DigitalOcean

Report this

What is the reason for this report?
Question

Correct permissions for WordPress on LEMP?

Posted on February 6, 2014
admin457873

By admin457873

I’m confused about how to set permissions for a WordPress install. I’ve got it setup and running very well on ubuntu based droplet using LEMP. The only issue I’m having is getting permissions correct. I went for the normal:

sudo chown www-data:www-data * -R sudo usermod -a -G www-data usernamehere

That worked great, but stopped my user from creating files inside the WordPress install which I use for manually installing some plugins. I’ve also tried using:

sudo chown usernamehere:www-data * -R

However while that gives me permission it stops WP from uploading/updating. I’ve also used:

sudo chmod g+s directoryname

To make it so all files created in the folder by me are owned by the web server.

Can anyone recommend a good permission setup that will allow my user to create files, allow WP to update & upload but doesn’t introduce any security issues? I know a decent amount about web servers but permissions are my downfall. Any help would be greatly appreciated.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
admin457873
admin457873
February 6, 2014

TLDR; I’m looking for a permission setup that will allow WordPress to upload/update, but allow me to create files without exposing my server to security problems.

0
Kamal Nasser
Kamal NasserDigitalOcean Employee badge
February 8, 2014

The commands you ran are fine, however there’s one missing step: <br><pre>sudo chmod -R g+w directoryname</pre> <br>This command allows users of the group that owns the files (www-data in this case) to write to the files.

0
admin457873
admin457873
February 8, 2014

Would that be still safe from a security point of view? I’ve heard people saying you should never give write access to the web server’s group. <br> <br>To me though I’ve never figured out how that is a security risk when the web server is the owner of the files anyway.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.