WordPress Permissions: Secure your WordPress Files and Directories

Wordpress LogoRe: How to secure WordPress, WordPress Directory and file permissions

WordPress can be a secure blog however an altering from the recommended file permission settings can leave your site open to getting hacked. It will happen, you will get hacked if you have directories set to 777.

To change file and directory permissions you can use any FTP application or even the Plesk File Manager.

By default all WordPress folders should have a chmod of 755 to help with accessing and executing the sub folder files. Most of the time, the installers mark all folders 755 which is the right setting but it is worth checking.

WordPress Files

All files starting with ‘wp-‘ (apart from the exceptions below) should be set to 644.

WordPress Directories

All directories starting with ‘wp-‘ (apart from the exceptions below) should be set to 755.

wp-config.php

The wp-config.php file is very important, the best setting for this file is 640.

.htaccess

The .htaccess file should be set to 644 as 640 would be too restrictive.

robots.txt

This file is important and should be set to 755 in order to allow search engines full access.

Hardening /wp-includes scripts

For additional protection, prevent scripts from running where they should not be for any user by adding the following entry to your WordPress .htaccess file:

# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

Update your Plugins

The majority of vulnerabilities are a result of insecure and outdated plugins. It is absolutely essential that you ensure you are running the latest versions of all plugins. Many plugin updates are released to close known vulnerabilities.

Further securing your WordPress blog

You can further secure your WordPress blog by reading 7 easy ways to secure WordPress

Was this helpful?
WordPress Permissions: Secure your WordPress Files and Directories written by UKC average rating 5/5 - 2 user ratings