Wordpress permissions script

In the same vein as my Drupal permissions setup script, here's a script that should set up a Wordpress install with file permissions that are secure, except Wordpress will allow editing of the files through the admin backend. Permissions are locked down in the same way as with Drupal, except wp-content is set up like Drupal's files directory with write permissions for the webserver. Then one final quirk is that Wordpress requires wp-admin scripts to be owned by www-data for the plugin updating, etc to work, so the last few lines change the owner but leave write permissions locked down on that directory.

If you want to upgrade Wordpress core, I suggest running

chown -R www-data:www-data /home/username/public_html

Once that's done, do the upgrade through the web interface and then run the script below again to fix permissions. If you'd like to be more secure than that you could do a manual download + upgrade via the command line.


Here is the script:


#assumes your site is installed at /home/username/public_html 


if [ "$1" != "--really" ]; then
  cat $0
  exit 0

cd /home/$USERNAME/
find $INSTALL_DIR  -type d -exec chmod u=rwx,g=rx,o= '{}' \;
find $INSTALL_DIR -type f -exec chmod u=rw,g=r,o= '{}' \;

#this code handles multisite install files directories
chmod ug=rwx,o= $INSTALL_DIR/wp-content
find $INSTALL_DIR/wp-content -type d -exec chmod ug=rwx,o= '{}' \;
find $INSTALL_DIR/wp-content -type f -exec chmod ug=rw,o= '{}' \;

#for some reason Wordpress wants wp-admin to be owned by www-data
#for automatic updates, etc to work
chmod u=rx,g=rwx,o= $INSTALL_DIR/wp-admin
find $INSTALL_DIR/wp-admin -type d -exec chmod u=rx,g=rwx,o= '{}' \; 
find $INSTALL_DIR/wp-admin -type f -exec chmod u=r,g=rw,o= '{}' \;

Add new comment