fix-wordpress-permissions.sh

#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro <mike [at] conigliaro [dot] org>
#

WP_OWNER=$1 # <-- wordpress owner
WP_GROUP=$2 # <-- wordpress group
WS_GROUP=$2 # <-- webserver group
WP_ROOT=$3  # <-- wordpress root directory

# Check the arguments before proceeding

# If user, returns number. Not a user, no value
ISUSER=$(id -u $1 2> /dev/null)
# Is group in the group file? If so, returns line
ISGRP=$(egrep -i $2 /etc/group)

if [[ $ISUSER -eq 0 ]]
  then
    echo "$1 is not a user"
    exit 1
fi

if [[ ${#ISGRP} -eq 0 ]]
  then
    echo "$2 is not a group"
    exit 1
fi

if [[ ${#3} -eq 0 ]]
  then
    echo "No path arguments supplied. Bye."
    exit 1
fi

if [[ ! -d $3/wp-admin ]]
then
  echo "$3 is not a valid path. Bye."
  exit 1
fi

# reset to safe defaults
echo "Reseting permissions to safe defaults"

find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)
echo "Allowing wordpress to manage wp-config.php (but prevent world access)"

chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

# allow wordpress to manage wp-content
echo "Allowing wordpress to manage wp-content"

find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

great improvement!

maybe change order, path first and add default values www-data in the script if no parameter is given