Optimizing WordPress file permissions

This article is mainly geared towards WordPress self-hosted on a server where you have root ssh access. If you installed it on a shared host like DreamHost, you may not need to, or be able to run this script.

I have a 1GB Rackspace Cloud Server that houses my website, blog and well as my side projects. Recently, my WordPress installation that powers my blog started encountering errors with the self-updater; upon further inspection, noticed that it did not have certain permissions to write (add, modify, remove) files that were going to be updated. Not knowing what the optimal permissions were without compromising security with a wide 777, I researched into what is the optimal permission setting to keep WordPress secure, but allowing auto update to work.

I recently rebuilt my front page with a new flat file CMS called Grav (which I’ve fallen in love with), and its updater was having issues too. So I did a little digging into Grav and turns out someone had already documented this exact same issue. They wrote a script that will set the optimal permissions that balance security and convenience.

What this script basically does, is:

  1. Changes the user and group of the current directory to faisal and apache
  2. Changes all files and subfolder to faisal and apache ownership
  3. Finds all the files from the current directory down and sets the permissions to 664 so they are RW for User & Group and R for Others.
  4. Finds all the folders from the current directory down and sets the permissions to 775 so they are RWX for User & Group and RX for Others.
  5. Sets the ownership of all directories to ensure that User and Group changes are maintained
  6. Sets the umask so that all new files are created with the correct 664 and 775 permissions.
This script is not only for WordPress or Grav. It could potentially be used with any CMS that requires file permissions to work, and it’s a good way to clean up the overall permissions.

Leave a Reply