{"id":5172,"date":"2026-07-04T12:20:00","date_gmt":"2026-07-04T12:20:00","guid":{"rendered":"https:\/\/www.copahost.com\/blog\/?p=5172"},"modified":"2026-07-04T12:24:28","modified_gmt":"2026-07-04T12:24:28","slug":"wordpress-file-permissions","status":"publish","type":"post","link":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/","title":{"rendered":"WordPress File Permissions Explained: The Correct chmod Values (644, 755)"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>File permissions decide who can read, write, and execute each file on your WordPress site. Set them too loose and you hand attackers a way in; set them too tight and WordPress breaks. The good news: the correct values are simple and well-established \u2014 755 for directories, 644 for files, and stricter for wp-config.php. This guide explains what the permission numbers actually mean, the exact values every WordPress file and folder should have, how to set them via cPanel, FTP, or SSH, and the ownership issue that trips up even careful admins.<\/strong><\/p>\n\n\n\n<div style=\"display:flex; gap:14px; align-items:flex-start; background:#fff4ec; border:1px solid #f6c9a8; border-left:4px solid #F26C21; border-radius:8px; padding:16px 20px; margin:24px 0; font-family:Arial, Helvetica, sans-serif;\">\n  <div style=\"font-size:22px; flex-shrink:0; margin-top:1px;\">&#x26a0;&#xfe0f;<\/div>\n  <div style=\"flex:1;\">\n    <div style=\"font-weight:700; text-transform:uppercase; letter-spacing:0.08em; color:#c0441a; margin-bottom:6px;\">Never 777 \u2014 and back up first<\/div>\n    <p style=\"color:#1A2238; line-height:1.65; margin:0;\">Never set anything to <strong>777<\/strong>. World-writable permissions are exploited in the vast majority of WordPress file-upload attacks \u2014 they let any process on the server overwrite your files. If a tutorial or plugin tells you to &#8220;just chmod 777,&#8221; don&#8217;t; there&#8217;s almost always a safer fix. And before running any recursive <code style=\"background:#fde8dc;border:1px solid #f6c9a8;border-radius:4px;padding:1px 5px;font-family:monospace;color:#8c2e10;\">chmod -R<\/code> command, <strong>back up your site<\/strong> \u2014 a recursive command applied to the wrong path or value can break the whole installation in one line.<\/p>\n  <\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_69_1 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#What_file_permissions_are_and_how_the_numbers_work\" title=\"What file permissions are (and how the numbers work)\">What file permissions are (and how the numbers work)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#How_to_check_your_current_permissions\" title=\"How to check your current permissions\">How to check your current permissions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#The_correct_WordPress_file_permissions\" title=\"The correct WordPress file permissions\">The correct WordPress file permissions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Why_you_should_never_use_777\" title=\"Why you should never use 777\">Why you should never use 777<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#How_to_set_file_permissions\" title=\"How to set file permissions\">How to set file permissions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Via_cPanel_File_Manager\" title=\"Via cPanel File Manager\">Via cPanel File Manager<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Via_FTP_FileZilla\" title=\"Via FTP (FileZilla)\">Via FTP (FileZilla)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Via_SSH_fastest_for_a_whole_site\" title=\"Via SSH (fastest for a whole site)\">Via SSH (fastest for a whole site)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Permissions_vs_ownership_the_part_everyone_misses\" title=\"Permissions vs. ownership: the part everyone misses\">Permissions vs. ownership: the part everyone misses<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#After_an_FTP_upload_re-check_your_permissions\" title=\"After an FTP upload, re-check your permissions\">After an FTP upload, re-check your permissions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Frequently_asked_questions\" title=\"Frequently asked questions\">Frequently asked questions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Related_guides\" title=\"Related guides\">Related guides<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#Conclusion\" title=\"Conclusion\">Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_file_permissions_are_and_how_the_numbers_work\"><\/span>What file permissions are (and how the numbers work)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Every file and folder on a Linux server (which is what most WordPress hosting runs on) has permissions that control three things \u2014 <strong>read<\/strong>, <strong>write<\/strong>, and <strong>execute<\/strong> \u2014 for three groups of people:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Owner<\/strong> \u2014 the user account that owns the file (usually your hosting\/FTP account).<\/li>\n\n\n\n<li><strong>Group<\/strong> \u2014 a set of users, often including the web server process.<\/li>\n\n\n\n<li><strong>Others<\/strong> \u2014 everyone else on the server.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Those permissions are written as a three-digit number like <code>755<\/code> or <code>644<\/code>. Each digit is a sum of three values: <strong>4 for read, 2 for write, 1 for execute<\/strong>. Add them up per group:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>7<\/strong> = 4+2+1 = read, write, execute<\/li>\n\n\n\n<li><strong>6<\/strong> = 4+2 = read, write<\/li>\n\n\n\n<li><strong>5<\/strong> = 4+1 = read, execute<\/li>\n\n\n\n<li><strong>4<\/strong> = read only<\/li>\n\n\n\n<li><strong>0<\/strong> = no access<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">So in <code>755<\/code>, the owner has 7 (full control), while group and others have 5 (read and execute). In <code>644<\/code>, the owner has 6 (read\/write) and everyone else has 4 (read only). The three digits are always in the order <strong>owner, group, others<\/strong>.<\/p>\n\n\n\n<div style=\"display:flex; gap:14px; align-items:flex-start; background:#eef1f8; border:1px solid #b9c2dd; border-left:4px solid #1A2238; border-radius:8px; padding:16px 20px; margin:24px 0; font-family:Arial, Helvetica, sans-serif;\">\n  <div style=\"font-size:22px; flex-shrink:0; margin-top:1px;\">&#x1f4a1;<\/div>\n  <div style=\"flex:1;\">\n    <div style=\"font-weight:700; text-transform:uppercase; letter-spacing:0.08em; color:#1A2238; margin-bottom:6px;\">Why directories need &#8220;execute&#8221;<\/div>\n    <p style=\"color:#1A2238; line-height:1.65; margin:0;\">On a directory, the execute bit doesn&#8217;t mean &#8220;run a program&#8221; \u2014 it means &#8220;allowed to enter this folder to reach the files inside.&#8221; That&#8217;s why directories are 755 (not 644): without the execute bit, nobody could open the folder. Files, on the other hand, don&#8217;t need execute \u2014 which is why PHP files are 644, not 755.<\/p>\n  <\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_check_your_current_permissions\"><\/span>How to check your current permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before changing anything, it helps to see what your files are set to now. Every tool shows permissions, just in different formats.<br><br>In your <strong>cPanel File Manager<\/strong> or <strong>FTP client<\/strong>, permissions appear in a column next to each file \u2014 usually as the three-digit number (644, 755) or as a symbolic string. Over <strong>SSH<\/strong>, the command <code>ls -l<\/code> lists every item with its permissions on the left:<\/p>\n\n\n\n<div style=\"margin:16px 0; font-family:Arial, Helvetica, sans-serif;\"><div style=\"background:#1A2238; border-radius:8px; padding:16px 20px; overflow-x:auto;\"><code style=\"display:block; color:#e6edf3; font-family:'Courier New',monospace; font-size:14px; line-height:1.7; white-space:pre;\">-rw-r--r--   wp-config.php      (= 644)\ndrwxr-xr-x   wp-content         (= 755)<\/code><\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">That string looks cryptic but maps directly to the numbers. Read it in groups of three after the first character:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <strong>first character<\/strong> is the type: <code>-<\/code> for a file, <code>d<\/code> for a directory.<\/li>\n\n\n\n<li>The next <strong>three<\/strong> are the owner&#8217;s permissions, then the <strong>group&#8217;s<\/strong>, then <strong>others&#8217;<\/strong>.<\/li>\n\n\n\n<li><code>r<\/code> = read (4), <code>w<\/code> = write (2), <code>x<\/code> = execute (1), and <code>-<\/code> means that permission is off.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">So <code>-rw-r--r--<\/code> is a file where the owner has read+write (6) and group and others have read only (4+4) \u2014 that&#8217;s <strong>644<\/strong>. And <code>drwxr-xr-x<\/code> is a directory (the <code>d<\/code>) where the owner has read+write+execute (7) and everyone else has read+execute (5+5) \u2014 that&#8217;s <strong>755<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To <strong>audit<\/strong> a whole site over SSH and find anything that deviates from the standard, use <code>find<\/code> to list the exceptions:<\/p>\n\n\n\n<div style=\"margin:16px 0; font-family:Arial, Helvetica, sans-serif;\"><div style=\"background:#1A2238; border-radius:8px; padding:16px 20px; overflow-x:auto;\"><code style=\"display:block; color:#e6edf3; font-family:'Courier New',monospace; font-size:14px; line-height:1.7; white-space:pre;\"># Find files NOT set to 644\nfind . -type f ! -perm 644\n\n# Find directories NOT set to 755\nfind . -type d ! -perm 755<\/code><\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Anything these commands list is worth reviewing \u2014 it&#8217;s a permission that strays from the recommended baseline.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_correct_WordPress_file_permissions\"><\/span>The correct WordPress file permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Here are the values WordPress.org officially recommends and that work on the vast majority of hosts:<\/p>\n\n\n\n<div style=\"margin:24px 0; overflow-x:auto; font-family:Arial, Helvetica, sans-serif;\">\n  <table style=\"width:100%; border-collapse:collapse; box-shadow:0 1px 4px rgba(0,0,0,0.12); border-radius:8px; overflow:hidden; min-width:560px;\">\n    <thead>\n      <tr style=\"background-color:#F26C21; color:#ffffff; text-align:left;\">\n        <th style=\"padding:14px 16px;\">Path<\/th>\n        <th style=\"padding:14px 16px;\">Permission<\/th>\n        <th style=\"padding:14px 16px;\">Why<\/th>\n      <\/tr>\n    <\/thead>\n    <tbody>\n      <tr style=\"background-color:#fbf4ef; border-bottom:1px solid #eadfd6;\">\n        <td style=\"padding:12px 16px; color:#1A2238;\">All directories<br><span style=\"color:#777; font-size:13px;\">(wp-admin, wp-content, wp-includes\u2026)<\/span><\/td>\n        <td style=\"padding:12px 16px; font-family:monospace; color:#c0441a;\">755<\/td>\n        <td style=\"padding:12px 16px; color:#1A2238;\">Owner full control; others can enter and read, not modify.<\/td>\n      <\/tr>\n      <tr style=\"background-color:#ffffff; border-bottom:1px solid #eadfd6;\">\n        <td style=\"padding:12px 16px; color:#1A2238;\">All files<br><span style=\"color:#777; font-size:13px;\">(PHP, CSS, JS, images\u2026)<\/span><\/td>\n        <td style=\"padding:12px 16px; font-family:monospace; color:#c0441a;\">644<\/td>\n        <td style=\"padding:12px 16px; color:#1A2238;\">Owner reads\/writes; everyone else read-only.<\/td>\n      <\/tr>\n      <tr style=\"background-color:#fbf4ef; border-bottom:1px solid #eadfd6;\">\n        <td style=\"padding:12px 16px; color:#1A2238;\">wp-config.php<\/td>\n        <td style=\"padding:12px 16px; font-family:monospace; color:#c0441a;\">400 or 440<\/td>\n        <td style=\"padding:12px 16px; color:#1A2238;\">The most sensitive file \u2014 lock it down so others can&#8217;t read your database credentials.<\/td>\n      <\/tr>\n      <tr style=\"background-color:#ffffff; border-bottom:1px solid #eadfd6;\">\n        <td style=\"padding:12px 16px; color:#1A2238;\">.htaccess<\/td>\n        <td style=\"padding:12px 16px; font-family:monospace; color:#c0441a;\">644<\/td>\n        <td style=\"padding:12px 16px; color:#1A2238;\">WordPress needs to update it for permalinks; 644 is standard.<\/td>\n      <\/tr>\n      <tr style=\"background-color:#fbf4ef; border-bottom:none;\">\n        <td style=\"padding:12px 16px; color:#1A2238;\">wp-content\/uploads<\/td>\n        <td style=\"padding:12px 16px; font-family:monospace; color:#c0441a;\">755<\/td>\n        <td style=\"padding:12px 16px; color:#1A2238;\">Needs write access for media \u2014 but 755 is enough on a proper server, never 777.<\/td>\n      <\/tr>\n    <\/tbody>\n  <\/table>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The short version most people can rely on: <strong>755 for folders, 644 for files, and lock down wp-config.php further.<\/strong> That covers 95% of WordPress setups. On stricter, modern setups you may see the tighter scheme of <strong>750 for directories and 640 for files<\/strong>. This works when PHP runs as the same user that owns the files (common on properly configured VPS and managed hosting): since no third identity needs access, the &#8220;others&#8221; bit is dropped entirely \u2014 nobody outside the owner and group can read anything. It&#8217;s more secure than 755\/644, but only works in that ownership setup. Both schemes are valid; use whichever your host supports.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">One sign of carelessly set permissions: <strong>PHP files at 755<\/strong>. PHP files never need the execute bit \u2014 the web server (Apache or Nginx) interprets them through its PHP module, not by &#8220;executing&#8221; the file at the filesystem level. Seeing 755 on your <code>.php<\/code> files usually means permissions were applied in bulk without separating files from directories. Files should be 644; only directories get the execute bit (755).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_you_should_never_use_777\"><\/span>Why you should never use 777<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">It&#8217;s worth repeating because it&#8217;s the single most common permission mistake. Setting a file or folder to <code>777<\/code> gives <strong>read, write, and execute to everyone<\/strong> \u2014 the owner, the group, and every other user on the server. On shared hosting, that means another tenant&#8217;s compromised site could overwrite your files. On any server, it means a single compromised process can inject malicious code into your theme, plugins, or core.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers actively scan for world-writable files, and backdoors commonly persist by setting themselves to 777. Security scanners like Wordfence flag it immediately. If something only works at 777, the real problem is almost always <strong>ownership<\/strong> (covered below), not permissions \u2014 and 777 is masking it dangerously.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_set_file_permissions\"><\/span>How to set file permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Three ways to change permissions, depending on your access and how many files you&#8217;re fixing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Via_cPanel_File_Manager\"><\/span>Via cPanel File Manager<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Log in to cPanel, open <strong>File Manager<\/strong>, and navigate to your WordPress folder. Right-click any file or folder, choose <strong>Change Permissions<\/strong> (or <strong>Permissions<\/strong>), and you&#8217;ll see checkboxes for read\/write\/execute across owner\/group\/others, plus the numeric value. Set it and save. Best for fixing one or a few items.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/cpanel-change-permissions-755-1024x683.png\" alt=\"Setting 755 permissions on a folder in cPanel File Manager\" class=\"wp-image-5174\" srcset=\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/cpanel-change-permissions-755-1024x683.png 1024w, https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/cpanel-change-permissions-755-300x200.png 300w, https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/cpanel-change-permissions-755-768x512.png 768w, https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/cpanel-change-permissions-755.png 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Via_FTP_FileZilla\"><\/span>Via FTP (FileZilla)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Connect with an <a href=\"https:\/\/www.copahost.com\/blog\/ftp-file-transfer\/\">FTP client<\/a>, right-click a file or folder, and choose <strong>File Permissions<\/strong>. Enter the numeric value (e.g. 644) or use the checkboxes. FileZilla can also apply recursively \u2014 and here&#8217;s the key detail: when recursing, choose <strong>&#8220;Apply to files only&#8221;<\/strong> when setting 644, and <strong>&#8220;Apply to directories only&#8221;<\/strong> when setting 755. Never apply 644 to directories (it removes the execute bit they need) or 755 to files.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"768\" src=\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/filezilla-file-permissions-1024x768.png\" alt=\"Changing file permissions in FileZilla via the File Permissions dialog\" class=\"wp-image-5175\" srcset=\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/filezilla-file-permissions-1024x768.png 1024w, https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/filezilla-file-permissions-300x225.png 300w, https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/filezilla-file-permissions-768x576.png 768w, https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/filezilla-file-permissions.png 1448w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Via_SSH_fastest_for_a_whole_site\"><\/span>Via SSH (fastest for a whole site)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If your plan includes SSH access, the command line fixes an entire installation in seconds. Connect and navigate to your WordPress root, then run these two commands \u2014 the first sets all directories to 755, the second all files to 644:<\/p>\n\n\n\n<div style=\"margin:16px 0; font-family:Arial, Helvetica, sans-serif;\"><div style=\"background:#1A2238; border-radius:8px; padding:16px 20px; overflow-x:auto;\"><code style=\"display:block; color:#e6edf3; font-family:'Courier New',monospace; font-size:14px; line-height:1.7; white-space:pre;\">find . -type d -exec chmod 755 {} \\;\nfind . -type f -exec chmod 644 {} \\;<\/code><\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Then secure <code>wp-config.php<\/code> separately (the bulk command set it to 644 along with everything else):<\/p>\n\n\n\n<div style=\"margin:16px 0; font-family:Arial, Helvetica, sans-serif;\"><div style=\"background:#1A2238; border-radius:8px; padding:16px 20px; overflow-x:auto;\"><code style=\"display:block; color:#e6edf3; font-family:'Courier New',monospace; font-size:14px; line-height:1.7; white-space:pre;\">chmod 400 wp-config.php<\/code><\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">That&#8217;s it \u2014 three commands and your whole installation has correct, secure permissions. (In the <code>chmod<\/code> number, the same 4\/2\/1 logic applies: <code>chmod 644<\/code> means owner read+write, others read.)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Permissions_vs_ownership_the_part_everyone_misses\"><\/span>Permissions vs. ownership: the part everyone misses<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Here&#8217;s the subtlety that breaks most permission fixes: <strong>permissions and ownership are two different things.<\/strong> Permissions say what the owner, group, and others <em>can<\/em> do. Ownership says <em>which identity<\/em> a given process counts as.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The classic symptom: your permissions are textbook-correct, but when you try to install a plugin or update WordPress from the dashboard, it asks you to <strong>&#8220;enter your FTP credentials.&#8221;<\/strong> That&#8217;s not a permissions problem \u2014 it&#8217;s an ownership mismatch. The PHP process is running as a different user than the one that owns your files, so it can read them (via the &#8220;others&#8221; bit) but can&#8217;t write to them.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The fix isn&#8217;t to loosen permissions to 777. It&#8217;s to align ownership so the user running PHP matches the file owner. On shared or managed hosting you usually can&#8217;t change ownership yourself \u2014 contact your host and ask them to verify that the PHP process user matches the file owner. On cPanel, hosts have a &#8220;Fix File Ownership&#8221; tool that resolves this automatically. This is why two sites with identical permissions can behave differently: the ownership underneath is different.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"After_an_FTP_upload_re-check_your_permissions\"><\/span>After an FTP upload, re-check your permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One practical gotcha: many FTP clients upload files with the wrong permissions by default (sometimes even 755 or 777). After any manual upload or FTP-based deployment, it&#8217;s worth re-running the <code>find<\/code> + <code>chmod<\/code> commands above to normalize everything back to 644 for files and 755 for directories \u2014 then re-locking wp-config.php. This keeps a careless upload from silently loosening your security.<\/p>\n\n\n\n<div style=\"max-width:760px; margin:32px auto; background:linear-gradient(135deg,#F26C21 0%,#1A2238 100%); border-radius:16px; padding:32px 28px; font-family:Arial, Helvetica, sans-serif; color:#fff; box-shadow:0 10px 30px rgba(242,108,33,.25);\">\n  <div style=\"display:flex; align-items:flex-start; gap:16px; flex-wrap:wrap;\">\n    <div style=\"flex:0 0 auto; display:inline-flex; align-items:center; justify-content:center; width:52px; height:52px; border-radius:12px; background:rgba(255,255,255,.18);\">\n      <svg width=\"28\" height=\"28\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#fff\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><rect x=\"3\" y=\"11\" width=\"18\" height=\"11\" rx=\"2\"><\/rect><path d=\"M7 11V7a5 5 0 0 1 10 0v4\"><\/path><\/svg>\n    <\/div>\n    <div style=\"flex:1 1 320px; min-width:260px;\">\n      <div style=\"font-weight:800; line-height:1.25; margin-bottom:8px;\">Hosting that gets the setup right<\/div>\n      <p style=\"margin:0 0 18px; line-height:1.6; color:#ffe4d3;\">On Copahost, WordPress is installed with correct permissions and ownership from the start, with cPanel, FTP, and SSH access to adjust them \u2014 plus support that can fix an ownership mismatch when the dashboard asks for FTP credentials.<\/p>\n      <a href=\"https:\/\/www.copahost.com\/web-hosting\/\" style=\"display:inline-flex; align-items:center; gap:8px; background:#fff; color:#F26C21; font-weight:700; text-decoration:none; padding:13px 26px; border-radius:10px; box-shadow:0 4px 12px rgba(0,0,0,.15);\">\n        See web hosting plans\n        <svg width=\"18\" height=\"18\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#F26C21\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M5 12h14M13 6l6 6-6 6\"><\/path><\/svg>\n      <\/a>\n    <\/div>\n  <\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Frequently_asked_questions\"><\/span>Frequently asked questions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What are the correct file permissions for WordPress?<\/strong><br>Directories should be 755 and files should be 644. The wp-config.php file should be stricter \u2014 400 or 440 \u2014 because it holds your database credentials. These are WordPress.org&#8217;s official recommendations and work on most hosts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Why should I never use 777 permissions?<\/strong><br>777 gives read, write, and execute access to everyone on the server, including other users and any compromised process. It&#8217;s exploited in most WordPress file-upload attacks. If something only works at 777, the real issue is usually file ownership, not permissions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>How do I change file permissions in WordPress?<\/strong><br>Use your hosting File Manager (right-click, Change Permissions), an FTP client like FileZilla (right-click, File Permissions), or SSH with the chmod command. Over SSH you can fix an entire site with two find commands: 755 for directories and 644 for files.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Why does WordPress ask for FTP credentials when I install a plugin?<\/strong><br>That&#8217;s an ownership mismatch, not a permissions problem. The PHP process runs as a different user than the one that owns your files, so it can&#8217;t write to them. The fix is to align ownership (ask your host), not to set files to 777.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What permission should wp-config.php have?<\/strong><br>400 or 440 \u2014 more restrictive than the default 644. This file contains your database username, password, and security keys, so it should be readable only by the owner. If WordPress can&#8217;t read it after setting 400, try 440 or 444 depending on your host&#8217;s setup.<\/p>\n\n\n\n<script type=\"application\/ld+json\">\n{\n  \"@context\": \"https:\/\/schema.org\",\n  \"@type\": \"FAQPage\",\n  \"mainEntity\": [\n    {\"@type\":\"Question\",\"name\":\"What are the correct file permissions for WordPress?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Directories should be 755 and files should be 644. The wp-config.php file should be stricter, 400 or 440, because it holds your database credentials. These are WordPress.org official recommendations and work on most hosts.\"}},\n    {\"@type\":\"Question\",\"name\":\"Why should I never use 777 permissions?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"777 gives read, write, and execute access to everyone on the server, including other users and any compromised process. It is exploited in most WordPress file-upload attacks. If something only works at 777, the real issue is usually file ownership, not permissions.\"}},\n    {\"@type\":\"Question\",\"name\":\"How do I change file permissions in WordPress?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Use your hosting File Manager with right-click Change Permissions, an FTP client like FileZilla with right-click File Permissions, or SSH with the chmod command. Over SSH you can fix an entire site with two find commands: 755 for directories and 644 for files.\"}},\n    {\"@type\":\"Question\",\"name\":\"Why does WordPress ask for FTP credentials when I install a plugin?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"That is an ownership mismatch, not a permissions problem. The PHP process runs as a different user than the one that owns your files, so it cannot write to them. The fix is to align ownership by asking your host, not to set files to 777.\"}},\n    {\"@type\":\"Question\",\"name\":\"What permission should wp-config.php have?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"400 or 440, more restrictive than the default 644. This file contains your database username, password, and security keys, so it should be readable only by the owner. If WordPress cannot read it after setting 400, try 440 or 444 depending on your host setup.\"}}\n  ]\n}\n<\/script>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Related_guides\"><\/span>Related guides<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">File permissions connect to several WordPress topics \u2014 see our guides on the <a href=\"https:\/\/www.copahost.com\/blog\/wp-config-php\/\">wp-config.php file<\/a>, the <a href=\"https:\/\/www.copahost.com\/blog\/wordpress-wp-content\/\">wp-content folder<\/a>, the <a href=\"https:\/\/www.copahost.com\/blog\/htaccess\/\">.htaccess file<\/a>, and our hub of <a href=\"https:\/\/www.copahost.com\/blog\/common-wordpress-errors\/\">common WordPress errors<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">WordPress file permissions come down to a short, memorable rule: <strong>755 for directories, 644 for files, and lock down wp-config.php to 400 or 440<\/strong> \u2014 and never, ever 777. Understand that the numbers are just sums of read (4), write (2), and execute (1) for owner, group, and others, and the whole system stops being mysterious. If your permissions look right but WordPress still asks for FTP credentials or can&#8217;t write files, look to ownership rather than loosening permissions. Set them once, correctly, re-check after uploads, and you&#8217;ve closed one of the most common security gaps on a WordPress site.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>File permissions decide who can read, write, and execute each file on your WordPress site. Set them too loose and you hand attackers a way in; set them too tight and WordPress breaks. The good news: the correct values are simple and well-established \u2014 755 for directories, 644 for files, and stricter for wp-config.php. This [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5173,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-5172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WordPress File Permissions Explained: The Correct chmod Values (644, 755) - Copahost<\/title>\n<meta name=\"description\" content=\"The correct WordPress file permissions: 755 for directories, 644 for files, 400 for wp-config.php. Learn what the numbers mean, how to set them via cPanel, FTP, or SSH, and why never 777\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress File Permissions Explained: The Correct chmod Values (644, 755) - Copahost\" \/>\n<meta property=\"og:description\" content=\"The correct WordPress file permissions: 755 for directories, 644 for files, 400 for wp-config.php. Learn what the numbers mean, how to set them via cPanel, FTP, or SSH, and why never 777\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/\" \/>\n<meta property=\"og:site_name\" content=\"Copahost\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-04T12:20:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-04T12:24:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1672\" \/>\n\t<meta property=\"og:image:height\" content=\"941\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gustavo Gallas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gustavo Gallas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/\"},\"author\":{\"name\":\"Gustavo Gallas\",\"@id\":\"https:\/\/www.copahost.com\/blog\/#\/schema\/person\/386b3f1f79299d43f4ceb33d26428246\"},\"headline\":\"WordPress File Permissions Explained: The Correct chmod Values (644, 755)\",\"datePublished\":\"2026-07-04T12:20:00+00:00\",\"dateModified\":\"2026-07-04T12:24:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/\"},\"wordCount\":1863,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png\",\"articleSection\":[\"Wordpress\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/\",\"url\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/\",\"name\":\"WordPress File Permissions Explained: The Correct chmod Values (644, 755) - Copahost\",\"isPartOf\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png\",\"datePublished\":\"2026-07-04T12:20:00+00:00\",\"dateModified\":\"2026-07-04T12:24:28+00:00\",\"description\":\"The correct WordPress file permissions: 755 for directories, 644 for files, 400 for wp-config.php. Learn what the numbers mean, how to set them via cPanel, FTP, or SSH, and why never 777\",\"breadcrumb\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage\",\"url\":\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png\",\"contentUrl\":\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png\",\"width\":1672,\"height\":941,\"caption\":\"Wordpress file permissions cover\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.copahost.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress File Permissions Explained: The Correct chmod Values (644, 755)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.copahost.com\/blog\/#website\",\"url\":\"https:\/\/www.copahost.com\/blog\/\",\"name\":\"Copahost\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.copahost.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.copahost.com\/blog\/#organization\",\"name\":\"Copahost\",\"url\":\"https:\/\/www.copahost.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.copahost.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2016\/03\/copahostlogo.png\",\"contentUrl\":\"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2016\/03\/copahostlogo.png\",\"width\":223,\"height\":40,\"caption\":\"Copahost\"},\"image\":{\"@id\":\"https:\/\/www.copahost.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.copahost.com\/blog\/#\/schema\/person\/386b3f1f79299d43f4ceb33d26428246\",\"name\":\"Gustavo Gallas\",\"description\":\"Graduated in Computing at PUC-Rio, Brazil. Specialized in IT, networking, systems administration and human and organizational development\u200b. Also have brewing skills.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/gustavo-gallas-107926196\/\"],\"url\":\"https:\/\/www.copahost.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress File Permissions Explained: The Correct chmod Values (644, 755) - Copahost","description":"The correct WordPress file permissions: 755 for directories, 644 for files, 400 for wp-config.php. Learn what the numbers mean, how to set them via cPanel, FTP, or SSH, and why never 777","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/","og_locale":"en_US","og_type":"article","og_title":"WordPress File Permissions Explained: The Correct chmod Values (644, 755) - Copahost","og_description":"The correct WordPress file permissions: 755 for directories, 644 for files, 400 for wp-config.php. Learn what the numbers mean, how to set them via cPanel, FTP, or SSH, and why never 777","og_url":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/","og_site_name":"Copahost","article_published_time":"2026-07-04T12:20:00+00:00","article_modified_time":"2026-07-04T12:24:28+00:00","og_image":[{"width":1672,"height":941,"url":"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png","type":"image\/png"}],"author":"Gustavo Gallas","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Gustavo Gallas","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#article","isPartOf":{"@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/"},"author":{"name":"Gustavo Gallas","@id":"https:\/\/www.copahost.com\/blog\/#\/schema\/person\/386b3f1f79299d43f4ceb33d26428246"},"headline":"WordPress File Permissions Explained: The Correct chmod Values (644, 755)","datePublished":"2026-07-04T12:20:00+00:00","dateModified":"2026-07-04T12:24:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/"},"wordCount":1863,"commentCount":0,"publisher":{"@id":"https:\/\/www.copahost.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage"},"thumbnailUrl":"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png","articleSection":["Wordpress"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/","url":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/","name":"WordPress File Permissions Explained: The Correct chmod Values (644, 755) - Copahost","isPartOf":{"@id":"https:\/\/www.copahost.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage"},"image":{"@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage"},"thumbnailUrl":"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png","datePublished":"2026-07-04T12:20:00+00:00","dateModified":"2026-07-04T12:24:28+00:00","description":"The correct WordPress file permissions: 755 for directories, 644 for files, 400 for wp-config.php. Learn what the numbers mean, how to set them via cPanel, FTP, or SSH, and why never 777","breadcrumb":{"@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#primaryimage","url":"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png","contentUrl":"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2026\/07\/wordpress-file-permissions-cover.png","width":1672,"height":941,"caption":"Wordpress file permissions cover"},{"@type":"BreadcrumbList","@id":"https:\/\/www.copahost.com\/blog\/wordpress-file-permissions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.copahost.com\/blog\/"},{"@type":"ListItem","position":2,"name":"WordPress File Permissions Explained: The Correct chmod Values (644, 755)"}]},{"@type":"WebSite","@id":"https:\/\/www.copahost.com\/blog\/#website","url":"https:\/\/www.copahost.com\/blog\/","name":"Copahost","description":"","publisher":{"@id":"https:\/\/www.copahost.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.copahost.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.copahost.com\/blog\/#organization","name":"Copahost","url":"https:\/\/www.copahost.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.copahost.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2016\/03\/copahostlogo.png","contentUrl":"https:\/\/www.copahost.com\/blog\/wp-content\/uploads\/2016\/03\/copahostlogo.png","width":223,"height":40,"caption":"Copahost"},"image":{"@id":"https:\/\/www.copahost.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.copahost.com\/blog\/#\/schema\/person\/386b3f1f79299d43f4ceb33d26428246","name":"Gustavo Gallas","description":"Graduated in Computing at PUC-Rio, Brazil. Specialized in IT, networking, systems administration and human and organizational development\u200b. Also have brewing skills.","sameAs":["https:\/\/www.linkedin.com\/in\/gustavo-gallas-107926196\/"],"url":"https:\/\/www.copahost.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/posts\/5172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/comments?post=5172"}],"version-history":[{"count":2,"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/posts\/5172\/revisions"}],"predecessor-version":[{"id":5178,"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/posts\/5172\/revisions\/5178"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/media\/5173"}],"wp:attachment":[{"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/media?parent=5172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/categories?post=5172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.copahost.com\/blog\/wp-json\/wp\/v2\/tags?post=5172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}