Understanding WordPress File Permissions

How many of you remember growing up and watching television as a little child with your parents and all of a sudden they shout “RED LIGHT”? What did you do? You immediately covered your eyes because you didn’t have permission to see what was on the screen.


WordPress websites use something similar to the “Red Light / Green Light” parental commands that dictate who has permission to read files, create and edit files, and to control what has access to the files. In this post, we cover the basics of WordPress file permissions.

Basics of Server File Permissions

Servers consist of directories (or folders) and files.  Permissions can be created that dictate who can “read (r)”, “write (w)”, and “execute (x)” a specific file and/or directory.  There are slight differences between rwx permissions when it comes to file permissions versus directory permissions.

File Permissions

  • Read (r) permissions declare if the user has authority to read the file.
  • Write (w) permissions declare if the user has the authority to write or modify the file.
  • Execute (x) permissions declare if the user has the authority to run the file and/or execute it as a script.  It is important to note that a file is not granted delete permissions.

Directory Permissions

  • Read (r) permissions declare if the user has the authority to access the contents of the identified folder/directory.
  • Write (w) permissions declare if the user has the authority to add or delete files that are contained inside the folder/directory.
  • Execute (x) permissions declare if the user has the authority to access the actual directory and perform functions and commands, including the ability to delete the data within the folder/directory.

Now before we dive into understanding the proper permissions that should be set for WordPress site it, is important to learn about the different forms of ownership of a file.

  • The user who is the owner of the file and/or the user that created the file is known as the User.
  • The user or users who belong to a group the the file and/or directory is part of is known as the Group.  A group is a defined classification of a set of users.  The example of a group might be users that have access to FTP.
  • The user or users who are not an owner and do not belong to an identified group are known as Others.

Take a look at the illustration below and you will see how these ownership roles and permission settings come together to declare who has what authority to do or see something relating to the files on your server.

WordPress file permissions

It may be helpful to understand that there is a method to the madness in the number that appear as part of the permissions settings.  Those numbers relate to the read, write, and execute permissions.  These point values are actually derived from the binary system that are foundational to computer systems (1s and 0s).

  • Read (r) permissions have a point value of 4
  • Write (w) permissions have a point value of 2
  • Execute (x) permissions have a point value of 1

No matter what combination of read, write, and execute permissions you assign to a file or directory it is easy to figure out what of the three permissions have been assigned.  For example:

  • If you see the number “6“, you automatically should know that the ONLY numbers (4, 2, 1) that you can combine to get the value 6 are the numbers 4 and 2.  Therefore the number 6 represents the read and write permissions being assigned.

Now in that image above you will see that file and directory permissions come in 3 digit numbers.  This is where the ownership comes into play.  The first number refers to the User.  The second number refers to the Group. And the final number refers to Others.

So now we can break down the file permission number of 644 to be as follows:

  • The owner of the file can read (r) (4 value) and write (w) (2 value) for a total of 6 value.
  • The group that is attached to the file can only read (r) (4 value) for a total of value.
  • Everyone else can only read (r) (4 value) for a total of 4 value.

So when you see the number 7 you should immediately know that all three permissions (4+2+1) have been granted to that ownership group.  If you see the number 3 then you know that for some STRANGE reason someone set the permissions of the file to have writing and executing permissions (2+1) but no ability to read the file.

What are the Recommended WordPress File Permissions?

So now that you understand how file permissions are composed and how they are assigned to different ownership groups we can understand the recommended file permissions for WordPress.

Basically a directory in WordPress should have a 755 permission and the files should have a 644 permission.  (And now that you know how to read those numbers, can you figure out who should be allowed to do what on your WordPress server?


If you are looking for additional help on checking to see if your WordPress site’s permissions are set correctly, you can open up the iThemes Security plugin’s dashboard (as seen above) and see how your site’s current permissions are set.

The post Understanding WordPress File Permissions appeared first on iThemes.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *