How do I set permissions for uploading media in WordPress? (Ubuntu 14.04.1, nginx 1.4.6)

November 17, 2014 10.1k views

I'm having trouble finding the correct permissions for running a WordPress site on my droplet. I followed this guide to configure the site: How To Configure Secure Updates and Installations in WordPress on Ubuntu

Configuration is as follows:

  • Ubuntu 14.04, nginx 1.4.6
  • nginx user is www-data
  • /var/www/* is owned by wp-user:wp-user
  • Directories are set to 755 and files to 644 (WordPress docs)

Secure updates and theme/plugin installations work as expected, but I receive the following error when attempting to upload new media through the web interface: Unable to create directory wp-content/uploads/2014/11. Is its parent directory writable by the server?

Any thoughts on how I can configure owners/permissions to allow this (while maintaining security)?

  • Hi
    I followed this tutorial But can't solve this issue of wordpress update on ngnix server.
    I am stuck at sudo chown wp-user:www-data /home/wp-user/wp_rsa*
    After this command what should I do fon ngnix ?

    by Justin Ellingwood
    WordPress is the most popular content management system (CMS) on the web currently. While WordPress can be a great way to manage you content, there are some very insecure configurations that are given throughout the internet. This article will cover how to set up secure updates and installations using SSH keys instead of FTP, which is an inherently insecure protocol.
  • @khanalkafi If you follow that tutorial, the updates should work. The tutorial states that the next step is to create the .ssh/ dir and create an authorized key.

3 Answers

Updating the user/group for the php5-fpm process solved this.

In /etc/php5/fpm/pool.d/www.conf, I updated the user/group lines as follows:

user = wp-user
group = wp-user

Then I restarted the service: sudo service php5-fpm restart

Thanks to masegaloeh over at Server Fault for the helpful comment!

  • After learning that providing the PHP process with read/write access to the entire site directory can be insecure, I've reverted the www.conf change from above and instead updated the user/group ownership of the wp-content/uploads/ directory as follows:

    sudo chown -R www-data:www-data wp-content/uploads/

    Thanks to AD7six over at Server Fault for the helpful comment!

This had been driving me nuts for months! I got all kinds of crazy responses to my cries for help, but none of them did the trick until this.

hello, my wordpres folder dosen't apper and i give the right acces, if i move a website in the folder html it works ... why ?

  • I don't fully understand your question, but your website only works when it is placed inside the html/ folder because of your config file for that site.

    • cd /etc/nginx/sites-available/
    • less <your-site>
    • Look for a line that resembles: root /var/www/<your-site>/html;

    That line tells nginx where to load your site from — notice the /html at the end.

Have another answer? Share your knowledge.