The cause and solution of WordPress permission issues

The cause and solution of WordPress permission issues

The cause of WordPress permission issues

Explaining this will be beyond the scope of a regular WordPress Beginner.  However I will give it a shot.

The WordPress permission issues are caused by the file ownership rights on linux servers. Every file on your hosting account has a number flag that determine who can read,write and execute your files; user, group and/or everyone. For example a regular folder could be set to 755 meaning Everyone can read (7) the owner can write (5) and the owner can execute (5).

Your website will access the file from user ‘apache’  but the file belongs to your username. Therefore the website itself is not allowed to write to that folder! It is seen as “other”.

Loosen folder permissions

The most common solution is to loosen folder permissions. You can change this from the file manager of DirectAdmin or with your favorite FTP software. Changing the folder to 777 will allow everyone to read/write/execute. This will completely solve any issues with installing and updating plugins.

In theory it makes the files vulnerable to exploits on/from other accounts on the same hosting provider. Note that this setting does not make the folder writable to anyone on the internet.  Keep in mind that you can restore the file permissions to a more safer 755 when you are done.

However some plugins like caching software will always need write permissions.

Ownership to apache:apache

Another approach would be to change the file ownership to “apache:apache”.  That way the files are owned by apache and 777 is not needed in order to write to the files. However on a regular shared hosting provider only the system administrator can do this for you.

If you manage to install a plugin though your website (by using 777 temporarily) any folders and files created during the installation will be owned by apache. Meaning your troubles are solved.

As with 777 there are some security issues. In theory scripts that are exploited can now be used to modify your files. After all it is apache that owns the folder and it is apache that is running the script.