Recommended file permissions for WordPress

Private WordPress installations seem to be the drum that hackers like to hit on these days.  It seems that many themes are also vulnerable as well. I’m not saying this is the answer to mitigate hacking attempts, but merely as a starting point.  Anyway, as a starting point for fortifying a WP installation here are recommended file permissions settings for a WordPress installation on a Linux box.  These commands will set 750 for all folders, 640 for files, and 600 for wp-config.php file. Sitting with a root/sudo access on a parent folder from a WP installation folder (assuming wpfolder here).


# find wpfolder -type d -exec chmod 750 {} +
# find wpfolder -type f -exec chmod 640 {} +
# chmod 600 wpfolder/wp-config.php

 

You may also want to make sure that only wp-content folder is owned by www-data (or whatever your webserver may be using).