Hey there, WordPress user!
If you‘re reading this, chances are you‘ve run into the dreaded "You don‘t have permission to access this file" error or something similar. Maybe you were trying to upload an image to your blog post or install a new plugin and suddenly everything grinds to a halt.
First off, don‘t panic! File permission errors are super common in WordPress. In fact, a survey by ManageWP found that 45% of WordPress sites had at least one file permissions issue. So you‘re definitely not alone in this.
The good news is that file permissions are fairly easy to understand and fix once you know what you‘re doing. In this ultimate guide, we‘ll break down everything you need to know to get your site back up and running smoothly.
What Are File Permissions Anyway?
Before we jump into fixing things, let‘s start with the basics. File permissions are a way for your web server to control who can access and modify the files that make up your WordPress site.
On Linux servers (which power over 97% of WordPress sites), each file has a set of permission bits that look like this:
-rw-r--r--
The first character tells you the file type (- for a regular file, d for a directory). The next three characters (rw-) are the read, write, and execute permissions for the file owner. The second set (r–) is for the group, and the last set (r–) is for everyone else.
Permissions can also be written as an octal number like 644 or 755. In this notation, each set of permissions is represented by a number: read is 4, write is 2, and execute is 1. So 755 means the owner can read, write, and execute while the group and everyone else can only read and execute.
If you‘re more of a visual learner, here‘s a handy table breaking down the different permission bits:
| Permission | Octal | Binary |
|---|---|---|
| Read (r) | 4 | 100 |
| Write (w) | 2 | 010 |
| Execute (x) | 1 | 001 |
Why WordPress Needs the Right Permissions
So why do permissions matter for WordPress? Well, WordPress needs to be able to read your template files, write to your uploads folder, and modify your database in order to function properly.
If your file permissions are too restrictive, you might see errors like:
- "Unable to create directory wp-content/uploads. Is its parent directory writable by the server?"
- "Could not create directory" when trying to install a plugin or theme
- "The uploaded file could not be moved to wp-content/uploads"
- "Could not fully remove the plugin" when trying to delete a plugin
On the flip side, if your permissions are too open, you‘re essentially giving anyone on the internet free reign to upload malicious files or modify your site‘s code. Insecure file permissions are one of the leading causes of WordPress sites getting hacked, according to security company Sucuri.
The Goldilocks Permissions for WordPress
So what‘s the "just right" setting for WordPress file permissions? For most sites, the recommended permissions are:
- 755 (or drwxr-xr-x) for directories
- 644 (or rw-r–r–) for files
These permissions let WordPress read and write what it needs to without opening up security holes.
But wait, you might be thinking, don‘t some guides recommend 777 for the uploads folder or wp-config.php file? While 777 (rwxrwxrwx) will definitely "fix" a lot of file permission errors, it‘s like giving a toddler the keys to your sports car. It‘s only a matter of time before something bad happens.
As WordPress security expert Tony Perez puts it: "777 should be avoided at all costs. It‘s an unnecessary evil that should only be used for troubleshooting, and never on production."
How to Check Your File Permissions
Alright, now that you know what file permissions are and what they should be set to, let‘s look at how to actually check them on your WordPress site.
The easiest way is to connect to your site via FTP or SFTP and use your FTP client‘s "View Permissions" feature. In the popular FileZilla app, for example, you can right-click a file, choose "File Attributes", and see the numeric permission value.
If you‘re a command line whiz, you can also SSH into your server and use the ls command with the -l flag to list files with their permissions:
$ ls -l /path/to/wordpress total 200 -rw-r--r-- 1 www-data www-data 418 Jan 1 00:00 index.php -rw-r--r-- 1 www-data www-data 19935 Jan 1 00:00 license.txt drwxr-xr-x 4 www-data www-data 4096 Jan 1 00:00 wp-admin -rw-r--r-- 1 www-data www-data 351 Jan 1 00:00 wp-blog-header.php ...
The permissions are listed in the first column, followed by the user and group ownership. This is handy for spotting files or folders with wonky permissions at a glance.
Fixing File Permissions via FTP
If you discover that your file permissions are off, the simplest way to fix them is via your FTP client.
Here‘s how to do it in FileZilla:
- Connect to your WordPress site via FTP
- Browse to your WordPress root directory (usually public_html)
- Right-click the folder and choose "File Attributes"
- Set the numeric permission value to 755
- Check the "Recurse into subdirectories" box
- Choose "Apply to directories only"
- Click "OK" to apply the changes
- Back in the main window, right-click the WordPress folder again
- Choose "File Attributes" and set the numeric value to 644
- Check "Recurse into subdirectories" and "Apply to files only"
- Click "OK" to update all files
FileZilla will churn away for a bit and update all your WordPress files and folders to the right permissions. Depending on the size of your site, this could take a minute or two.
Fixing Permissions via SSH
If you‘re an SSH master, you can also fix file permissions via the command line with a few quick commands.
To update all WordPress directories to 755, use:
$ find /path/to/wordpress/ -type d -exec chmod 755 {} \;
And to set all files to 644:
$ find /path/to/wordpress/ -type f -exec chmod 644 {} \;
In these commands, -type d and -type f tell the find command to only operate on directories or files, respectively. The {} is a placeholder for each file/folder path and the \; ends the command.
You can also add the -print flag to the find commands to see a list of all the files and folders that were updated.
For extra security, you may want to set your wp-config.php file to 440 or 400 so that no one besides the file owner can read or write to it:
$ chmod 440 /path/to/wordpress/wp-config.php
Using Plugins to Automate Permissions Fixing
If the thought of messing with file permissions makes you break out in a cold sweat, fear not! There are several handy WordPress plugins that can automatically fix your file permissions with a few clicks.
One of the most popular is the free All in One WP Security & Firewall plugin. In addition to a host of other security features, it has a "File Permission" tool that can check your permissions and set them to the recommended values.
To use it:
- Install and activate the plugin from the WordPress plugin directory
- Go to WP Security > Scanner
- Expand the "File/Directory Permissions" section
- Choose whether to use 644/755 or a custom value
- Click "Fix it" to apply the changes
The paid version of iThemes Security Pro also includes a "File Permission Check" feature that can alert you to insecure permissions and automatically fix them.
Keep in mind that these plugins are not a silver bullet. Some file permission issues are caused by deeper server configuration problems that can‘t be fixed by a plugin. If you still see errors after using a plugin to reset your permissions, it‘s time to call in the pros (a.k.a. your hosting company‘s support team).
Troubleshooting Common WordPress File Permission Issues
At this point, you should have a solid handle on how to check and fix your WordPress file permissions. But sometimes you might run into a stubborn issue that doesn‘t go away after updating your permissions.
Here are some common problems and how to troubleshoot them:
"Could not create directory" Errors
If you see this message when trying to upload files or install plugins, your permissions are probably too restrictive on your wp-content folder.
First, make sure your wp-content directory and all its subdirectories are set to 755. If that doesn‘t work, you may need to temporarily set the uploads folder to 777 so that WordPress can write to it. Just make sure to switch it back to 755 once the uploads are working again!
The Dreaded White Screen of Death
Few things strike more fear into the heart of a WordPress user than a blank white screen where your website used to be. If you see this after updating your file permissions, it‘s likely that your wp-admin or wp-includes folders have incorrect permissions.
Set these folders back to 755 and all files within them to 644. You may also need to restore the execute permission (either 755 or 750) on files like admin-ajax.php, post.php, and load-scripts.php for things to start working again.
Plugins or Themes Not Updating
If you click the "Update Now" button on a plugin or theme and nothing happens, it could be a permissions issue on the plugins or themes folders.
Make sure your plugins and themes directories are set to 755 and the files inside to 644. Some plugins may also need write access to their own folders, so check the plugin documentation or reach out to the developer if problems persist.
Locking it Down
Whew, you made it to the end! By now you should be a WordPress file permissions pro.
To recap: the best permissions for most WordPress sites are 755 for folders and 644 for files. You can easily check and change your permissions using an FTP client or via SSH.
And if you ever get stuck, don‘t forget about WordPress security plugins or reaching out to your web host‘s support team for more hands-on troubleshooting.
At the end of the day, the goal is to strike a balance between giving WordPress the access it needs to function and securing your site against hackers and malware. With the right file permissions locked down, you‘ll be well on your way to a safer, smoother-running WordPress site.
Happy permissions fixing!
