Question

How can I fix permissions with Wordpress file uploads?

Posted August 15, 2016 6.6k views
Ubuntu Apache WordPress Linux Commands

Hello,
I had previously set up my server with this guide: https://www.digitalocean.com/community/tutorials/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu

Basically, I set wordpress to use the wp-user, and set the wp-user to own the entire html directory. Another thing I did was to add my main user to the wp-user group, so I could edit files in the html directory on my FTP client.

Now, I have another wordpress installation running on a subdirectory of the html directory. I told it to use the same user and authentication as the first installation – but it didn’t work. Theme installation would be fine, for some reason, but media uploads are impossible. It just says “could not create directory …”

After messing with it quite a lot, I’ve managed to screw up media uploads on my first installation. Again, theme installs work fine. But media uploads have a different error on the first installation: ‘The uploaded file could not be moved…’

All files and folders in the html directory are owned by wp-user, and have a group of wp-user. Folders all have a permission of drwxr-xr-x, and files all have a permission of -rw-r–r–.

No idea what’s happening here. Any ideas?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

A nice script can be found here that will set all your WordPress permissions based on the user, group and web root you specify.

#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=changeme # <-- wordpress owner
WP_GROUP=changeme # <-- wordpress group
WP_ROOT=/home/changeme # <-- wordpress root directory
WS_GROUP=changeme # <-- webserver group

# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess

# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

I would recommend resetting your permissions and then from there checking the ownership and your configuration.

Submit an Answer