{"id":27430,"date":"2025-06-27T12:22:29","date_gmt":"2025-06-27T10:22:29","guid":{"rendered":"https:\/\/tremhost.com\/blog\/?p=27430"},"modified":"2025-06-27T12:22:29","modified_gmt":"2025-06-27T10:22:29","slug":"what-are-file-permissions-and-how-to-set-them-correctly","status":"publish","type":"post","link":"https:\/\/tremhost.com\/blog\/what-are-file-permissions-and-how-to-set-them-correctly\/","title":{"rendered":"What are file permissions and how to set them correctly"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p><strong>File permissions<\/strong> are rules that control who can read, write, or execute (run) files and directories on a server or computer. They are crucial for website and server security because improperly set permissions can let attackers view, alter, or delete your files.<\/p>\n<hr \/>\n<h2><strong>Understanding File Permissions<\/strong><\/h2>\n<p>On most web servers (especially Linux-based), permissions are represented by three types of access for three groups of users:<\/p>\n<ul>\n<li><strong>User (Owner):<\/strong> The account that owns the file.<\/li>\n<li><strong>Group:<\/strong> Other accounts in the owner\u2019s group.<\/li>\n<li><strong>Others (World):<\/strong> Everyone else.<\/li>\n<\/ul>\n<p>Each group can have three permissions:<\/p>\n<ul>\n<li><strong>Read (r):<\/strong> Can view the file\u2019s contents.<\/li>\n<li><strong>Write (w):<\/strong> Can modify the file.<\/li>\n<li><strong>Execute (x):<\/strong> Can run the file as a program (or, for directories, access files inside).<\/li>\n<\/ul>\n<p>Permissions are usually shown as a three-digit number (like <code>644<\/code>), or as letters (like <code>rw-r--r--<\/code>).<\/p>\n<h3><strong>Example:<\/strong><\/h3>\n<ul>\n<li><code>644<\/code> \u2192 Owner can read\/write, group and others can only read.<\/li>\n<li><code>755<\/code> \u2192 Owner can read\/write\/execute, group and others can read and execute.<\/li>\n<\/ul>\n<hr \/>\n<h2><strong>How to Set File Permissions Correctly<\/strong><\/h2>\n<h3><strong>For Most Websites (WordPress, Joomla, etc.):<\/strong><\/h3>\n<ul>\n<li><strong>Files:<\/strong> <code>644<\/code>\n<ul>\n<li>Owner can read and write.<\/li>\n<li>Group and others can only read.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Directories (Folders):<\/strong> <code>755<\/code>\n<ul>\n<li>Owner can read, write, and execute (needed to access folder contents).<\/li>\n<li>Group and others can read and execute (so your website works), but not write.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4><strong>How to Set Permissions via Command Line (SSH):<\/strong><\/h4>\n<div class=\"MarkdownCodeBlock_container__nRn2j\">\n<div class=\"MarkdownCodeBlock_codeBlock__rvLec force-dark\">\n<div class=\"MarkdownCodeBlock_codeHeader__zWt_V\">\n<div class=\"MarkdownCodeBlock_languageName__4_BF8\">bash<\/div>\n<div class=\"MarkdownCodeBlock_codeActions__wvgwQ\"><button class=\"button_root__TL8nv button_ghost__YsMI5 button_sm__hWzjK button_center__RsQ_o button_showIconOnly-compact-below___fiXt MarkdownCodeBlock_codeActionButton__xJBAg\" type=\"button\" data-theme=\"ghost\"><span class=\"button_label__mCaDf\">Copy<\/span><\/button><\/div>\n<\/div>\n<div class=\"\" data-collapsed=\"unknown\">\n<pre class=\"MarkdownCodeBlock_preTag__QMZEO MarkdownCodeBlock_horizontalOverflowHidden__YPHxg\"><code class=\"MarkdownCodeBlock_codeTag__5BV0Z\"># Set all files to 644:\r\nfind \/path\/to\/your\/site -type f -exec chmod 644 {} \\;\r\n\r\n# Set all directories to 755:\r\nfind \/path\/to\/your\/site -type d -exec chmod 755 {} \\;\r\n<\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<h4><strong>How to Set Permissions via FTP or File Manager:<\/strong><\/h4>\n<ul>\n<li>Right-click a file or folder.<\/li>\n<li>Choose \u201cPermissions\u201d or \u201cChange Permissions.\u201d<\/li>\n<li>Enter the number (e.g., <code>644<\/code> or <code>755<\/code>), or check the appropriate boxes.<\/li>\n<\/ul>\n<hr \/>\n<h2><strong>Special Cases<\/strong><\/h2>\n<ul>\n<li><strong>Sensitive files (like <code>wp-config.php<\/code>):<\/strong><br \/>\nYou can set stricter permissions, e.g., <code>400<\/code> or <code>440<\/code> (only the owner or server can read).<\/li>\n<li><strong>Never use <code>777<\/code>:<\/strong><br \/>\nThis gives everyone full control\u2014attackers could upload or change your files!<\/li>\n<\/ul>\n<hr \/>\n<h2><strong>Quick Reference Table<\/strong><\/h2>\n<div class=\"MarkdownTable_tableContainer__2k5Kh\" tabindex=\"0\" role=\"region\">\n<table>\n<thead>\n<tr>\n<th>Item<\/th>\n<th>Recommended Permission<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>All files<\/td>\n<td>644<\/td>\n<\/tr>\n<tr>\n<td>All directories<\/td>\n<td>755<\/td>\n<\/tr>\n<tr>\n<td><code>wp-config.php<\/code> (WP)<\/td>\n<td>400 or 440<\/td>\n<\/tr>\n<tr>\n<td>No files\/directories<\/td>\n<td>777<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<hr \/>\n<h2><strong>Summary<\/strong><\/h2>\n<ul>\n<li>File permissions tell the server who can read, write, or execute files.<\/li>\n<li>Use <code>644<\/code> for files and <code>755<\/code> for directories.<\/li>\n<li>Avoid overly permissive settings (<code>777<\/code>).<\/li>\n<li>Set stricter permissions for sensitive files.<\/li>\n<li>Regularly review your permissions to keep your site secure!<\/li>\n<\/ul>\n<p><strong>Well-set permissions are like strong locks on the doors and windows of your website\u2014don\u2019t leave them open!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>File permissions are rules that control who can read, write, or execute (run) files and directories on a server or computer. They are crucial for website and server security because improperly set permissions can let attackers view, alter, or delete your files. Understanding File Permissions On most web servers (especially Linux-based), permissions are represented by [&hellip;]<\/p>\n","protected":false},"author":226,"featured_media":27431,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[49],"tags":[],"class_list":{"0":"post-27430","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/posts\/27430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/users\/226"}],"replies":[{"embeddable":true,"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/comments?post=27430"}],"version-history":[{"count":2,"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/posts\/27430\/revisions"}],"predecessor-version":[{"id":27433,"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/posts\/27430\/revisions\/27433"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/media\/27431"}],"wp:attachment":[{"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/media?parent=27430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/categories?post=27430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tremhost.com\/blog\/wp-json\/wp\/v2\/tags?post=27430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}