WordPress

Optimize WordPress Security By Changing File Permissions

Although WordPress is a highly secure platform and required measures are taken to ensure the security of WP powered sites, a website can experience some potential security attacks. When it comes to maintaining WordPress security, website owners often talk about several things to help keep their site secure but pay less attention to file permissions.

Although, there are several WP plugins available on web that help makes a WordPress site highly secure, but even the plugins fail to help us if the file-system permissions of the site are not setup correctly. Setting up file-system permissions is very important to keep the WordPress installation secure. However, setting up the permissions incorrectly can make the site prone to attacks.

This post is not the ultimate guide that will help fix your security concerns, but will definitely help to give you a basic understanding of file permissions and changing the file permission modes in “standard WordPress configuration” – to enhance your WordPress website security. Before proceeding further, it is also important to have a basic understanding of – what does Users and Groups mean as they are associated with permissions.

User means the account that is used for accessing your computer system. Group on the other hand, is an identifier that dictates where the set of users belong to. This means that you make use of an user account, the time files are transferred via FTP. And the group to whom (whether it is a single or more groups), you’ll belong depends on how your web host has set up your account.

File Permissions – An Insight

File-Permissions

As the name implies, permissions defines what users can do with a file. Several great features are added into the WordPress site, by providing write access to the files with help of web server. However, making your files writable is very dangerous, especially when you’re running your site in a shared hosting environment. And thus, it is better to lock-down your “file permissions”. However, when using plugins in WordPress, you may be asked by some of the plugins to change the file permissions. And changing file permissions means, the web server is allowed to gain access to those files.

A permission is determined by a set of numbers such as “644” or “777” (also known as permission modes). Each digit of the permission mode represents a meaning.

First digit tells what a user who owns the file can do.
Second digit identifies the function that other users of owner’s group can perform.
Third digit represents what left over users can do (including the people visiting the site).

Let’s understand what does the Permission Modes “644” and “777” means:

In order to understand what does the script with permission mode 644 means, let’s broken down the mode into the following structure:

  • The first digit of the mode that is “6” determines the owner can perform both read and write functions.
  • The second digit “4” determines users accounts who’re a part of the owner’s group can only read the file.
  • Last digit “4” is used to determine that rest of the users can read the file.

Put it simply, it means that the user who owns the script can modify it; while everyone else can only read th file.

Let us now break down the 777 permission mode (used for making changes to permission of the folder):

  • The first digit “7” tells that the owner holds the right to read, write and execute folder contents.
  • The second digit “7” denotes that owner’s group users can also read, write as well as execute the folder contents.
  • The third digit “7” signifies that rest of the users also have the privilege to read, write and execute the contents of the folder.

Note: Make sure to avoid the “777” permission mode as it is the bad permission mode. That’s because other than the owner, everyone has the privilege to perform all the actions on the folder (that is read, write and execute). And so, anyone can inject malicious code into the site.

Making Changes to the File Permission Modes

The “chmod” command is used for changing the permission mode of a file or folder in your WordPress directory:

1sudo chmod 644 <file>

Now in case you want to change the permission modes of all your files or folders, you’ll need to use chmod together with the “find” command, as shown in the below example:

1sudo find . -type f -exec chmod 644 {} +

In case you need to change all your folders to “755” permission mode, then write:

1sudo find . -type d -exec chmod 755 {} +

Standard WordPress Server Configuration and Setting Its File Permission

Making changes to file permission in standard server configuration requires a lot more work as opposed to the shared server configuration. Before setting permission mode of this server configuration, you’ll need to make adjustments to ownership of WP site files and folders. For doing so, make sure:

  • Your user account is the owner of all the files and folders.
  • Both the user account and the server’s user are part of the same group.

Using the “groups” command you can determine the groups that your user accounts belongs to. And to figure out the groups your web server is a part of, you’ll need to insert the following line of code in your script:

1echo exec'groups' );

If the user account and web server are not the part of the same group, use the following line of PHP code snippet:

1$ sudo usermod -a -G mygroup

After making setting up correct ownership, it’s time to make adjustments to the permission modes. For this purpose, you can make use of FTP client or instead use the following commands:

12345$ sudo find . -type f -exec chmod 664 {} + $ sudo find . -type d -exec chmod 775 {} + $ sudo chmod 660 wp-config.php

Summary

Hopefully reading this post will help you understand about the importance of file permissions, and how changing the permission modes can harm our WordPress site security. In addition, you’ll also learn about the correct ways to set up the file permissions.