Forums

WordPress › Support » How-To and Troubleshooting

[resolved] Security: Who should own the wordpress files (4 posts)

  1. Tarindel
    Member
    Posted 6 months ago #

    Hello all, got a quick question around security and WordPress plugin self-updating.

    I'm running WordPress on a VPS, and all my WordPress files are owned by root by default. Due to the way my VPS is configured, I can not FTP into the root account (nor would I want to), and my host doesn't support FTPS. I can FTP using a standard user account. However, when I try to update a plugin using a standard user account, it fails because the upgrade directory and wp-content directory are owned by root, and my standard user account isn't allowed to write/overwrite the files.

    Would I be putting my WordPress installation at security risk by chowning wp-content to a standard user account and leaving it that way? What do other people in similar situations typically do?

    Any advice appreciated. Thanks in advance!

  2. ClaytonJames
    Member
    Posted 6 months ago #

    Your WordPress files and directories need to be owned and writable by your user account, rather than root.

    [edit] some resources: Permission Scheme for WordPress

  3. Tarindel
    Member
    Posted 6 months ago #

    Thanks Clayton, that's exactly what I needed to know (but couldn't find). Much appreciated!

  4. ClaytonJames
    Member
    Posted 6 months ago #

    You're welcome!

Reply

You must log in to post.

About this Topic

Tags