A detailed guide on Wordpress file system permissions & ownerships

Security is a key concern of every owner of WordPress website. Thanks to the incredible collection of plugins which make it feasible for every WordPress site/blog to secure his/her website/blog against all sorts of security breaches. File permissions and ownership are perhaps two of the commonly overlooked WordPress security features. Well, through this post, I intend to throw some light on the critical of WordPress file system permissions and ownerships.

Understanding the need for setting permissions and ownerships; post WordPress installation

Well, there can be major consequences of not setting up the file-system permissions and ownerships for your WordPress site/blog. Here is a listing of few:

• A majority of your security measures would be easily bypassed by intruders
• A blank white screen when the user tries loading the website for the very first time.
• An error message when the user tries uploading images using the WordPress default media uploader.

Understanding users and groups

While on one hand, user denotes a particular account which has an easy access to the computer, group refers to the identifier for a specific set of users. To put it simply, every time you opt for transferring files via FTP, you'll have to use a user account on the server. Plus, depending on how the host has set up this user account, you'll belong to a single or multiple groups. Both, users and groups play a vital role in identifying files and folders for individual privileges. For instance, the owner of a file will have the full privileges, followed by users belonging to the same group who would have fewer privileges on the file and finally there's everyone else who wouldn't have any privileges on the file under focus. These privileges are termed as “permissions'.

Unleashing File-system Permissions

Permission basically dictates as to what a user can do with a particular file. It is represented by a set of numbers such as 744 or 888 which is called a permission mode. For instance, while installing a specific plugin in WordPress, you might have been asked to change the file permission. The reason for this is simply because the chosen plugin isn't able to write to the respective file or directory. By modifying the file permissions, you are in a way permitting your web server to gain an instant access to the file or folder under focus.

Permission mode can be regarded as a set of “who can do what” statements wherein each digit corresponds to “who” part of the statement as explained below:

• First digit would denote as to what the user of the account which owns the file is able to do
• Second digit denotes what the other user accounts registered under the file owner's group can do
• Third digit would denote what the user account of all the other users(this includes the un-registered website visitors as well) can do

Additionally, there's a number which corresponds to “what” part of statement and is basically the total of combination of any of the digits as explained below:

• 4- this denotes that the users will be able to read a file or names of files within a folder
• 2- this denotes that the users will be able to modify a file or the contents of a file folder
• 1- this denotes that the users will be able to run a file or access the files stored in a folder

A look at changing file permission modes in WordPress

FTP clients serve you with an intuitive interface which can be used for changing the permission mode of different files and folders. Here's a screen-shot for such an interface:

You can use the chmod command for changing your file or folder's permission mode:

sudo chmod 744 <file>

The above method is applicable only in case you have an access to the server's terminal.

Getting to know everything about File and Folder Ownership for WordPress

In order to be adjust the file and folder ownerships for varied WordPress files, you'll have to ensure the following:

• your user account is itself the owner of all WordPress files and folders.
• your user account along with the web server's user account, both belong to the same user group.

You can run the following command in your server terminal for determining the groups that the user account belongs to:

groups

Once you're done with finding the groups, your web server belongs to, you can opt for including(only temporarily) the below PHP snippet in any one of your WordPress scripts:
echo exec( 'groups' );

However, if the user and web server belong to groups of different user, you can simply run the following command for adding the user to one of the web server's groups:
sudo usermod -a -G <a-shared-group-name> customuser

Last, but definitely not the least, if you want to ensure that everything in your WordPress folder belongs to the user account and also has a shared group, just run the following command in the WordPress folder:

sudo find . -exec chown customuser:a-shared-group-name {} +

That's it!

Conclusion
Here is hoping the post above would have helped you gather useful insights on file permissions and ownerships applicable for a WordPress powered website. 
You have to take care of the website where you will update any security feature because while moving from PSD to WordPress the security features of this process becomes different but when you move completely then you will have all access.