How to Set Correct WordPress File and Folder Permissions

Incorrect file permissions are a common cause of WordPress errors like “Could not create directory” or “File is not writable” — and overly permissive settings (like 777 on files) are a serious security risk. The standard WordPress recommendation is 755 for directories and 644 for files.

Problem: A WordPress site shows file upload errors or "Unable to locate WordPress root directory" messages — or conversely, files are world-writable and create a security vulnerability.

Solution: Set all folders to 755 and all files to 644 from the WordPress root using find + chmod. Tighten wp-config.php to 640 to prevent web server reads, and ensure the uploads directory is writable by the web server user.

Set the correct permissions in one pass from the WordPress root directory:

# Navigate to the WordPress root
cd /var/www/html

# Set all directories to 755
find . -type d -exec chmod 755 {} +

# Set all files to 644
find . -type f -exec chmod 644 {} +

wp-config.php deserves stricter permissions since it contains database credentials:

chmod 600 wp-config.php

If WordPress needs to write to a specific directory (e.g. wp-content/uploads), give the web server user write access instead of setting 777:

# Find out which user your web server runs as
ps aux | grep -E 'apache|nginx|www' | awk '{print $1}' | sort -u

# Give that user ownership of the uploads directory (replace www-data with your web user)
chown -R www-data:www-data wp-content/uploads
chmod -R 755 wp-content/uploads

Permissions quick reference:

wp-config.php          → 600  (owner read/write only)
.htaccess              → 644
All other files        → 644
All directories        → 755
wp-content/uploads     → 755 (owned by web server user)

NOTE: Never set files or directories to 777 on a production server. This makes them world-writable, meaning any process on the server — including malicious scripts injected by other compromised accounts on shared hosting — can modify them. If WordPress still can't write files after setting 755 on directories, the issue is ownership, not permissions. Fix ownership with chown, not by increasing permissions.