WordPress Webroot Ownership / Permissions Script

Ok, so I’ve seen a fair amount of “run this script to fix your permissions” posts about, and for a number of reasons I don’t really like them.

Not saying that mine is perfect ofcourse, but the emphasis is trying to be around security.

With all security, you’re always compromising convenience. If you really want to secure your WordPress file ownership and permissions. Give it user:apache and 750/640 permissions throughout. But it won’t do you much good when it comes to installing plugins, etc.

So, here’s what you can do.

NOTE: The outcome of this script (should you read it and use it properly) is that your wordpress web root will be read only to apache (this is how we want it really) and wp-content and below will be writeable by apache (you need this if you want to install plugins, upload media). Having apache write to wp-content is the compromise here, because its undesirable for the web process to have write permissions…but we’re balancing security and convenience here. Because apache cannot write to a directory higher than wp-content, then it will NOT be able to update itself. So you’ll need to organise that when the times comes. I might write a post about that, but because it sucks to have apache writing to the webroot, I possibly won’t


## ok, you want to replace my ‘dcr226’ with whatever user you
## login to your server with. Change all of these settings to suit your system


chown -R $username:web_user $web_directory
find $web_directory -type d -exec chmod 750 {} \;
find $web_directory -type f -exec chmod 640 {} \;
find $web_directory/wp-content -type d -exec chmod 770 {} \;
find $web_directory/wp-content -type f -exec chmod 660 {} \;

#selinux stuff because…you should be using it

chcon -R -t httpd_sys_content_t $web_directory
chcon -R -t httpd_sys_rw_content_t $web_directory/wp-content
setsebool httpd_unified 0

2 replies
  1. seofanpagethailand
    seofanpagethailand says:

    Hey just wanted to give you a quick heads up. The text in your post seem to be running off the screen in Chrome. I’m not sure if this is a format issue or something to do with web browser compatibility but I thought I’d post to let you know. The layout look great though! Hope you get the issue resolved soon. Cheers|


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *