WordPress usually runs on a Linux server, which has comprehensive and detailed permission controls for each directory. If permissions are not set correctly, it can cause issues such as being unable to upload files, update themes or plugins, or edit code through the WordPress dashboard. In these cases, you just need to set the correct permissions for your WordPress site.
Setting Correct Permissions for the WordPress Directory
For WordPress to run correctly, the user running PHP-FPM needs read and write permissions for the WordPress site directory. For security, other users should only have read permissions. For example, if the user running PHP-FPM on your server is “www”, you can run the following command to set the correct permissions.
chown -R www:www /www/wwwroot/example.com
chmod -R 755 /www/wwwroot/example.comIn the commands above, “chown” changes the owner and group to “www”, and “chmod -R 755” sets the directory permissions to be readable and executable by everyone, but writable only by the owner. For more detailed instructions on chmod, refer to documentation like IBM’s chmod command guide.
Setting Read-Only Permissions for the Theme Directory
Sometimes, you may not need to modify or update your theme. In this case, setting the theme directory to read-only can prevent accidental modifications. Use the following command to add read-only attributes to the themes folder.
chattr -R +i /www/wwwroot/example.com/wp-content/themesOnce this command is executed, no one—including the system itself—can modify, add, or delete files in the theme directory until the read-only attribute is removed. To remove it, simply change “+i” to “-i” in the command.
Setting Permissions for the .ssh Directory
To prevent private key leakage, SSH servers have strict permission requirements for the .ssh directory. Specifically, the private key file must only be readable and writable by the user. If permissions are incorrect, the private key will be invalid and you won’t be able to log in.
- The .ssh directory permissions should typically be 755 or 700.
- The private key file (e.g., id_rsa) must be 600, ensuring only the owner can read it.
- Public keys (e.g., id_rsa.pub) and authorized_keys should typically be 644.
In summary, correct server permissions are vital for site functionality and server security. Permissions that are too strict can disable features, while those that are too loose can create security vulnerabilities. Always follow the “principle of least privilege,” granting only the permissions necessary for normal operation.
