Support » Fixing WordPress » What are the lowest rights files can have

  • What is the least permissions I can give files and folders

    I am getting riddled with malware all the time, I literally am cleaning out my install every 2 days. I have followed all the hardening wordpress guides etc. Deleted everything, put in clean files, wordpress to 755 and files to 644 and still nothing is doing.

    Lately there seems to be a ridiculous amount of Javascript attacks, the files I am replacing are constantly for JS files, so obviously attackers have found an easy way in to JS files. What is the least permission I can give to files to stop them getting attacked.

    Lately it’s been the JS folder in my theme and the JS folders in two of my plugins that seem to be very vulnerable.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The lowest that will work for files is 644, which gives the owner read and write, and read-only for group and public. For directories you need 755 which adds execute. You need to provide more access if you want to allow WordPress itself to write files and create files in directories. This is particularly important in the wp-content directory since installing plugins and themes write there, and media is uploaded there, 664 should be sufficient for files and 775 for directories within wp-content. If you set access 644 WordPress updates will ask for your FTP credentials since they will be denied access.

    If you still get hacked with permission 644, either your FTP password is compromised or there is a problem with your hosting.


    OK interesting because ALL files are 644 and all folders ate 755 and I don’t get asked for FTP credentials……..

    I will try changing the FTP pass again but it’s already ridiculous long, been changed 10 times in the last 6 months and I’m a bit lost how it could be the way in 🙁

    Damn annoying Malwares

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘What are the lowest rights files can have’ is closed to new replies.