How to set proper file permissions on WordPress files

WordPress is a suite of files that make up your website. After you install WordPress for the first time, you should focus on bolstering its underlying security.

WordPress files hierarchy consists of its specific structure. You can store data in directories of the WordPress, while scripting files in the root folder help WordPress manage your site.

File permissions for the WordPress files refer to access control permissions on sensitive data. If for example, the WordPress password file like wp-config.php is accessible across the Internet, your site can be hacked by random people.

In this scenario, if you don’t maintain a secure routine for the file permissions, you may end up losing your WordPress website. Attackers can hijack your site or can delete the entire database of your WordPress website.

Today’s write-up helps you learn about file permissions in WordPress. After you have finished the article, you can go back to your WordPress dashboard or hosting cPanel and set the correct file permissions for your WordPress files.

What is meant by file permissions?

A WordPress site resides at a powerful computer on the Internet, called a Web Server. The server needs permission to edit, save, or modify your site’s files.

When we talk about file permissions, it refers to access level rights on the WordPress files.

As a WordPress site owner, you can change file permissions on WordPress files. You can allow or deny access to files or block specific users at all.

Why should you set correct file permissions in WordPress?

Incorrect file permissions mean security problems for WordPress files, insecure access levels, and total compromise of sensitive data in excessive damage.

Besides security concerns, you can also set file permissions for a custom web application. In case you run a WordPress forum or micro-job website, you can change permissions to increase or tighten your site’s access levels. It helps you better serve premium content for paid members.

Correct file permissions in WordPress

If you don’t have knowledge about WordPress file permissions, you should consider the following settings for your WordPress files and directories. You can also read more about file permissions for custom settings.

For all folders and sub-folders of the WordPress root directory, set the file permission as 755. Similarly, setĀ 644 for all the WordPress files.

Ways to set file permissions on WordPress files

Set file permissions using FTP

If you have set up FileZilla as your site’s FTP client, you can easily change permissions on WordPress files and folders.

Once you’ve loaded the FileZilla, you will be able to see a list of your site files. You can bulk select multiple directories and choose appropriate permissions accordingly.

file permissions in wordpress

Clicking on File Permissions shows a small box where you can set file permission for WordPress files and folders.

file permissions box in filezilla

You can choose permission for owner, group, and public. Don’t forget to click on OK.

Set file permissions using Hosting cPanel

If you fail to access FTP on your WordPress website, you can also change file permissions using Hosting cPanel. To get started, proceed to log into your hosting panel.

In theĀ public_html directory, select a file and click on Permissions at the top bar. A small box will be shown where you can set proper file permissions for the selected file.

file permissions in hosting cpanel

Finally, you can repeat the process for files and directories and change file permissions for security and customization purposes.

Best practices

You can easily change file permissions by getting into Hosting cPanel or by using FileZilla. For custom requirements regarding security, you can consider the following best practices regarding file permissions in WordPress.

  • Your hosting CPanel and FTP credentials should not be identical for security reasons.
  • You can install a plugin for checking the correct file permissions in WordPress. Consider security plugins for WordPress, such as All in One WordPress Security and Firewall.
  • If you don’t understand the specific codes for file permissions, you shouldn’t bother changing permissions on WordPress’ sensitive files and folders.
  • Always taste browsing-experience after you’ve changed file permissions on WordPress files. You can start by browsing the concerned files in the browser.
  • If you have multiple FTP or Hosting cPanel users, you should create and implement a security policy for employees that help you manage your WordPress assets.

Last but not least, you can always use the option to hire professionals for testing your site for security concerns.


You don’t need to change file permissions in the standard procedure of WordPress installation. However, if you have installed WordPress manually, you should check and set proper file permissions on your site’s files.

Before using FileZilla for changing file permissions, you will need to create an FTP account in Hosting cPanel, followed by setting up the File Zilla client on your desktop.

Similarly, your Hosting cPanel also helps you list your site’s files. In the Public_HTML directory, you can use the Permissions option at the top bar and change or reset file permissions for your site’s files.

You can proceed to read more about WordPress security. If you have any concerns about WordPress file permissions, you’re welcomed to join the conversation in the comments.

More on wpcrib

Add comment

Join discussion and make an impact. Your email address will not be published.

GDPR is going into effect on May 25, 2018. Learn more in our new GDPR section. You can also view changes to our Privacy Policy.
We use cookies to provide a personalised experience for our users.