File permissions control who can read, write and execute each file on your server. Set them too tight and WordPress throws errors; set them too loose and you open a security hole. Getting them right is one of those quiet fundamentals that prevents a lot of problems. Here are the correct values.
The standard, safe values
For a typical WordPress site:
- Folders:
755 - Files:
644 - wp-config.php:
640or even440(it holds your database password, so tighten it)
These let WordPress function normally while keeping the door closed to unauthorised writes. They’re the values you should default to.
Never use 777
If a tutorial or a support forum tells you to “just set it to 777 to fix it”, stop. 777 means anyone can read, write and execute that file — it’s a gaping security hole and a favourite target for attackers. If a task seems to need 777, the real problem is file ownership, not permissions, and that’s a server-side fix we should handle.
Setting permissions in cPanel
- Open File Manager in cPanel.
- Right-click a file or folder and choose Change Permissions (or select it and use the Permissions button).
- Set the numeric value using the checkboxes, or type it directly.
To apply values in bulk across all files or all folders at once, File Manager offers a recursive option — but apply the file value and folder value separately, since files and folders need different permissions.
Fixing a whole site at once
If permissions are scrambled across your site (common after a migration), the cleanest fix is to set all folders to 755 and all files to 644 recursively, then tighten wp-config.php. Some security plugins include a “fix permissions” tool that applies the correct values everywhere in one action.
The uploads folder
WordPress needs to write to wp-content/uploads, so it must be 755 and owned correctly. If media uploads fail, this folder’s permissions are the first thing to check.
When it’s really an ownership issue
Sometimes permissions look correct but WordPress still can’t write — that’s usually a file ownership problem, where files are owned by the wrong system user. Ownership isn’t something you fix in File Manager; send us a ticket and we’ll correct it at the server level.
Get these values right and you avoid a whole category of errors and vulnerabilities at once.