Install Scripts > WordPress using different file permissions

OS: Ubuntu Linux 20.04.2, Webmin: 1.973, Virtualmin: 6.16, Usermin: 1.823, Authentic Theme: 19.73

According to WordPress:

All directories should be 755 or 750.
All files should be 644 or 640.
Exception: wp-config.php should be 440 or 400 to prevent other users on the server from reading it.

Is there any particular reason why the install script for WordPress set up the permissions for most of the WordPress core files (not folders) as 750/755 instead of 644/640?

wp-config.php is also 644 on every installation I’ve ever done.

I’d like to see a screen shot of your files. I’ve never heard of this happening. Even if it did, it has nothing to do with Virtualmin as the installer is run entirely by Wordpress.

1 Like


Basic rule of thumb with regards to general server security.

“Give the least amount of permissions possible to a file or directory”.

As on most systems today PHP is executed via PHP-FPM or similar, you can generally give files and folders less permission as these execution modes execute PHP as the owner of the site, hence giving execution and write permissions as needed while the public still requires a degree of read permission so the pages can be rendered.

Set permissions carefully otherwise you’ll give malicious software and users too much access.

Best Regards,
Peter Knowles | TPN Solutions

1 Like

the problem is number or another number…it all depends from your system, this or that is bad advice, leave it to virtualmin and linux, use domain user and upload files as that user via ssh or sftp, no ftp or ftps…it will works. we are in 2021 no ftp should be used unless you’re sharing files to download.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.