Directory and File permissions

  • There are a small but increasing number of posts where people are seeing things on their site like popups for various things.
    It is VERY likely that the people who did this have managed to do so because of the directory and file permissions that you have set. You MUST get this right to avoid this situation.

    Directories should have, at most, permissions of 755. If you have a directory that is 777 then that can be written to.

    Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. You must never ever have ANY file at permissions greater than 666 unless you are directed specifically to do so.

    777
    Some hosts will only allow you to upload images (using WP) if the images folder is 777. That leaves your site at a certain level of risk. Email them and check what the minimum permissions are. Despite what they first say, this is NOT a WP issue – it’s a security issue.
    If your host insists that 777 is the only number, start looking for another host. 755 can be done by hosts (my directories are all 755) that take security seriously.

    Please add anything else here !

Viewing 14 replies - 1 through 14 (of 14 total)

  • As a point of interest, the auto-install system Fantastico installs all WP directories and files with 755 permissions…

    Unfortunately, I can’t tell you the version of Fantastico as I don’t know how to get to it in cPanel or shell. This is running on Linux.

    I have the wp-content/uploads folder set to 755. WordPress was able to create subfolders and files no problem. However all files are automatically created with 775 permission. How do I have WordPress save uploaded files only with 664?

    Thanks!

    When editing themes using the theme editor I get that error:

    Forbidden

    You don’t have permission to access /wp-admin/theme-editor.php on this server.

    this is funny because I only get this error when saving a file (and all files have, for test, 777 as permission)

    How can I fix this?

    I think I got the problem.
    Probably the admin of the host set the LimitRequestFieldSize to a value that doesn’t allow file to be posted.

    I noticed this because I can edit small files, but not big ones.

    Also the default LimitRequestFieldSize is 8190, which prevent files bigger than 8k to be edited…
    I think this can also prevent postings of big posts, too…

    Is the below correct? I’m a tad concerned that if I want to use this app to its full potential I’ll have to have 777 on my folders?

    https://board.keytwo.net/viewtopic.php?p=1539&highlight=777#1539

    This thread and the one mentioned within it would seem to suggest 777 is ok.

    Thank you

    Ben

    I have WordPress 2.0.2 , I wanted to add Site Meter to my site. But when I pasted the HTML Code in the Sidebar theme Editor, there was no update button as mentioned in Sitemeter’s Site. All that I saw was “If this file was writable you could edit it.” as mentioned in Sitemeter, it said that I had to Change the file Permissions. I dont know what to Change pls Help.

    This was what that was written on SiteMeter’s Site for WordPress,
    If the button isn’t there and it instead says “If this file was writable you could edit it.”, you will need to first change the file permissions so that you can modify the file and repeat the steps again.

    I’m having this problem too. In the Theme Editor I see “If this file was writable you could edit it” at the bottom of every file. I’ve tried changing the permissions – at least I think I have – but the same “If this file was writable” message appears on every file. Which files do I need to change permissions on, and what do I need to change them to?

    Thanks for any help you can offer.

    abondanzieri

    (@abondanzieri)

    Hello,

    i installed wordpress to my server two days ago. everything was fine. but today i tried to upload a file and it didnt let me to do it.. so i tried something else.. but it didnt work. then i erased my wordpress folder and started to set up a new one.. but it still gives the same error when i try to upload a picture .

    it says

    The uploaded file was only partially uploaded.
    Back to Image

    can anybody help me please ?

    Ozgur.

    vkaryl

    (@vkaryl)

    You’d do better to start a new topic really. This may not have anything to do with the original poster’s problem….

    mrugesh

    (@mrugesh)

    hi

    i am new at wordpress org. I have exported file from wordpress.com and now i want to upload file in my own server. i am using “wxmlmigrate2” plugin to transfer the blog.
    but when i import that file : i am getting following error

    “Unable to create directory C:\Inetpub\vhosts\readgujarati.com\httpdocs\samachar/wp-content/uploads/2006/11. Is its parent directory writable by the server?”

    how i can solve this problem ? please guide me.

    i am using the above plugin of : https://www.technosailor.com/wordpress-to-wordpress-import/
    and it imports file successfully but upto half process. after half process, it generates above error.

    what i do to solve the above error.
    please guide me

    Hi!
    I’ve set my file permission to be 666, but I still can’t edit it in wordpress and no Update bottom to be seen. What could be the reason? thanks!

    Don’t use it! It is much better. Half of those that set the permissions to “world writabel” come back after a few days crying about their hacked blog… because nobody ever bothers to change it back – so it is wide open for the happy hackers.
    Edit the files on your computer an upload them using a FTP client. That’s the healthy way.

    moshu that may be the healthy way but reading back through all the threads on this subject I can make a number of observations.

    1. This is a very common problem

    2. The default answers given by helpers like chmod are incomprehensible to many users.

    3. The file permissions required by wp are variable.

    4. Even chmod often still leaves the error.

    5. Many users find that very frustrating.

    6. This has been going on for a very long time.

    Root – was there meant to be an answer in there?

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Directory and File permissions’ is closed to new replies.