Weak WordPress Directory Permissions Can Be Exploited On Your Site

If a directory is not configured with the correct permissions, an intruder can upload and execute malicious files and modify critical files which can compromise your WordPress security. Eventually, the malicious user can gain full control over your web server which can lead to other serious security issues like loss of sensitive information, complete website disruption, installation of website malware, and more.


It is recommended to strengthen your file permissions for a more secure WordPress installation. Restrictive permissions should be revoked only for directories requiring write access. There are several methods to change your WordPress directory permissions.


  1. Login to the server via SSH and change the directory permissions using the chmod command:
  2. chmod XXX [directory path] E.g. chmod 755 /wp-content/plugins/


  1. Login to the website using an FTP client (FTP credentials are typically provided by your hosting provider)
  2. Navigate to the directory mentioned in the WebsiteDefender alert and right click it to modify its permissions

Via the hosting provider admin console

Login to the hosting provider admin interface from where you can browse and modify both file and directory permissions.


Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.