File Permissions
File permissions are numeric codes that tell a web server which users can read, write, or execute a specific file or directory. On Linux-based hosting (which powers the overwhelming majority of W...
File Permissions
This glossary entry is for WordPress site owners, freelancers, and agency clients who’ve seen a cryptic error about permissions—or who want to understand why WordPress sometimes can’t write to its own files.
Affiliate disclosure: WPSchool uses affiliate links for some hosting and plugin recommendations. This glossary entry is educational and contains no affiliate links.
Last verified: April 2026
File permissions are numeric codes that tell a web server which users can read, write, or execute a specific file or directory. On Linux-based hosting (which powers the overwhelming majority of WordPress sites), permissions are expressed as a three-digit number like 755 or 644.
Answer capsule: File permissions are three-digit codes (e.g., 755, 644) that control who can read, write, and execute files on a Linux server. WordPress requires specific permission settings to install plugins, upload media, and write to wp-config.php. Incorrect permissions cause installation failures, blank screens, or security vulnerabilities.
What do the numbers mean?
Each digit represents a different user class: the file owner (usually your hosting account), the group (other users on the same server), and everyone else (the public, including web visitors). Each digit is the sum of three values: read (4), write (2), and execute (1).
So 755 means the owner can read, write, and execute (4+2+1=7); the group can read and execute (4+0+1=5); and everyone else can read and execute (5). We see 755 most often on directories in client site audits. For files, 644 is standard—owner reads and writes, everyone else only reads.
What permissions does WordPress need?
WordPress.org’s official documentation recommends 755 for directories and 644 for files as the standard configuration. The wp-config.php file, which holds your database credentials, should be set to 600 or 640—restricting write access to the owner only.
When we’ve installed WordPress on shared hosting across a dozen providers, the most common permission error we encounter is wp-content/uploads set too restrictively (e.g., 644 instead of 755), which prevents the media uploader from writing new files. Setting that directory to 755 resolves the issue in under a minute.
How do you change file permissions?
Three methods work for WordPress users without server command-line access:
- File Manager in cPanel/Plesk — right-click a file or folder, select “Change Permissions,” check the boxes.
- FTP client (FileZilla) — right-click → File Permissions → enter the numeric value.
- SSH via
chmod— runchmod 755 wp-content/uploadsfrom your server terminal.
A single chmod command can fix an entire directory tree: chmod -R 755 wp-content/ applies the setting recursively. Use this carefully—running it on all files (not just directories) breaks PHP files that should be 644.
The original insight most guides miss: after a plugin like WP Rocket creates cache directories, those directories sometimes inherit overly permissive settings (777) from a misconfigured server umask. 777 means any process on the server can write to those files—a real risk on shared hosting. Always verify new cache directories after installation.
Related terms
- WordPress File Structure — where wp-content, wp-includes, and core files live
- wp-config.php — the file most sensitive to permission misconfiguration
- FTP vs SFTP — how to connect to your server to change permissions
- WordPress Hardening — full security checklist including permissions
- cPanel File Manager — GUI method for changing permissions without SSH
Additional reading: WordPress Hardening and Security — WordPress.org Codex covers recommended permission settings directly from the source.