Secure File and Folder permissions for WordPress

File and folder permissions is very important in terms of web security. In most of the cases hackers are some how manage to get the access of your server and can upload/write/ edit your script and compromise your website.

Common form of security regarding this is never allow write permissions to group user and public user. In some cases at the time of uploading or activating a plugin you need to change the file permission to even 777, the most vulnerable permission. But beware of one thing after completing your job put it back to the secured file permissions. Like, when you will try to install wp-cache plugin, it needs .htaccess writable, you can make the .htaccess file writable for that plugin but whenever you finished installing the wp-cache plugin, back the .htaccess file permission to a secure one.

public_html (or httpdocs) – 750

  • wp-admin – 755
  • wp-includes- 755
  • wp-content – 755
  • .htaccess – 644
  • wp-config.php- 666
  • other wp-files.php at the root folder – 644

in rest of the case all the folders will be 755 and files will be 644