Correct Permissions for Wordpress using apache on Centos 6

December 11, 2013 9.7k views
Hi all, I'm having some issues with Wordpress on my droplet. The initial server setup went without a hitch thanks to your great documentation. Then i set out to install Wordpress, using the this guide: https://www.digitalocean.com/community/articles/how-to-install-wordpress-on-centos-6--2. This went well for the most part too, except for the last bit where you set your permissiaons. I noticed when I was trying to install a theme from the dashboard I initially got an error saying Unable to create directory wp-content/uploads/, the alert pretty much tells you it's a permissions issue. So after a quick search i realized i need to give the uploads folder the correct permissions. At first I gave apache user ownership of the uploads and cache folder as so chown -R apache:apache /var/www/html/wp-content/uploads. This solved the "unable to create directory error i was getting, but now it prompts me for the ftp credentials. After a another quick search I found that if I give apache user ownership of the /var/www/html directory like so chown -R apache:apache /var/www/html/ it would install themes without prompting me for the ftp credentials. I could of course just enter my ftp credentials, but I would prefer it would work automatically as intended. While i was searching for the solutions I came across a couple of different posts/guides suggesting not to give the apache user ownership of the /var/www/html directory saying it's a big security risk. It is equivalent of saying chmod 777. I'm also aware of the other method where you define a constant/function. I've seen so many suggestions that i'm just not sure which one is really the safe safe and right way to do it. Obviously it's working for me now, but i'm a little confused because of all the conflicting info. I would like to know if there is a preferred way or "good" practice in setting these permissions. This is my 1st WP blog and I would like to start off on the right foot and i'm sure many other people would benefit from this as well. So if someone can please provide some clarification on the best approach it would be greatly appreciated.
1 comment
  • I'm having the same problem of being unable to install a theme. I am running CentOS 6.7, a Vesta CP, and several wordpress sites.

    I've tried a few of the commands, such as chown, and chmod, but I'm not seeing any results.
    I've gone into the wp-config.php file and added a line of code without result.

    I don't understand where to point the function? Instead of /var/www/html my wordpress folder is in /home/admin/web/mysite.com/public_html/. When I did use /var/www/html, it just says no such file or directory. So I have written the command:

    chown -R apache:apache /home/admin/web/mysite.com/public_html/ (or even added /wp-content)

    Back in WP, I get the FTP request. When I enter my details, I get

    "Unable to locate WordPress Content directory (wp-content)."

    What am I doing wrong??

1 Answer
Using FTP is certainly not a solution, it's more of a work-around.

Wordpress needs to write to all of its files in order for the auto-update system to work. Therefore, you will have to recursively allow it write access to all of /var/www/html.

I recommend setting up SFTP for Wordpress, see: https://www.digitalocean.com/community/articles/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu.

You should never need to chmod 777 anything, it's a huge security risk and allows any user on your system to write to the said file or directory.

Let me know if the article I linked above works. It might need some tweaking since it's written for Ubuntu, but if you know what's going on in your droplet you should be able to follow it fine. E.g., cd /var/www should be cd /var/www/html, www-data should be apache, and the two apt-get commands can be replaced with http://programster.blogspot.com/2013/06/centos-64-install-ssh2-extension-for-php.html.
by Justin Ellingwood
WordPress is the most popular content management system (CMS) on the web currently. While WordPress can be a great way to manage you content, there are some very insecure configurations that are given throughout the internet. This article will cover how to set up secure updates and installations using SSH keys instead of FTP, which is an inherently insecure protocol.
Have another answer? Share your knowledge.