Question

Correct Permissions for Wordpress using apache on Centos 6

  • Posted on December 11, 2013
  • raageoAsked by raageo

Hi all,

I’m having some issues with Wordpress on my droplet. The initial server setup went without a hitch thanks to your great documentation. Then i set out to install Wordpress, using the this guide: https://www.digitalocean.com/community/articles/how-to-install-wordpress-on-centos-6--2. This went well for the most part too, except for the last bit where you set your permissiaons. I noticed when I was trying to install a theme from the dashboard I initially got an error saying Unable to create directory wp-content/uploads/, the alert pretty much tells you it’s a permissions issue. So after a quick search i realized i need to give the uploads folder the correct permissions. At first I gave apache user ownership of the uploads and cache folder as so chown -R apache:apache /var/www/html/wp-content/uploads. This solved the "unable to create directory error i was getting, but now it prompts me for the ftp credentials. After a another quick search I found that if I give apache user ownership of the /var/www/html directory like so chown -R apache:apache /var/www/html/ it would install themes without prompting me for the ftp credentials. I could of course just enter my ftp credentials, but I would prefer it would work automatically as intended.

While i was searching for the solutions I came across a couple of different posts/guides suggesting not to give the apache user ownership of the /var/www/html directory saying it’s a big security risk. It is equivalent of saying chmod 777. I’m also aware of the other method where you define a constant/function. I’ve seen so many suggestions that i’m just not sure which one is really the safe safe and right way to do it.

Obviously it’s working for me now, but i’m a little confused because of all the conflicting info. I would like to know if there is a preferred way or “good” practice in setting these permissions. This is my 1st WP blog and I would like to start off on the right foot and i’m sure many other people would benefit from this as well. So if someone can please provide some clarification on the best approach it would be greatly appreciated.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Using FTP is certainly not a solution, it’s more of a work-around. <br> <br>Wordpress needs to write to all of its files in order for the auto-update system to work. Therefore, you will have to recursively allow it write access to all of <code>/var/www/html</code>. <br> <br>I recommend setting up SFTP for Wordpress, see: <a href=“https://www.digitalocean.com/community/articles/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu”>https://www.digitalocean.com/community/articles/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu</a>. <br> <br>You should never need to <code>chmod 777</code> anything, it’s a huge security risk and allows any user on your system to write to the said file or directory. <br> <br>Let me know if the article I linked above works. It might need some tweaking since it’s written for Ubuntu, but if you know what’s going on in your droplet you should be able to follow it fine. E.g., <code>cd /var/www</code> should be <code>cd /var/www/html</code>, <code>www-data</code> should be <code>apache</code>, and the two <code>apt-get</code> commands can be replaced with <a href=“http://programster.blogspot.com/2013/06/centos-64-install-ssh2-extension-for-php.html”>http://programster.blogspot.com/2013/06/centos-64-install-ssh2-extension-for-php.html</a>.