The Ultimate Guide to Fix WordPress Permissions Like a Pro

Your plugin won’t install. Media uploads fail. WordPress throws cryptic errors about directories it cannot create.

The culprit? Wrong file permissions.

Learning to fix WordPress permissions saves hours of frustration and keeps your site running. Incorrect chmod values block everything from automatic updates to theme installations.

This guide walks you through setting correct permissions for WordPress files and folders using SSH, FTP, or cPanel.

You’ll learn:

• The exact permission values WordPress needs (644 for files, 755 for directories)
• How to secure wp-config.php and .htaccess
• Troubleshooting common permission denied errors
• Multiple methods based on your server access level

How to Fix WordPress Permissions

Fixing WordPress permissions is the process of setting correct chmod values for files and folders on your server so WordPress can read, write, and execute them properly.

Users need this when they encounter upload errors, plugin installation failures, or the dreaded “unable to create directory” message.

This guide covers 7 steps requiring 5-10 minutes and intermediate server access skills.

Wrong file permissions cause all sorts of headaches. You might see a WordPress http error 403 or find that you can’t install plugins on WordPress at all.

Sometimes WordPress can’t upload images to the media library. Other times, automatic updates just stop working.

Prerequisites

What You Need Before Starting

SSH access or FTP client like FileZilla. Know your web server type: Apache, Nginx, or LiteSpeed.

WordPress 5.0 or later. Back up your site first.

Required Access Levels

• SSH terminal access (preferred) or FTP credentials
• cPanel file manager access (alternative method)
• Root or sudo privileges for ownership changes

Time and Skill Estimate

5-10 minutes total. Intermediate skill level required.

You should be comfortable navigating Linux directories or using an FTP client.

Step One: How Do You Access Your WordPress Files?

Connect to your server using SSH, FTP, or cPanel file manager to reach the WordPress root directory where wp-config.php and core folders are located.

Action

• SSH method: Open Terminal or PuTTY, run ssh username@yourserver.com
• FTP method: Launch FileZilla, enter host/username/password, connect to port 21
• cPanel method: Login to hosting panel, click File Manager, navigate to public_html

Purpose

Server access is the foundation. Without it, you cannot modify directory permissions or file ownership settings.

If you run into connection issues, check your WordPress error log for clues.

Step Two: How Do You Identify Current File Permissions?

Check existing permission values using the ls -la command in SSH or viewing the permissions column in your FTP client to identify incorrect settings.

Action

• SSH command: ls -la /path/to/wordpress/
• FileZilla: Right-click any file, select “File Permissions” to view numeric value
• cPanel: Right-click file or folder, choose “Change Permissions”

What to Look For

Directories should show 755. Files should show 644.

See 777 anywhere? That’s a security risk. See 600 on directories? WordPress can’t access them.

Purpose

You need to know current values before making changes. Random chmod commands without checking first can break your site or trigger a 500 internal server error.

Step Three: How Do You Set Correct Permissions for WordPress Directories?

Apply chmod 755 to all WordPress directories including wp-content, wp-admin, and wp-includes using recursive commands to fix folder permission errors.

Action

• SSH command: find /path/to/wordpress/ -type d -exec chmod 755 {} ;
• Individual folders: chmod 755 wp-content wp-admin wp-includes
• FileZilla: Right-click folder, set numeric value to 755, check “Recurse into subdirectories”

Key Directories

| Directory | Permission | Allows | | — | — | — | | wp-content | 755 | Uploads, themes, plugins | | wp-admin | 755 | Dashboard access | | wp-includes | 755 | Core functionality | | uploads | 755 | Media library storage |

Purpose

The 755 value means owner can read, write, and execute. Group and others can read and execute only.

This balances functionality with WordPress security. Too permissive and hackers get in. Too restrictive and WordPress breaks.

Step Four: How Do You Set Correct Permissions for WordPress Files?

Apply chmod 644 to all WordPress files including index.php, style.css, and core PHP files using the find command to reset file permissions across your installation.

Action

• SSH command: find /path/to/wordpress/ -type f -exec chmod 644 {} ;
• FileZilla: Select files, right-click, set numeric value to 644
• cPanel: Right-click file, Change Permissions, enter 644

Purpose

The 644 permission lets the owner read and write while others can only read.

This prevents unauthorized modification of your WordPress core files and theme files.

Step Five: How Do You Secure wp-config.php?

Set wp-config.php to chmod 600 or 640 to protect database credentials and authentication keys from unauthorized access while maintaining WordPress functionality.

Action

• Strict security: chmod 600 wp-config.php
• Standard security: chmod 640 wp-config.php
• Location: WordPress root directory, same level as wp-content

Purpose

This file contains your database password, secret keys, and server configuration details. Wrong permissions here can expose everything.

Some hosting environments require 640 instead of 600. Test after changing.

Step Six: How Do You Set Permissions for .htaccess?

Apply chmod 644 to the .htaccess file in your WordPress root to allow permalink functionality and server directives while preventing unauthorized edits.

Action

• SSH command: chmod 644 .htaccess
• Show hidden files: In FileZilla, go to Server > Force showing hidden files
• cPanel: Enable “Show Hidden Files” in Settings before editing

Purpose

The .htaccess file controls WordPress permalinks and URL rewriting on Apache servers.

If you need to remove index.php from WordPress URLs, this file must be writable.

Step Seven: How Do You Configure wp-content Folder for Uploads?

Set the wp-content/uploads directory to 755 (or 775 on some servers) and ensure the web server user www-data has write access for media uploads.

Action

• Directory permission: chmod 755 wp-content/uploads
• Ownership fix: chown -R www-data:www-data wp-content/uploads
• Alternative: chmod 775 wp-content/uploads if 755 fails

Purpose

The uploads folder stores all media library files. Wrong permissions trigger WordPress media library errors and upload failures.

If you see an error occurred in the upload please try again later, check this folder first.

Verification

How to Confirm Permissions Are Correct

Run ls -la in your WordPress root. Directories should show drwxr-xr-x (755), files should show -rw-r–r– (644).

Test Steps

• Upload an image through Media > Add New
• Install a plugin from Plugins > Add New
• Run Dashboard > Updates to test automatic updates
• Save permalink settings in Settings > Permalinks

All four actions should complete without permission denied messages.

Troubleshooting

Issue: “Unable to Create Directory” Error

The web server lacks write access to wp-content.

Solution: Run chown -R www-data:www-data wp-content then chmod 755 wp-content.

Check your hosting control panel for the correct web server user. Some use apache or nginx instead of www-data.

Issue: Media Upload Fails After Permission Change

File ownership conflicts with the web server group.

Solution: Set group ownership with chgrp -R www-data wp-content/uploads and apply chmod 775 wp-content/uploads.

This error sometimes shows as WordPress http error during image uploads.

Issue: Plugin or Theme Installation Blocked

WordPress cannot write to plugins or themes directories.

Solution:

• chmod 755 wp-content/plugins
• chmod 755 wp-content/themes
• chown -R www-data:www-data wp-content/plugins wp-content/themes

If updates still fail, check for WordPress errors when updating plugins.

Issue: 403 Forbidden Error

Server denies access due to restrictive permissions or .htaccess rules.

Solution: Verify .htaccess has 644 permissions. Check that no directory has 000 or 700 settings.

Run find /path/to/wordpress/ -type d -perm 700 to locate problem directories.

Issue: WordPress Shows White Screen

Permissions block PHP execution or file reading.

Solution: Reset all permissions to defaults. The WordPress white screen of death often traces back to 600 permissions on directories that need 755.

Alternative Methods

Method A: SSH Command Line

• Time: 2-3 minutes
• Complexity: Intermediate
• Best for: VPS, dedicated servers, bulk changes

Fastest method. Requires terminal comfort and SSH access from your hosting provider.

Method B: FTP Client (FileZilla)

• Time: 5-10 minutes
• Complexity: Beginner-friendly
• Best for: Shared hosting, visual learners

Right-click files and folders to change permissions individually or recursively.

Method C: cPanel File Manager

• Time: 5-10 minutes
• Complexity: Beginner-friendly
• Best for: Shared hosting users without FTP setup

Access through your hosting control panel. No software installation needed.

Method D: Security Plugin

• Time: 3-5 minutes
• Complexity: Easiest
• Best for: Non-technical users, quick audits

All-in-One Security and Wordfence scan for incorrect permissions and offer one-click fixes.

Related Processes

After fixing permissions, consider these related tasks:

• How to edit functions.php in WordPress safely
• Where is php.ini in WordPress for memory and upload limits
• How to remove a WordPress site from cPanel
• WordPress stuck in maintenance mode fixes

Permission issues often connect to broader WordPress site security concerns. Run a full security audit after resolving file access problems.

FAQ on Fix WordPress Permissions

What permissions should WordPress files have?

WordPress files should have chmod 644, allowing the owner to read and write while others can only read. This applies to PHP files, CSS, JavaScript, and images. The wp-config.php file needs stricter 600 or 640 permissions for security.

What permissions should WordPress folders have?

WordPress directories require chmod 755 permissions. This lets the owner read, write, and execute while group and others can read and execute. The wp-content, wp-admin, and wp-includes folders all need 755 to function properly.

How do I fix WordPress permission errors?

Connect via SSH and run find /path/to/wordpress/ -type d -exec chmod 755 {} ; for directories, then find /path/to/wordpress/ -type f -exec chmod 644 {} ; for files. Use FileZilla or cPanel if you lack terminal access.

Why does WordPress say “unable to create directory”?

The web server user (www-data on Apache) lacks write access to wp-content. Fix this with chown -R www-data:www-data wp-content to transfer ownership, then set directory permissions to 755.

Is chmod 777 safe for WordPress?

No. Setting 777 gives everyone full read, write, and execute access. This creates serious security vulnerabilities. Hackers can inject malicious code into your files. Always use 755 for directories and 644 for files instead.

How do I change WordPress permissions without SSH?

Use an FTP client like FileZilla or your hosting control panel. Right-click files or folders, select “File Permissions” or “Change Permissions,” enter the numeric value (644 or 755), and apply. Check “Recurse into subdirectories” for bulk changes.

What user should own WordPress files?

Your server user should own WordPress files, with the web server group (www-data, apache, or nginx) having group access. Run chown -R youruser:www-data /path/to/wordpress to set correct file ownership on Linux servers.

Why can’t I upload images after changing permissions?

The uploads folder needs write access for the web server. Set wp-content/uploads to 755 and run chgrp -R www-data wp-content/uploads. Some shared hosting environments require 775 permissions for uploads to work.

How do I check current WordPress file permissions?

Run ls -la in your WordPress directory via SSH. Directories show as drwxr-xr-x (755) and files as -rw-r–r– (644). In FileZilla, the rightmost column displays permission values. cPanel File Manager shows permissions when you right-click.

Do WordPress permissions reset after updates?

WordPress updates typically preserve existing permissions. However, some hosting environments or server configurations may reset ownership during automatic updates. Check permissions after major updates if you experience upload failures or plugin installation problems.

Conclusion

Knowing how to fix WordPress permissions eliminates upload failures, plugin errors, and update problems. The solution comes down to two numbers: 755 for directories and 644 for files.

File ownership matters just as much as chmod values. Make sure your web server user has proper access to wp-content.

Run a quick permissions audit after major WordPress updates or server migrations. Problems often surface when hosting environments change.

Use SSH for speed, FileZilla for visual control, or cPanel for convenience. Each method achieves the same result.

Correct Linux permissions protect your site from unauthorized access while keeping WordPress functional. When in doubt, reset everything to defaults and test uploads, plugin installs, and automatic updates.

Your WordPress site runs smoother with proper file access rights configured from the start.