What are the correct file and folder permissions for WordPress to ensure security and a fully functional website?

Incorrect file permissions are one of the leading causes of website security breaches. Allowing “world writeable” files can lead to an attacker injecting code or overwriting a file completely. Settings that are too restrictive however, can break your WordPress install. So getting them right is really important to say the least.

Here’s the permissions WordPress requires:

Here’s a few handy command line commands speed up the process and recursively make the permission changes for you.

For more information on WordPress permissions and FTP Client options checkout WordPress.org:

https://wordpress.org/support/article/changing-file-permissions/

Even more secure

To take things to another level you can secure your wp-config.php file even further. This is the most sensitive file in the entire WordPress install and contains passwords to your database. You can use the following to lock it down even further:

Be careful when using this however, as it will make the file only readable for even the owner of the file, which is you. So to make any changes you’ll first have to change the permissions to 640.