowed to view.

Save the changes and that’s it!

All media download files are now protected. You no longer have to go to the server and type numbers in the popup window Edit File Attributes as you do with FTP or cPanel.

Secure WordPress site with correct permissions for files and folders

Appropriate permissions for files and folders will help you avoid unwanted security holes on your WordPress site. Only the right people can do certain things with your important files, such as B. wp-admin or wp-content.

You can use these 3 ways to configure and customize permissions for WordPress files and folders, from using an FTP client or cPanel to a third party plugin.

While the first two methods require you to log into an FTP or cPanel account and open the root folder, the second method frees you from this complexity and allows you to change folder permissions directly in the WordPress management panel.

Do you have a question about how to control access rights to WordPress files and folders? Say it in the ‘Comments’ section below.

Also read :

Author biography: Emily Anniston

As a technical writer, Emily enjoys sharing her knowledge with the WordPress community, especially in the field of WordPress security and protection. She continues to explore new plugins and themes to bring readers more useful articles and improve WordPress.

Related Tags:

wp content chown,wordpress permissions plugin,wp-content ownership,wordpress folder,wordpress admin permissions,wordpress file permissions 2020,wordpress folder permissions centos,wordpress permission groups,htaccess permissions 444,chmod gu-,the main wordpress directory not writable,wordpress user permissions,440 file permissions,wp rocket permissions,wordpress permission check plugin,wordfence file permissions,wordpress folder permissions ubuntu,bitnami wordpress file permissions,fix wordpress permissions sh,wordpress fix permissions script,digitalocean wordpress permissions,aiowps_backups,wordpress wp-content chown,could not copy file wp-admin update-core php,wordpress permissions command,divi file permissions,wordpress file permissions plugin,wordpress correct file permissions,reset wordpress file permissions ssh,some files are not writable by wordpress:,wordpress file ownership,wp-config permissions