“Permissions” are security settings covering files and directories on your server, which protect your site from hacking and other unauthorized access.
It’s very important that you understand how they work and how they should set for maximum protection.
Some files - like html or image files - can be viewed but not altered by visitors. Script files – like php or javascript - can be both viewed and altered, and are more vulnerable to attack.
Unlike a static website where the pages stay the same, a blogging system like WordPress depends on frequent accessing and altering of files and folders by you and by your visitors. You want to access and run your files; you also want visitors to be able to add comments or make posts. What you definitely don’t want is for someone to hack in and ruin your work.
So it's important that the script files and directories in your website are protected by permissions that let the server know exactly who can do what.
There are three actions that can be carried out on a file or directory:
“Permissions” assign a number to each file, which communicates the actions allowable on the file by:
Generally, any file or folder that is “writable” is considered insecure.
However, sometimes (especially during the site building phase) you need to modify some of your files. So you'll have to temporarily alter the permissions on those files, and then change them back to their more secure settings when you're done modifying them.
Altering the permissions of a file or folder is also known as CHMOD, or CHange MODe.
TIP: Leave the permissions open for as little time as possible, and never open file permissions above 666 when you are editing. So you would CHMOD the permissions on a file to 666; make your modification; and then immediately CHMOD back to 644.
Never, ever leave the permissions open thinking you may come back and make another change!
You can CHMOD file and directory permissions in two ways: either through your FTP client or in cPanel.
To CHMOD in your cPanel, go to File Manager from the main admin screen and you will see the directories/files listed and the permissions for each on the right hand side of the screen.
Click on the file icon or name to bring up a menu in the top right corner of the screen. Click on change permissions to bring up the permissions matrix where you can make your changes. For directories, click on the directory name.
To learn how to CHMOD from within your FTP client, here is a link to some excellent tutorials showing you how this works for some of the most popular FTP software including SmartFTP and FileZilla: http://www.tamba2.org.uk/wordpress/ftp/ .
It is possible to modify files from within cPanel without changing permissions at all.
Click on the file icon and in the menu click ‘edit file’ you can then edit and save without having to CHMOD your files.
TIP: If you do this, always create a copy of the original file in cPanel before proceeding. That way if your modified file has a disastrous effect on your site that you didn't expect, you can quickly replace it with the original unchanged file. Whew!