Skip to content

Instantly share code, notes, and snippets.

@macbleser

macbleser/wp-permissions-script

Created February 21, 2014 15:37
Show Gist options
  • Save macbleser/9136424 to your computer and use it in GitHub Desktop.
Save macbleser/9136424 to your computer and use it in GitHub Desktop.
Download ZIP
WordPress Permissions Configuration Script
Raw
wp-permissions-script
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=changeme # <-- wordpress owner
WP_GROUP=changeme # <-- wordpress group
WP_ROOT=/home/changeme # <-- wordpress root directory
WS_GROUP=changeme # <-- webserver group
# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php
# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess
# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;
@MrBenjaminRay
Copy link

MrBenjaminRay commented Dec 2, 2024
edited
Loading

​# reset to safe defaults
chown -R ${WP_OWNER}:${WP_GROUP} $WP_ROOT;
chmod -R 644 $WP_ROOT;
chcon -R system_u:object_r:httpd_sys_content_t:s0 $WP_ROOT;
find ${WP_ROOT} -type d -exec chmod -R 755 {} ;

​# allow wordpress to manage wp-content
chmod -R 664 $WP_ROOT/wp-content;
chcon -R system_u:object_r:httpd_sys_rw_content_t:s0 $WP_ROOT/wp-content;
find ${WP_ROOT}/wp-content -type d -exec chmod -R 775 {} ;

porthos-co, I really like your updated version, but I found an issue in two places. See the two bolded/italicized lines above. Under the headings "reset to safe defaults" and "allow wordpress to manage wp-content", you set the permissions on all files and directories recursively to 644 and 664, then you use find to identify directories and change their permissions to 755 and 775. However, the -R flag on the chmod command results in 755 and 775 being applied recursively, which includes all files. This overwrites the 644 and 664 permissions set two lines above.

If you remove the -R flag from the chmod commands, the directories are correctly set to 755 and 775 while leaving the files at 644 and 664, which is what we want.

Updated code:

# reset to safe defaults
chown -R ${WP_OWNER}:${WP_GROUP} $WP_ROOT;
chmod -R 644 $WP_ROOT;
chcon -R system_u:object_r:httpd_sys_content_t:s0 $WP_ROOT;
find ${WP_ROOT} -type d -exec chmod 755 {} \;   # REMOVED -R FROM THIS LINE
# allow wordpress to manage wp-content
chmod -R 664 $WP_ROOT/wp-content;
chcon -R system_u:object_r:httpd_sys_rw_content_t:s0 $WP_ROOT/wp-content;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;   # REMOVED -R FROM THIS LINE

Thanks to everyone for the various versions of this helpful script!

@jult
Copy link

jult commented Dec 3, 2024

So, what is the final version of this? Someone forked it so that all improvements are included?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment