Who gives the final roundup on file and directory permissions

  • Hi,

    I have recently moved my locally developed wp-site to a live server and have nothing but problems with file and directory permissions. I have searched but have found nowhere any final roundup regarding these permissions.
    I currently have my complete wp-content folder set to 775 (which I think is too much, but I do not know the alternative); the files in there. The files in for example the themes sub dir are even 777 (which algain I think is not good, but works).
    I was unable to upload images etc. so I had my provider make some changes. The uploads are now okay, but the new problem is that I cannot properly either insert them into a post, or I cannot view/preview a post with an image without getting a ‘”Forbidden You do not have permission to access this document.”‘

    I am a total moron (obviously) regarding the whole permission issue, and currently am totally at a loss as to what to ask from my provider. What I need to know:
    – what permissions does the wp-directory and it’s subdirectories need in order to work properly (I can upload and use files through the wp interface, but also through ftp, and visitors shoulc of course be able to see the images)
    – what persmissions do the files in these directories need in order to work properly
    – what do I need in terms of PHP/Apache modules in order for a WordPress site to work.

    Please: do not give me any more links to websites with only discussion on these issues: I have probably seen them all and so far they have not provided any final solution. I have been on this now for almost three weeks, to hardly any avail, and do not know what to ask my provider anymore.

    You help is really appreciated.

    Thanks.
    John

Viewing 5 replies - 1 through 5 (of 5 total)

  • Try this plugin to check for security vulnerabilities – read file permissions that are over the top – and get good suggestions / feedback from it in your WordPress Dashboard. It will help a lot..

    Thread Starter Splendesco

    (@mediatomics)

    Rhand, thanks for your input. I just installed the plugin, but I think it gives me wrong information; according to the plugin my wp-admin/index.php is set to 755, while actually it is set to 644 (checked with FTP software). Other than that it gives no errors; just some usefull tips regardinfg e.g. the table prefix and admin username.

    I don’t see how this will help me any further.

    Tnx.
    John

    Never had any issues with the plugin like you did. Sorry to hear that. Well you don’t need any further links as you have read them all. So you know standard Unix file permissions used on website files and folders in general. And you know when they are too restricted for normal WordPress usage.
    Until someone can help you beyond that knowledge you already have – I don’t know how – I suggest you make regular backups so you do not need to worry about any data loss.

    Good luck

    Thread Starter Splendesco

    (@mediatomics)

    Rhand, all I need to know is under what permissions for files and folder a WordPress installation under Apache/PHP5 can run normally … and what is needed in terms op a PHP configuration.
    I requested ‘no links’ as a lot of information I find is merely discussion, and does not provide a final or clear answer. Other than that, I’m still reading up, but for me it only gets more confusing.

    Thanks for your input.
    John

    Well normally all folder should have chmod 755 and all files chmod 644. These are the most secure settings. But if you want to edit a theme online or upload files/media to you server from the WordPress Dashboard you often need to chmod 755 (rwx-rx-rx) or 777 (read, write, execute by all) certain folders or files.
    My /wp-content , /wp-content/uploads and /wp-content/gallery folders are chmod 777 because I won’t be able to use them properly running them at chmod 755.
    Chmod 777 is the most vulnerable permission state as it means read, write, execute by all. Therefore you only chmod 777 files that need to for the functioning of your blog.
    The wp-config.php, .htaccess and theme files should always be 644 as they are paramount to your site’s functioning and security!
    Hope this helps a bit.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Who gives the final roundup on file and directory permissions’ is closed to new replies.