How to fix WordPress permissions on Linux servers

    Incorrect permissions in WordPress can cause errors like "Could not create directory", file upload issues, or security vulnerabilities. This guide explains how to restore correct permissions quickly.

    Recommended WordPress Permissions

    Element Permission Description
    Directories 755 Read and execute for all, write only for owner
    Files 644 Read for all, write only for owner
    wp-config.php 400 Read only for owner (protects credentials)
    .htaccess 444 Read only for all (prevents modifications)

    Script to Fix Permissions

    Replace username with the hosting account username:

    WPUSER="username";WPPATH="/home/$WPUSER/public_html"
find -L "$WPPATH" -type d -exec chmod 755 {} +
find -L "$WPPATH" -type f -exec chmod 644 {} +
chown -R "$WPUSER:$WPUSER" "$WPPATH"
find -L "$WPPATH" -name wp-config.php -exec chmod 400 {} +
find -L "$WPPATH" -name .htaccess -exec chmod 444 {} +

    One-Liner Version

    For quick copy and paste:

    WPUSER="username";WPPATH="/home/$WPUSER/public_html";find -L "$WPPATH" -type d -exec chmod 755 {} +;find -L "$WPPATH" -type f -exec chmod 644 {} +;chown -R "$WPUSER:$WPUSER" "$WPPATH";find -L "$WPPATH" -name wp-config.php -exec chmod 400 {} +;find -L "$WPPATH" -name .htaccess -exec chmod 444 {} +

    Script Explanation

    The script performs the following actions in order:

    1. Define variables: WPUSER is the username and WPPATH is the WordPress installation path.
    2. Directory permissions: Sets 755 on all folders.
    3. File permissions: Sets 644 on all files.
    4. Ownership: Assigns the correct user and group to all files and folders.
    5. wp-config.php: Restricts to 400 to protect database credentials.
    6. .htaccess: Restricts to 444 to prevent unauthorized modifications.

    Important Notes

    Why use -L in find?

    The -L option makes find follow symbolic links. This is necessary because on some servers public_html is a symlink to another location. Without this option, the script won't find the files.

    Why not use USER as a variable?

    USER is a reserved system variable that contains the current session user. If you try to assign another value, the system will overwrite it. That's why we use WPUSER.

    Verify applied permissions:

    After running the script, verify with:

    ls -la /home/username/public_html/

    You should see:

    • Directories with drwxr-xr-x (755)
    • Files with -rw-r--r-- (644)
    • wp-config.php with -r-------- (400)
    • .htaccess with -r--r--r-- (444)

    Published