What is the “user account” for WordPress’ file permissions?

»your user account« describes the system user of the remote host. Depending on the environment of your hosting provider, this is typically the same as the basic FTP account. In fact, it’s a user on an operating system. So yes, you should be able to change it via FTP.

As there are typically many users working on one remote host, it’s important to set the file permissions correctly. Rule of thumb: no one than you (your account) should have write permissions to any file or directory. Read-permissions should be granted to everyone, except for files with sensitive data (e.g. log files, database dumbs, all these could go with 600).

Why should everyone able to read files?

Assuming your provider configured apache as web server, the apache process runs under a separate system user (typically www-data). That means, to serve your content (attachments) to the world, the user www-data needs reading-permissions on these files. As your account and www-data normally doesn’t share your default group, this means reading permissions to everyone (xx6, xx4).

And PHP files?

This depends on the PHP setup of your provider. If they configured PHP running in fast-CGI mode, the PHP interpreter runs normally with the privileges of your account. That means in theory, you could remove read-permissions of every php-file to anyone than you (600). But except for wp-config.php this doesn’t really has any »hardening« benefit.

What is about wp-config/uploads?

If PHP runs in fCGI mode, default directory permissions (755) should totally be fine. If PHP runs as apache-module, it depends on the user/group management of your provider whether you need 775 or (in worst case) 777 for wp-content/uploads. If in doubt you should contact your provider and ask for the correct permissions.

Some words about these permissions:

File system permissions are handled with three classes: user, group and others and three independent permissions: execute, write and read.

Each file (or directory) is assigned to one user and one group. Here’s an example:

$ ls -la wp-config.php
-rw-rw-r-- 1 david worker 1845 Jan 18 19:01 wp-config.php

This file wp-config.php belongs to the user david and the group worker. The symbolic notation of the files permission are read as:

  • user: rw (read & write) → 6
  • group: rw (read & write) → 6
  • others: r (read) → 4

In numeric notation that combines to 664. That means, user david is allowed to read and write the file, as he is the »owner« of the file. Any user which is in the group worker is also allowed to write to the file, as this is the group of the file. Anyone else (any user which is not david or in the group worker) is allowed to only read the file.

Some reference about file permissions: https://en.wikipedia.org/wiki/File_system_permissions

Related Posts:

  1. MySQL error 1449: The user specified as a definer does not exist
  2. Destination directory for file streaming does not exist or is not writable
  3. WP in Docker – cannot install plugin or upgrade WP
  4. when FS_METHOD = ‘direct’ is chosen?
  5. Create custom permissions for user type
  6. WordPress REST API – Permission Callbacks
  7. Can’t upload images due to permissions error
  8. add_menu_page permissions – what am I doing wrong?
  9. Recommended File Permissions
  10. Network Admin “You do not have sufficient permissions to access this page.”
  11. What’s the difference between the permissions “edit_published_posts” and “edit_posts”
  12. Wrong permissions when uploading a file through WordPress | IIS
  13. ftp_nlist() and ftp_pwd() warnings
  14. WordPress in IIS 7.5 – “cannot create directory”
  15. What permissions should i have set up for the Database User after i have WordPress set up?
  16. Why is group ownership with rwx permissions not enough?
  17. Editing WordPress Permissions in LAMP – Ubuntu 11.10
  18. How can I limit WordPress editor roles to a specific category?
  19. can i run wp as root permissions
  20. Prevent or Disable creating new users or changing roles of existing users to Administrator
  21. Safe to set permissions to 757 temporarily to update via wp-cli?
  22. Does WordPress have fine-grained view permissions?
  23. WordPress file permissions for editing on local Ubuntu development machine
  24. Troubleshoot “You do not have sufficient permissions to access this page.”
  25. plugin install wants ftp (chown and 755 not enough)
  26. can’t change footer
  27. permissions access error
  28. Permissions Issue with WordPress
  29. What user/group does WordPress belong to in terms of file permissions?
  30. Enable plugin installs without FTP with user from same group as Nginx/PHP-fpm
  31. Iframe a WordPress template
  32. How to configure apache to create files with correct group owner [closed]
  33. Moved my WordPress site and now it can’t read the theme
  34. WordPress folder ownership issues
  35. Applying roles to an admin sub-menu (eg Appearance -> Menus)
  36. WordPress unable to create folders even though correct NTFS-rights are set
  37. WordPress php mysql errors – errcode: 13 permission denied
  38. Safari not “giving Permission to Open This Page” when trying to load pdf from wordpress site [closed]
  39. Invalid changeset UUID WordPress
  40. Group ownership permissions don’t allow web server to update WordPress content
  41. Should Apache own /var/www/domain.com directory in WordPress?
  42. WordPress Permissions on my Local with Docker
  43. Grant user rights to access certain tabs of a plugin
  44. Permissions in a Local Dev Environment (OS X)
  45. Running WordPress as FTP user?
  46. How to to secure WordPress file and folder permissions
  47. Upgrading problem
  48. Return scheduled posts with WP REST API
  49. wp-content Folder Permissions (777 OK?)
  50. Permission of 775 not enough
  51. How to prevent plugins from being uninstalled
  52. Implement Javascript Code in the footer if user is logged in
  53. Reseting file permissions
  54. Auto-update failing with “hardened” permissions
  55. Restrict access to trash, only admin
  56. How to hide wordpress error message?
  57. What is this error message?
  58. Which wordpress should be obligatory writeable?
  59. “Backdoor-list.txt” files unexpectedly in server
  60. How to grant user access the page [closed]
  61. WordPress 4.4.2 Update not working
  62. Auto-Upgrade to 4.2.2 fails because theme functions.php is included instead of wp-includes/functions.php
  63. How to prevent people from seeing certain articles in menus?
  64. Configure Permissions in Mamp [closed]
  65. Edit draft from other author
  66. How to add only a (sub) capacity to an user role?
  67. Auto-Update Fails
  68. How to disable admin/editor access to specific user’s posts
  69. How to make file not open to public but javascript file under WordPress folder can load it
  70. Opening a file of the theme from outside
  71. Allow Editor access to a certain plugin
  72. Visitors “do not have permission to view this content” on home page only
  73. Permissions Script Not Working
  74. WordPress does not have the permission to update (IspConfig)
  75. Blank White page issue in WordPress
  76. Permissions working but not working
  77. Mamp Pro File Permissions
  78. CentOS 7 cPanel – Setting Correct Permissions
  79. MAMP File Permissions
  80. Create a custom “you dont have permission” message
  81. Why do some of my directories need to be writeable that shouldn’t be?
  82. How to put WordPress website behind the credential for visitors?
  83. Downloaded WP but Nginx home page still showing
  84. Public and Private keys incorrect for user
  85. Why can I upload files but need FTP login for plugins
  86. sufficient permissions to access this page
  87. Uploaded files have permission 000
  88. Moved WordPress Directory – Having access issues now
  89. Restrict access to specific content
  90. WordPress – Public side and Private side
  91. the_tags only showing when logged in?
  92. Configuring WordPress permissions for easy updates
  93. Plugins Page – “Page disabled by the administrator”
  94. How to give access to programmer/developer to make changes, but prevent undesirable changes? [closed]
  95. WordPress files owner changed silently
  96. How do I share a Git repository with multiple users on a machine?
  97. Amazon Cloudfront with S3. Access Denied
  98. GRANT SELECT to all tables in postgresql
  99. Postgresql: what does GRANT ALL PRIVILEGES ON DATABASE do?
  100. WP Permission still set to Not Writable after I change the permission for the whole folder and files