Help: Wordpress do not have write permissions.

November 18, 2013 8k views
I have CentOS 6 installed on my droplet and I have created some virtual hosts to use some domains. Now, I have installed Wordpress on one of vhost and the problem is, Wordpress do not have write permissions. I can not install themes, plugins or upload images from Wordpress admin. The folder ownership is for a user that I created apart from root.
8 Answers
@Kamal Nasser,

There is no solution provided in this question. Which is what my issue is.
Currently the ownership is for robert user for all files. Wordpress cannot create any files/folder in Wordpress directory.

If I give ownership to apache user then Wordpress is able to fully control the directory and works as t should but in that case, I am not able to modify, upload, delete any file to server.

More specifically that question you are pointing to allows either me or apache to be able to edit files. Which is not how it should work. Both should be able to modify files.
I think the problem here is php should run in apache as user. But it is not. How to do that?
"If I give ownership to apache user then Wordpress is able to fully control the directory and works as t should but in that case, I am not able to modify, upload, delete any file to server."

Add yourself to the same group as Apache. Not sure what the relevant command is for CentOS; but in Ubuntu, it's:
sudo usermod -a -G www-data username
In that case, I will have to give write permission to group also. 775 right.
That's security risk.

And the command is

sudo usermod -a -G apache username
WordPress recommends permissions of 755 for directories and 644 for files. See Hardening WordPress | Codex.
I would recommend Pablo of vDevices' solution. There should be no need to add your user account to the apache group.
You need to operate your WP site in two modes:

- lockdown mode (the Apache service account owns none of the files)
- admin mode (the Apache service account owns all of the files)

You can write a simple script to handle this so that you will know 100% the state of file ownership and permissions. The only time you would run in admin mode is when you are installing a new plugin/theme, or performing a manual Wordpress update.

In a nutshell, your lockdown mode should look something like this (the wpadmin user/group is a normal account (something other than your httpd service account):

# The web server account should not have ownership of any files
chown -R wpadmin:wpadmin /path/to/docroot/

# Setting full control for owner and group. Setting read-only for everyone else.
chmod -R ug=rwX,o=rX /path/to/docroot

# Allow the web server to write files to the uploads dir
chmod -R a=rwX /path/to/docroot/wp-content/uploads

Your admin mode is simply changing the ownership of all files to the web server service account:

# Apache should only own the files if needed (for updates or installs)
# Allow Apache to own files for updates and installs

chown -R apache /path/to/docroot

If you have developers that need to run this command, you can do so with sudo. You can further write a script that allows the developers to specify a particular top-level directory under your Apache document root (assuming you have multiple vhosts on the server).

Lastly, If you want to control the group ownership of files that are uploaded via Wordpress (and you probably will), it's best to configure a custom php upload directory (in the php.ini) and then use the setgid permission on the folder so that new files will pickup your group of choice. I think this is a better and safer solution over trying to configure suexec.

  • i want to give the rewrite permission to single file whats the specific way to do that and
    what is the command to revert permissions

Have another answer? Share your knowledge.