WordPress File Permissions: Complete Guide
Published April 21, 2026
WordPress File Permissions Guide
File permissions control who can read, write, and execute files on your server. Wrong permissions are both a security risk and a common cause of WordPress errors.
Permission Basics
Permissions are expressed as three-digit numbers (e.g., 755) representing permissions for owner, group, and others. Each digit is a sum: 4 (read) + 2 (write) + 1 (execute).
Recommended WordPress Permissions
| Location | Permission | Reason |
|---|---|---|
| Directories | 755 | Owner can write, others can read and traverse |
| Files | 644 | Owner can write, others can only read |
| wp-config.php | 600 or 640 | Contains database credentials — restrict access |
| .htaccess | 644 | Apache needs to read it |
How to Set Permissions
Via SSH/terminal:
# Set all directories to 755
find /path/to/wordpress -type d -exec chmod 755 {} \;
# Set all files to 644
find /path/to/wordpress -type f -exec chmod 644 {} \;
# Secure wp-config.php
chmod 600 /path/to/wordpress/wp-config.phpSiteICO's file manager shows and lets you change permissions directly from your dashboard without SSH access.
Permissions That Cause Problems
- 777 directories: World-writable — allows anyone to upload malicious files
- 400 or 000 files: Too restrictive — WordPress cannot read its own files
- Uploads directory too restrictive: Prevents image and file uploads
The uploads/ Directory
The wp-content/uploads/ directory needs 755 so PHP can write uploaded files. Never set it to 777 on a shared hosting environment.