This is a TL;DR of me trying to responsibly struggle against WordPress prompting for FTP credentials.
This is my best compromise of security and usability when I want to support some in-browser updates and uploads, while also not sudo ing everything when working on the server.
# from html/ docroot folder
chown -R myuser:apache .
find . -type f -exec chmod 644 {} +
find . -type d -exec chmod 755 {} +
# from html/wp-content folder
find . -type f -exec chmod 664 {} +
find . -type d -exec chmod 775 {} +
chown -R apache:apache .
# for repo and .gitignore
chown -R myuser:myuser html/.git*
chmod -R 600 html/.gitignore
find .git/. -type f -exec chmod 600 {} +
find .git/. -type d -exec chmod 700 {} +
# other one-offs
chmod 640 wp-config.php
chmod 660 .htaccess
One reply on “WordPress DocRoot Permissions & Ownership”
[…] If you just want to see my recommended permissions for a DocRoot, that is here. […]