How can I fix permissions with Wordpress file uploads?

August 15, 2016 2.3k views
Apache Linux Commands WordPress Ubuntu

Hello,
I had previously set up my server with this guide: https://www.digitalocean.com/community/tutorials/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu

Basically, I set wordpress to use the wp-user, and set the wp-user to own the entire html directory. Another thing I did was to add my main user to the wp-user group, so I could edit files in the html directory on my FTP client.

Now, I have another wordpress installation running on a subdirectory of the html directory. I told it to use the same user and authentication as the first installation -- but it didn't work. Theme installation would be fine, for some reason, but media uploads are impossible. It just says "could not create directory ..."

After messing with it quite a lot, I've managed to screw up media uploads on my first installation. Again, theme installs work fine. But media uploads have a different error on the first installation: 'The uploaded file could not be moved...'

All files and folders in the html directory are owned by wp-user, and have a group of wp-user. Folders all have a permission of drwxr-xr-x, and files all have a permission of -rw-r--r--.

No idea what's happening here. Any ideas?

1 Answer

A nice script can be found here that will set all your WordPress permissions based on the user, group and web root you specify.

#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=changeme # <-- wordpress owner
WP_GROUP=changeme # <-- wordpress group
WP_ROOT=/home/changeme # <-- wordpress root directory
WS_GROUP=changeme # <-- webserver group

# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess

# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

I would recommend resetting your permissions and then from there checking the ownership and your configuration.

Have another answer? Share your knowledge.