Last active
January 21, 2025 12:37
-
-
Save richardevcom/7a98f152bc240fdfc8959d83ac239b4c to your computer and use it in GitHub Desktop.
Fix & secure WordPress files & permissions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| chown -R www-data:www-data . | |
| find . -type d -exec chmod 755 {} \; | |
| find . -type f -exec chmod 644 {} \; | |
| #find . -type f -name ".htaccess" chmod 640 {} \; # If you're not using Pretty URLs (permalinks), use 604 < 640 permissions. | |
| find . -type f -name "wp-config.php" chmod 440 {} \; |
Author
Author
[UPDATE]
If you're using plugin that rewrites .htaccess or wp-config.php files (for example, LiteSpeed Cache), you should leave at least 6** permissions, otherwise you'll have to update these files manually.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WordPress official post Changing File Permissions suggests securing
wp-config.phpwith440permission and.htaccessbetween604<644permission.If you're using Pretty Permalinks (URLs), it is suggested to use
666😈 permission.