Get Free .com or .in domain with Ultra Annual Plan for First Year

WordPress Files and Permission

WordPress Files and Permission

How to define file permissions for WordPress directories and files for ensuring best security?

Permissions defines what users can do with the file or directory. The permissions are represented by a set of numbers called permission mode.

WordPress file permissions:

WordPress file permissions specify who can read, write and execute the files and directories in WordPress website. Permission mode protect the website from unauthorized access by hackers. Permissions are given based on the role that user possess. Along with permission modes, it is always recommended to install security plugins that will reduce the security breach of the WordPress website. Popular WordPress security plugins are: Sucuri, iThemes, Security, Jetpack security, WPScan , Wordfence.

Types of permissions:

  Permissions  Meaning  SymbolNumber representation
ReadView contents of a file or directoryr4
WriteCan modify the contents of a file or directoryw2
ExecuteAllowed to run script files or scripts inside directoryx1
No PermissionUser has no access to the file or directory0


  1. User :       The assigned owner of the file or directory.
  2. Group : Members of the group that owns the file or directory.
  3. Others :  All users other than file owner or group members
Note: Recommended permission modes for a directory is 755 and for a file is 644.

How to identify the permission mode:

  • 3 = (2 + 1) = Write + Execute
  • 5 = (4 + 1) = Read + Execute
  • 6 = (4 + 2) = Read + Write
  • 7 = (4 + 2 + 1) = Read + Write + Execute


670Owner has read and write only, group has read, write and execute, others have no permission
777All have permissions for read, write and execute

Recommended file permissions for WordPress website

PathPermission mode
Root directory (usually public_html)755
wp-config.php444 or400
.htaccess444 or 644
Index.php644 or 444

Fixing permissions

Therearemultiplewaysto access your files and directories to fix the WordPress permissions. The user can choose whichever is convenient.

permissions using cPanel:

cPanel is an online Linux-based graphical interface (GUI) used as a control panel to simplify website and server management. cPanel allows you to publish websites, manage domains, organize web files.

  • Log into your cPanel account. Either find a link on web host dashboard, or type /cPanel after the site URL.
  • Select Files ->File Manager
  • Find the root directory (generally it is public_html) and expand.
  • All files and directories are visible in the explorer pane. Right-click on a file or directory and select Change Permissions.
  • Set permissions as necessary and Click on Change Permissions.
Note: You can select multiple files and directories and change their file permissions at once.

Permissions using File Transfer Protocol:

FTP is another way to fix file and directory permissions. if the web host does not have a usable interface, use FTP Client.

• Go to the root folder of WordPress site.
• Select all folders in root directory.
• Right click and select File permissions.

• In file permissions dialog box enter 755 in
numeric value field.
• Click on recurse into subdirectories.
• Select apply to directories only->ok.

FTP client will start setting file permissions to directories and sub-directories.

Same way, select all files and folders in the root folder of WordPress site and right-click to select file permissions.In file permissions dialog box,enter 644 in numeric value field. click on Recurse into subdirectories checkbox and select Apply to files only option. Click ok. FTP client will start setting file permission to all files in WordPress site,

iThemes Security Plugin to Check WordPress File Permissions:

iThemes Security Plugin enhances the security of WordPress website. The plugin detects and automatically
blocks suspicious activity that increases the security of passwords and site data. To check the assigned file
permissions follow the below mentioned steps.
• iThemes Security plugin menu ->security -> Tools->Check File Permissions.

• Click run->status of permission is displayed in the screen.

Permission modes like 000 may be the safest but they are not practical.777 is the least protected permission as it leads the file and directory open to modify by any user. Never advice 777 for any core files. Some plugins require the directory to be in write mode, make the permissions accordingly. Sometimes we need to loosen the permission mode to work certain functionalities.

Related Posts