Wordpress permissions script

In the same vein as my Drupal permissions setup script, here's a script that should set up a Wordpress install with file permissions that are secure, except Wordpress will allow editing of the files through the admin backend. Permissions are locked down in the same way as with Drupal, except wp-content is set up like Drupal's files directory with write permissions for the webserver. Then one final quirk is that Wordpress requires wp-admin scripts to be owned by www-data for the plugin updating, etc to work, so the last few lines change the owner but leave write permissions locked down on that directory.

If you want to upgrade Wordpress core, I suggest running

chown -R www-data:www-data /home/username/public_html

Once that's done, do the upgrade through the web interface and then run the script below again to fix permissions. If you'd like to be more secure than that you could do a manual download + upgrade via the command line.

 

Here is the script:

#!/bin/bash

#assumes your site is installed at /home/username/public_html 

USERNAME=username 
WEBSERVER_USER=www-data
INSTALL_DIR=public_html

if [ "$1" != "--really" ]; then
  cat $0
  exit 0
fi

cd /home/$USERNAME/
chown -R $USERNAME:$WEBSERVER_USER $INSTALL_DIR
find $INSTALL_DIR  -type d -exec chmod u=rwx,g=rx,o= '{}' \;
find $INSTALL_DIR -type f -exec chmod u=rw,g=r,o= '{}' \;

#this code handles multisite install files directories
chown -R $WEBSERVER_USER:$USERNAME $INSTALL_DIR/wp-content
chmod ug=rwx,o= $INSTALL_DIR/wp-content
find $INSTALL_DIR/wp-content -type d -exec chmod ug=rwx,o= '{}' \;
find $INSTALL_DIR/wp-content -type f -exec chmod ug=rw,o= '{}' \;

#for some reason Wordpress wants wp-admin to be owned by www-data
#for automatic updates, etc to work
chown -R $WEBSERVER_USER:$USERNAME $INSTALL_DIR/wp-admin
chmod u=rx,g=rwx,o= $INSTALL_DIR/wp-admin
find $INSTALL_DIR/wp-admin -type d -exec chmod u=rx,g=rwx,o= '{}' \; 
find $INSTALL_DIR/wp-admin -type f -exec chmod u=r,g=rw,o= '{}' \;
Tags: 

Add new comment