In a nutshell:
- WordPress file permissions are invisible—until they cause errors: plugins won’t install, updates fail, and media uploads are blocked.
- We’ll show you the correct settings for wp-config, directories, and files — secure, restrictive, and functional.
Problems with WordPress file permissions can be frustrating—especially with hosting providers like 1&1 or DomainFactory. In this guide, we’ll show you how to resolve permission issues and securely configure your WordPress installation. Let’s get started!
WordPress & File Permissions – A Troublesome Topic
Whether you’re just getting started or are already an experienced webmaster—problems with file permissions in a WordPress installation can crop up time and again. This problem occurs with striking frequency, especially with some web hosts like 1&1, DomainFactory, or so-called “backyard IT sub-providers.”
The Case: Missing Permissions
We currently have a case that confirms our claim. After waiting days for access to a database, we were finally able to upload the WordPress installation via FTP. But it quickly became clear that the file permissions were completely missing. This meant we first had to set all relevant permissions manually—a time-consuming and frustrating process.
A shout-out to All-Inkl.com
We’d like to take a moment to express our appreciation: A huge thank you to ALL-INKL.COM – Neue Medien Münnich for their outstanding support. Available 24 hours a day, always helpful and knowledgeable—it doesn’t get any better than this!
The Why and How of File Permissions
Many hosting providers offer a one-click installation for WordPress. Although this is convenient, we often prefer to upload our entire staging environment to the new server via backup. In our experience, this causes fewer issues.
But in our current case, no permissions had been set. So we had to work our way through the WordPress documentation to figure out which directories require which permissions. That sounds simpler than it is. An incorrectly configured upload directory can quickly lead to security vulnerabilities that Trojans or hackers can exploit.
Setting Permissions Correctly – Here’s How:
Here are the most important permissions you should set in your WordPress installation:
- WP-Admin: Recursively set to 755 (including all subdirectories)
- Index.php and .htaccess: 644 (read-only, not executable)
- WP-Includes: Recursively set to 755 (including all subdirectories)
- WP-Content: Recursively set to 755 (including all subdirectories)
If you use a backup plugin, these plugins often require read and write permissions for certain directories. These may be located in the root directory or in the WP-Content directory. In such cases, the folder must be set to 777 so that the backup can be created and saved.
Conclusion
Setting file permissions correctly in WordPress is essential and can quickly become a nuisance if not done carefully from the start. A well-configured system will save you a lot of trouble in the long run and make administrative tasks much easier.
With that in mind, have fun running your WordPress site securely. Go for it, and see you next time!