Support » Fixing WordPress » Security: Who should own the wordpress files

  • Resolved Tarindel

    (@tarindel)


    Hello all, got a quick question around security and WordPress plugin self-updating.

    I’m running WordPress on a VPS, and all my WordPress files are owned by root by default. Due to the way my VPS is configured, I can not FTP into the root account (nor would I want to), and my host doesn’t support FTPS. I can FTP using a standard user account. However, when I try to update a plugin using a standard user account, it fails because the upgrade directory and wp-content directory are owned by root, and my standard user account isn’t allowed to write/overwrite the files.

    Would I be putting my WordPress installation at security risk by chowning wp-content to a standard user account and leaving it that way? What do other people in similar situations typically do?

    Any advice appreciated. Thanks in advance!

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security: Who should own the wordpress files’ is closed to new replies.