This article is mainly geared towards WordPress self-hosted on a server where you have root ssh access. If you installed it on a shared host like DreamHost, you may not need to, or be able to run this script.
I have a 1GB Rackspace Cloud Server that houses my website, blog and well as my side projects. Recently, my WordPress installation that powers my blog started encountering errors with the self-updater; upon further inspection, noticed that it did not have certain permissions to write (add, modify, remove) files that were going to be updated. Not knowing what the optimal permissions were without compromising security with a wide 777, I researched into what is the optimal permission setting to keep WordPress secure, but allowing auto update to work.
I recently rebuilt my front page with a new flat file CMS called Grav (which I’ve fallen in love with), and its updater was having issues too. So I did a little digging into Grav and turns out someone had already documented this exact same issue. They wrote a script that will set the optimal permissions that balance security and convenience.
- Changes the user and group of the current directory to
- Changes all files and subfolder to
- Finds all the files from the current directory down and sets the permissions to
664so they are
RWfor User & Group and
- Finds all the folders from the current directory down and sets the permissions to
775so they are
RWXfor User & Group and
- Sets the ownership of all directories to ensure that User and Group changes are maintained
- Sets the umask so that all new files are created with the correct