Question

Correct permissions for WordPress on LEMP?

  • Posted February 6, 2014

I’m confused about how to set permissions for a WordPress install. I’ve got it setup and running very well on ubuntu based droplet using LEMP. The only issue I’m having is getting permissions correct. I went for the normal:

sudo chown www-data:www-data * -R sudo usermod -a -G www-data usernamehere

That worked great, but stopped my user from creating files inside the WordPress install which I use for manually installing some plugins. I’ve also tried using:

sudo chown usernamehere:www-data * -R

However while that gives me permission it stops WP from uploading/updating. I’ve also used:

sudo chmod g+s directoryname

To make it so all files created in the folder by me are owned by the web server.

Can anyone recommend a good permission setup that will allow my user to create files, allow WP to update & upload but doesn’t introduce any security issues? I know a decent amount about web servers but permissions are my downfall. Any help would be greatly appreciated.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

You usually shouldn’t but that would be the easiest way to enable Wordpress’s automatic updating system to work properly. <br> <br>Check out <a href=“https://www.digitalocean.com/community/articles/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu”>https://www.digitalocean.com/community/articles/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu</a>—it’s written for Apache but should work fine on nginx with some tweaks.

Would that be still safe from a security point of view? I’ve heard people saying you should never give write access to the web server’s group. <br> <br>To me though I’ve never figured out how that is a security risk when the web server is the owner of the files anyway.

The commands you ran are fine, however there’s one missing step: <br><pre>sudo chmod -R g+w directoryname</pre> <br>This command allows users of the group that owns the files (www-data in this case) to write to the files.

TLDR; I’m looking for a permission setup that will allow WordPress to upload/update, but allow me to create files without exposing my server to security problems.