Correcting permissions creep
Just as we give users the least possible permissions, so we should for files and folders. We'll crash-course the detail of permissions and ownership, server-wide, in Chapter 9. For now though, we'll ensure that you have the correct permissions for WordPress.
Note
Least privilege permissions
This is the bottom line and applies to any file on any computer. What we should do is to cut rights to the bone while not restricting the required functionality.
The platform's defaults are fair: 755
for folders and 644
for files. Over time, though, these can become loosened up, particularly by developers and tinkerers. Bring them into line.
Pruning permissions at the terminal
Logged into the server and swapping the path to that of your WordPress root, do this:
find /full/path/to/WordPress -type d -exec chmod 755 {} \;
find /full/path/to/WordPress -type f -exec chmod 644 {} \;VPS and dedicated server users should have to append that command with sudo.
