Wordpress www-data access permissions

Question

I read about this a lot of articles, but still cannot find a proper solution.

I'm maintaining a VPS on DigitalOcean, here I have few sites on wordpress. The problem is that I don't know how to configure correctly the wwww-data group.

I created an user, let's name it admin, and all installation are under this user. When I'm accessing wordpress admin panel I'm not able to upload media, or plugins. This is because the folders permissions are 755, and the www-data doesn't have rights to write them.

Few weeks ago I had playing with the permissions, we got hacked, there was directly modified theme wordpress wiles with malicious scripts.

Can someone tell me how to configure correctly the www-data permissions, in order to be secure and in same time to be able to work properly with wordpress: add/remove media, manage themes and plugins?

I'm using Ubuntu 14, Nginx, Php 5.5

Thank you.

score 0 · Answer 1 · edited May 23 '17 at 12:31

0

I had the same issue on Amazon AWS EC2. You can see this question - Correct file permissions for WordPress

chown www-data:www-data -R *
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;

But you should consider your security! Server permissions to all folders in Wordpress folder is dangerous. There should be more precise permission settings.

edited May 23 '17 at 12:31

Community

1
1

answered Apr 10 '16 at 12:54

franchb

1,174
4
19
42

What might the more precise permission settings be? – Dylan Kinnett Mar 08 '19 at 18:30

Wordpress www-data access permissions

1 Answers1