How to Fix WordPress Permissions

wordpress-logo

If you’ve installed WordPress yourself multiple times you’ve probably run into permissions problems. They manifest in many ways:

  • HTML Error when trying to upload images

  • Cannot upload image at all

  • The site won’t load

  • Etc, etc.

There are many articles on this but they’re usually just forum posts where someone complained, followed by a code snippet or command. Let’s try to lay it out in one place.

Explanation

Permissions problems in WordPress (and in general) arise when the person trying to access something are not able to because the resource does not allow them to do it.

Duh.

But the two things we’re talking about in this case are important. They are:

  1. The file system that your WordPress content is stored in

  2. The user of your web server (the process)

The process of the web server is what’s trying to read and write and such, and the WordPress content is what it’s trying to change.

Those have to match.

Fixes

So here are a few things to check to get things working:

First you need to know who your web server is running as. You can get this by running

# This depends on what server you’re running

ps aux | grep nginx

[ NOTE: It might be apache2 or whatever based on what you’re running. ]

You’ll see a process owner for the output, that indicates who it’s running under. It should be someone like www-data, or nobody, or nginx.

Next, find your web directory, i.e. where you’re serving web content from. It should be something like /usr/share/nginx/html if you’re running nginx, or possibly /var/www/. There are lots of places it could be. Check your server config file to see where the root is

Now you need to do two things to these files. You have to:

  1. change the owner

  2. change the permissions

To change the owner, you run

# Change owner to www-data:www-data

Unsupervised Learning — Security, Tech, and AI in 10 minutes…

Get a weekly breakdown of what's happening in security and tech—and why it matters.

chown -R /usr/share/nginx/html/ www-data:www-data

The colon piece assigns both the user and group permissions to www-data.

Now that they’re owned by the right person, you need to secure them. This is done by running chmod.

# Change permissions on directories

find /usr/share/nginx/html -type d -print0 | xargs -0 chmod 755

# Change permissions on files

find /usr/share/nginx/html -type f -print0 | xargs -0 chmod 644

This is a decently secure configuration for directories and files within your web root.

Testing

Ok, you now have:

  1. Your files set to the right owner (the process running your web server)

  2. Your directories set to the right permissions

  3. Your files set to the right permissions

Now restart your web server and you should be able to use WordPress normally.

Notes

  1. Never run your web server as root. I’m not saying you were going to. But just in case. Don’t.

  2. I’ve also seen in some installations where the PHP process needs to be set to the same user as well (if it’s not already). You might try that if it doesn’t work.

Related posts: