In this article we will review the permissions that
your files and directories should ideally be set to. Setting the permissions to
anything other than mentioned below may cause your website to not
function correctly.
By default, our system set all permissions to 644 for files and 755 for directories.
Files
Files should always be uploaded and set to permissions 644. There are however a few exceptions where for security purposes it is recommended to set different permissions:
PHP files that that contain sensitive information, for example,
configuration files containing database usernames or passwords (eg.
wp-config.php). Configuration files should be set to permissions 600 as they don't need to be executed.
Scripts that are run from the shell command line or crontab, such files should be set to permissions 700 because they are actually being executed directly by your linux user account.
Scripts that are run from the cgi-bin or other directory as a CGI script should have permissions 755 because they have to be executable by the nobody account which apache uses to access your files before serving them to the web.
For the .htaccess file it is a more secure solution to set its permissions to read only 444. This offers more protection against some simple file injection attacks.
Whenever you upload files using cPanel File Manager the files will be set
with permissions 644 automatically. Also unless otherwise your FTP software will also set permissions 644 to newly uploaded files.
Directories
Directories should always be uploaded and set to permissions 755.
Whenever you upload files using cPanel File Manager the directories will be
set with permissions 755 automatically. Unless otherwise
your FTP software will also set permissions 755 to newly
uploaded directories.
PHP web applications
Depending on their functionalities, some PHP web applications need directories with permissions set to 777.