Knowledge base article

WordPress permissions

View other cpanel articles

This article describes the best file permissions practices for WordPress installations hosted on Serversaurus shared cPanel servers

For an in-depth explanation of WordPress file permissions, please refer to the Changing File Permissions article on the WordPress Codex.

To follow this article you will need your cPanel login credentials. If you have forgotten your cPanel credentials, they were included in the original Welcome to Serversaurus email which you should find in your inbox, otherwise follow these instructions on how to update your cPanel password.

File Ownership

All files and directories should be owned by the user and group that is your cPanel username. There are no exceptions to this rule.

File Modes

On Serversaurus shared servers, all PHP scripts will only run as your cPanel user - there are no shared/'apache' groups. Therefore, there is never any reason to use file permissions that permit other users access to your directories (even though there are server-level protections in place to prevent this).

Within your WordPress installation, all files (not directories), should have a file mode of 644 or 640 (more restrictive).

Any files with sensitive credentials, such as wp-config.php, should have a file mode of 640.

All directories should have a file mode of 755 or 750 (more restrictive).

There is never a valid reason to use a mode of 777 for any file or directory. If a WordPress plugin is asking you to do this, please do not use that plugin. It puts your hosting account at risk and may lead to account suspension.

How to Set Permissions

If you have a Performance or Business shared hosting account or are not familiar with SSH, you can use your SFTP client to set file modes, or using the File Manager within cPanel. To update the file permissions within the File Manager, login to cPanel >> navigate to the File Manager function >> Select the directory or file you want to adjust >> select Permissions from the tool bar >> set your mode options >> select Change Permissions. 

If you have a Performance or Business shared account and are familiar with SSH, you can use the chmod command to set file modes.

Set the file mode of a directory to 755:

chmod 755 dir/

Set the file mode of config.php to 640:

chmod 640 wp-config.php

Set the mode of all directories within your WordPress install to 755:

find ~/www/path/to/your/wordpress/install/ -type d -exec chmod 755 {} ;

Set the mode of all files within your WordPress install to 640:

find ~/www/path/to/your/wordpress/install/ -type f -exec chmod 640 {} ;

Last updated November 30, 2023

Can't find what you're looking for?

Submit a question

  • Drop files here or
    Max. file size: 2 MB, Max. files: 3.
    • This field is for validation purposes and should be left unchanged.