chmod: File Permissions

Getting Started With Your Website:

chmod: File Permissions for Your Website,
Including Your WordPress Folder

It’s likely that your folders and files are already chmodded to the way they should be in order for your website to run correctly. But just in case, for public viewing, your website’s folders should be chmodded to 755 and website files should be chmodded to 644.

chmod 755 -rwxr-xr-x
chmod 644 -rw-r–r–

Here’s what it means:

The first number in the three numbers are the permissions for the USER (crosswinds server). The second number represents the permissions for the GROUP (you) and the third number represents the permissions for the WORLD (everybody on the internet).

If read, write AND execute are checked, they add up to 7. Read and write add up to 6. Get the picture?

No matter what you hear or read in various help sites, you should NEVER chmod to 777 or 666!! This is just foolishness.

Please note that for folders and files within WordPress: folders should be chmodded to 755 and files to 644. For more information about chmodding and WordPress, please see Changing File Permissions

One exception to this is wp-config.php. You may want to ensure that the whole world will be unable to make changes to it.

You can easily change the permissions in CPanel. To do this, click on the file manager link in the “Files” section of your CPanel. (If a popup box appears, choose to open Web Root and make sure that “Show hidden files” is selected.)

  1. Navigate through your folders until you get to your wordpress folder. Double click on the folder icon next to the name of a folder until you can see the file names in your wordpress folder (wp-admin, wp-content and wp-includes folders and the php files such as “wp-config.php” in the wordpress root). Highlight wp-config.php and select “change permissions” near the top of the page. CPanel File Manager
  2. On the popup box that appears, uncheck the boxes until you see 640 on the bottom row. chmod to 640

All files should be 644 or 640. Exception: [For Shared Hosting] wp-config.php should be 600 to prevent other users on the server from reading it.