- Unsupervised Learning
- How to Fix WordPress Permissions
How to Fix WordPress Permissions
If you’ve installed WordPress yourself multiple times you’ve probably run into permissions problems. They manifest in many ways:
HTML Error when trying to upload images
Cannot upload image at all
The site won’t load
There are many articles on this but they’re usually just forum posts where someone complained, followed by a code snippet or command. Let’s try to lay it out in one place.
Permissions problems in WordPress (and in general) arise when the person trying to access something are not able to because the resource does not allow them to do it.
But the two things we’re talking about in this case are important. They are:
The file system that your WordPress content is stored in
The user of your web server (the process)
The process of the web server is what’s trying to read and write and such, and the WordPress content is what it’s trying to change.
Those have to match.
So here are a few things to check to get things working:
First you need to know who your web server is running as. You can get this by running
# This depends on what server you’re running
ps aux | grep nginx
[ NOTE: It might be apache2 or whatever based on what you’re running. ]
You’ll see a process owner for the output, that indicates who it’s running under. It should be someone like www-data, or nobody, or nginx.
Next, find your web directory, i.e. where you’re serving web content from. It should be something like /usr/share/nginx/html if you’re running nginx, or possibly /var/www/. There are lots of places it could be. Check your server config file to see where the root is
Now you need to do two things to these files. You have to:
change the owner
change the permissions
To change the owner, you run
# Change owner to www-data:www-data
Unsupervised Learning — Security, Tech, and AI in 10 minutes…
Get a weekly breakdown of what's happening in security and tech—and why it matters.
chown -R /usr/share/nginx/html/ www-data:www-data
The colon piece assigns both the user and group permissions to www-data.
Now that they’re owned by the right person, you need to secure them. This is done by running chmod.
# Change permissions on directories
find /usr/share/nginx/html -type d -print0 | xargs -0 chmod 755
# Change permissions on files
find /usr/share/nginx/html -type f -print0 | xargs -0 chmod 644
This is a decently secure configuration for directories and files within your web root.
Ok, you now have:
Your files set to the right owner (the process running your web server)
Your directories set to the right permissions
Your files set to the right permissions
Now restart your web server and you should be able to use WordPress normally.
Never run your web server as root. I’m not saying you were going to. But just in case. Don’t.
I’ve also seen in some installations where the PHP process needs to be set to the same user as well (if it’s not already). You might try that if it doesn’t work.