• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » WordPress chown, chgrp, chmod Explained for FTP and SSH

By Abhishek Ghosh April 21, 2014 10:05 pm Updated on April 21, 2014

WordPress chown, chgrp, chmod Explained for FTP and SSH

Advertisement

Most users fumble with understanding WordPress chown, chgrp, chmod. We have explained the terms for FTP and SSH in very easy language. Actually we have talked about CHMOD and CHOWN for WordPress before, but this is an illustrated guide with explanation of the terminologies, how to use and set proper permissions and file ownership. In this context of explaining WordPress chown, chgrp, chmod, we must emphasize that; we are taking that the user has full SSH and FTP access to the server – simply, it is not a shared hosting but either a dedicated server, virtual private server or a cloud server.

 

WordPress chown, chgrp, chmod Explained for FTP and SSH : Tools of Trade

 

Tools for SSH :

Actually you can have three kind of Operating System on your Computer, for Windows users; there is no Terminal App, so you need to download and install PuTTY. For Linux, there is Terminal App and for Mac / OS X; either use the default Terminal App or use iTerm2. We use iTerm2 and the setup described on the linked article.

Advertisement

---

Tools for FTP :

For Linux users : FileZilla ( free software )
For OS X / Mac users : FileZilla ( free software ), Transmit ( Paid ), Ported version of WinSCP ( Not Recommended for root users for security reasons )
For Windows users : WinSCP ( free software ), FileZilla ( free software )

 

Never save password specially on Windows OS. We do not recommend to either SSH or FTP to server from MS Windows. Windows OS is prone to virus, malware etc. ; it is safer to use any GNU Linux or BSD variants or OS X / Mac.

 

WordPress chown, chgrp, chmod Explained for FTP and SSH

 

If you are using deb Linux, like Debian or Ubuntu and Apache2 as Webserver software; www-data is Apache2, root is usually the per on who installed the Linux / build on Cloud platform (so actually it will feel to be you, but it is the Linux Kernel). To get the name of Apache username, you can run this command on SSH :

Vim
1
2
3
ps -ef | grep apache
# or
ps -ef | grep apache2

As Wheel Group is disabled in Linux, root feels to be the main user. Actually there should be an user – who will login to FTP. MySQL Database username is less understood by the most – in most cases, specially for wp-inclues folder, MySQL Database access the files. To avoid issues, most consumer grade Linux distro are compiled with usernames localhost, 127.0.0.1, www-data in proper groups. MySQL Database username never creates the issue as most uses the database as localhostor 127.0.0.1. MySQL Database also has a root user!

As example username is commonly used as wordpress, it basically create a confusion. On cPanel or Plesk, the ownership is usually properly set in a scripted manner. We are taking that your wp-config.php file is located at :

Vim
1
/home/www/html

Which is default in Ubuntu 14.04 in one server one domain setup.

chown changes file owner and group.
chgrp changes group ownership. chmod changes the permissions of a file or directory.

To check the ownership of a file or directory use:

Vim
1
ls -l

chmod is the worst way to allow WordPress to write files. Unfortunately for shared servers, FTP is usually the only way and it forces to change the default chmod value.

Vim
1
2
3
r Permission to read the file.
w Permission to write (or modify or delete) the file.
x Permission to execute the file.

On FTP (FileZilla, you will see) :

Vim
1
2
3
wp-comments-post.php  -rw-r--r--  0644  root  root    
wp-config.php  -rw-rw----  0660  root  www-data
wp-content  drwxrwxr-x  0775  root  www-data

Who owns the file? If root owns it, it can do anything; but if www-data owns; it will be less liberal (hence safer). WordPress doesn’t really need full ownership of everything – this is for preventing hacking attempts and actions by malwares. Who owns the file is ownership. What that owner can do is dictated by chmod.
The usual permission for WordPress chmod is :

Vim
1
2
755 for directories
644 for files

It is very liberal as it is not possible to individualize the ownership for all kind of setup, the changed permissive wheel group chain in Linux makes the thing more complicated.
These are excellent docs :

WordPress chown, chgrp, chmod Explained for FTP and SSH

Vim
1
2
http://codex.wordpress.org/Hardening_WordPress#File_permissions
http://codex.wordpress.org/Changing_File_Permissions

chmod is inferior way to make a file writable over setting proper ownership.

 

Why My WordPress needs to chmod files to 777 to write?

 

Your combination of ownership, group of the owner and permissions are too restrictive to MySQL database or even to Apache web server. Apache’s father will fail to open a file on browser if ownership is set to no one! Obviously no one is not Apache’s another username in that case. Then, world becomes even the MySQL database. You can set your wp-config.php file’s chmod value to very very restrictive value or change the ownership to no one – it will frankly throw Error Connecting Database – localhost becoming the world.

You will never ever set any file or directory to chmod 777. If a directory is set to chmod 777, world means that anybody including the user www-data, will be able execute php scripts inside it. Which is actually never possible for anyone outside your server for hacking purpose with proper directory permission settings (disabling directory browsing), proper firewall setup, using a good FTP/SFTP server side software for protection (no chance of creation of anonymous FTP account). We say setting chmod 777 is very dangerous as it is taken that, the user who is asking about basic chmod, definitely has no idea about Linux Administration. With key chain based SSH access restriction, it is never possible to access any directory without the access key. Another point against chmod 777 is that, setting chmod 777 helps the hackers to run exploit using any buggy software’s weak point which is installed on the server including PHP.

It is possible to do a MySQL injection via comment form, contact us form even if chmod is set to 755 when you are using a plugin like W3 Total Cache or WP Super Cache (that is why advise to offload comments to another server). For temporary dev purpose or troubleshooting, you can chmod to 777 and then decrease the permission to 755 or to less permissive – but always close the comments (if default WordPress is used) temporarily in such situations.

Many takes backup via plugins – in most cases the wp-content’s some sub directory is set to 755 or 777. Anyone can download your backup and get the passwords. It is not wise action to allow search engine bots to crawl the whole wp-content folder in such cases – the files can get indexed. Actually it is possible to find weak point of any website, but usually unless you are FBI or NASDAQ, no one will ever invest so much time to hack you.

Tagged With allow apache to modify the wordpress installation to do this use chown and chgrp centos7 , chmod www-data chown wheel , chown permissions and ownership SSH , ftp group settings , ftp site chgrp , wordpress chgrp

This Article Has Been Shared 803 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to WordPress chown, chgrp, chmod Explained for FTP and SSH

  • YouTube One Channel Design Guide With Free PSD

    YouTube One Channel Design requires a redesigning of your YouTube Channel for better branding. Here are links to official specs plus free PSD with guide to use.

  • HTML5 : Vocabulary and Interfaces

    HTML5 can be difficult to understand at high end usage. Basic usage of HTML5 is otherwise easy. Here is a list of Vocabulary and Interfaces for HTML5.

  • Planning and Using Responsive AdSense Ad Unit

    Planning and Using Responsive AdSense Ad Unit is crucial step because we are going to target the same place with three or more AdSense Ad Unit. Here is how.

  • Object Meta Tags for Facebook Open Graph Protocol

    Object Meta Tags for Facebook Open Graph Protocol are represented by HTML markup on a particular webpage which uniquely defines each object. Here are standards. There are three parts – Creating Objects, Reading Objects and Updating Objects. We can implement Open Graph Object Meta Tags with widely known Pointers.   Object Meta Tags for Facebook […]

  • AdSense Asynchronous Ads with Responsive Design

    AdSense Asynchronous Ads with Responsive design is a quite difficult to manage or implement. Here are some ideas which might help you for HTML5 website.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is Configuration Management February 5, 2023
  • What is ChatGPT? February 3, 2023
  • Zebronics Pixaplay 16 : Entry Level Movie Projector Review February 2, 2023
  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023

About This Article

Cite this article as: Abhishek Ghosh, "WordPress chown, chgrp, chmod Explained for FTP and SSH," in The Customize Windows, April 21, 2014, February 6, 2023, https://thecustomizewindows.com/2014/04/wordpress-chown-chgrp-chmod-explained-ftp-ssh/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT