How to: Secure wp-config.php and .htaccess files using chmod?

Another way to secure your wp-config.php and .htaccess files by setting up specific permissions on these files using chmod function. This makes your WordPress blog a lot more secure then ever. Setting the permissions on such files (wp-config.php and .htaccess) is good idea, because these are very sensitive containing your database information (like username, password and database name).

Secure wp-config.php and .htaccess files in WordPress Installations

What is chmod function?

It is simple function to let you set permission (for users, groups, and public) on files and folders. You can set the permissions on writing, reading and executing for users, groups and public. Let’s see a complete pack of permissions what this function can provide us. Before we began take a look on to following chart:

Write = w

Read = r

Execute = x

  7       4      4
 user   group  world
 r+w+x    r      r
 4+2+1  4+0+0  4+0+0  = 744
0477 -r–rwxrwx     owner has read only (4), other and group has rwx (7)
0677 -rw-rwxrwx     owner has rw only(6), other and group has rwx (7)
0444 -r–r–r–     all have read only (4)
0666 -rw-rw-rw-     all have rw only (6)
0400 -r——–     owner has read only(4), group and others have no permission(0)
0600 -rw——-     owner has rw only, group and others have no permission
0470 -r–rwx—     owner has read only, group has rwx, others have no permission
0407  -r—–rwx     owner has read only, other has rwx, group has no permission
0670 -rw-rwx—     owner has rw only, group has rwx, others have no permission
0607    -rw—-rwx     owner has rw only, group has no permission and others have rwx

Hint: Take into account never use 777. Changing File Permissions in WordPress.

Secure wp-config.php and .htaccess Files Using “Chmod”

Setting Permissions for wp-config.php File

1. Login to your cPanel using FileZilla or any other ftp client software.

2. Goto public_html > yourdomain folder.

3. There right click the file wp-config.php > file permissions…

4. For wp-config.php file the chmod should be 400, this mean the only users (admins) can read this file rather than modifying, and executing.

permissions on file wp-config


Setting Permissions for .htaccess File

1. Do the same as like wp-config.php  file.

2. Set the permissions for .htaccess file 644 which is normally recommended for it.

Permissions for the file .htaccess

All we’ve done. Have a Good day

Similar Posts


  1. hey Bro 🙂 just one question, What is the diference between protecting your file via chmod and using .htaccess to protect your files… for example, is it better to protect wp-config.php via .htaccess or is it better to simply use chmod to achive the same result. Is it the same result at all or there are diference between this two methods?

Leave a Reply

Your email address will not be published. Required fields are marked *