Knowledge base article
WordPress permissions
Related articles
Basic WordPress security and site management
Create a WordPress cron task in cPanel
Other cpanel articles
A beginners guide to email spoofing
Accessing your site before changing DNS
An introduction to email authentication
Basic WordPress security and site management
Can I test out your services for free?
Check MySQL database table disk usage
Configure object cache with memcached and Litespeed Cache plugin
Configure spam filtering in cPanel
Connect via SFTP using SSH key authentication with FileZilla
Connecting to Serversaurus shared hosting via SFTP
Create a clone of your website
Create a SSH key pair and configure your SSH key in cPanel
Create a WordPress administrator via MySQL CLI
Create a WordPress administrator via phpMyAdmin
Create a WordPress cron task in cPanel
Create and manage email accounts in cPanel
Create Autoresponders in cPanel
Disable automatic WordPress updates via wp-config.php
Domain options for shared hosting
Download or restore individual files, directories or database backups with JetBackup
Emptying Trash, Junk and Spam files
Enabling PHP extensions, Changing PHP Version and Setting PHP Options
Export or Import a MySQL database via CLI
Force HTTPS via .htaccess (cPanel)
Go live with your WordPress staging website
Help! I need a backup of my cPanel-hosted website
Hide .html extension using .htaccess
How did my WordPress website get hacked? What do I do?
How to ensure website generated emails are delivered successfully
How to issue a Let’s Encrypt certificate
How to remove Site Software management
I can receive email but can’t send!
Introduction to LiteSpeed Cache
Login to cPanel via the Client Portal
Manage DNS zones with the cPanel Zone Editor
Manual WordPress migrations in a nutshell
Migrate remote staging website to local hosting server
Migrate remote transactional website to local server
Migrating email from one POP/IMAP email account to another
My site and/or email service is down
Network Firewall (I can’t access my services on a non-standard port)
Pointing your domain to Serversaurus
Pointing your domain to Squarespace with cPanel
Prevent website generated spam with CAPTCHA
Push updates from a staging to production website
Reconfigure production website to subdomain
Recover your hacked WordPress website
Remove Wordfence firewall block via MySQL CLI
Secure your WordPress installation
Setting up email on your iPhone
Subdomains for test sites & more
The SLA – Best effort versus 99.9% versus 100%
Unable to renew certificate: The Let’s Encrypt HTTP challenge failed
Understanding CloudLinux resource limits
Update a WordPress website to use a new domain name
Update your WordPress username via phpMyAdmin
Using the Serversaurus Cloud CDN with your WordPress website
What exactly is shared hosting?
Why don’t you have unlimited plans?
WordPress install still shows Serversaurus “new customer” landing page
This article describes the best file permissions practices for WordPress installations hosted on Serversaurus shared cPanel servers
For an in-depth explanation of WordPress file permissions, please refer to the Changing File Permissions article on the WordPress Codex.
To follow this article you will need your cPanel login credentials. If you have forgotten your cPanel credentials, they were included in the original Welcome to Serversaurus email which you should find in your inbox, otherwise follow these instructions on how to update your cPanel password.
File Ownership
All files and directories should be owned by the user and group that is your cPanel username. There are no exceptions to this rule.
File Modes
On Serversaurus shared servers, all PHP scripts will only run as your cPanel user - there are no shared/'apache' groups. Therefore, there is never any reason to use file permissions that permit other users access to your directories (even though there are server-level protections in place to prevent this).
Within your WordPress installation, all files (not directories), should have a file mode of 644 or 640 (more restrictive).
Any files with sensitive credentials, such as wp-config.php, should have a file mode of 640.
All directories should have a file mode of 755 or 750 (more restrictive).
There is never a valid reason to use a mode of 777 for any file or directory. If a WordPress plugin is asking you to do this, please do not use that plugin. It puts your hosting account at risk and may lead to account suspension.
How to Set Permissions
If you have a Performance or Business shared hosting account or are not familiar with SSH, you can use your SFTP client to set file modes, or using the File Manager within cPanel. To update the file permissions within the File Manager, login to cPanel >> navigate to the File Manager function >> Select the directory or file you want to adjust >> select Permissions from the tool bar >> set your mode options >> select Change Permissions.
If you have a Performance or Business shared account and are familiar with SSH, you can use the chmod command to set file modes.
Set the file mode of a directory to 755:
chmod 755 dir/
Set the file mode of config.php to 640:
chmod 640 wp-config.php
Set the mode of all directories within your WordPress install to 755:
find ~/www/path/to/your/wordpress/install/ -type d -exec chmod 755 {} ;
Set the mode of all files within your WordPress install to 640:
find ~/www/path/to/your/wordpress/install/ -type f -exec chmod 640 {} ;
Last updated November 30, 2023