File & Directory Permissions (Firstserv Guide)

Setting the correct file and directory permissions is important for both security and functionality on your hosting account. This guide outlines the recommended permissions for common file types.

File Permissions

Standard File Permissions

  • ✅ Most files should be set to: 
    644

This allows:

  • The owner to read/write
  • Others to read only

Sensitive Files (Recommended: 600)

For files containing sensitive information (e.g. database credentials):

  • Example: wp-config.php (WordPress)

Set permissions to:

600

✅ This restricts access to the file owner only, improving security.

Executable Scripts (700)

Scripts that are run directly by the server (not via a web request) should be set to:

700

This includes:

  • Scripts run via cron jobs
  • Command-line scripts with a shebang (e.g. PHP, Python, Perl)
  • CGI scripts in directories like /cgi-bin

✅ These require execute permissions to run properly.

.htaccess Files

  • Standard: 
    644
  • More secure (recommended): 
    444

✅ Setting to 444 makes the file read-only, helping protect against certain types of attacks.

Directory Permissions

All directories should be set to:

755

This allows:

  • The owner to read/write/execute
  • Others to read/execute (needed to access files inside)

Default Behaviour

When using cPanel tools:

  • File Manager

    • Files default to 644
    • Directories default to 755

  • FTP uploads

    • Usually follow the same defaults unless explicitly configured otherwise

What If an Application Recommends Different Permissions?

Some applications or installation guides may suggest:

  • 777 (full access for everyone)
  • 755 for PHP files

⚠️ These recommendations are often made for compatibility, not security.

Firstserv Environment Behaviour

On Firstserv hosting:

  • PHP runs under your account user (suEXEC)
  • This means:
    • PHP files only need owner-level permissions
    • They do not require execute permissions

✅ As a result, you can safely use:

  • 600 or 644 for PHP files

Best Practices

  • ✅ Use the least permissive settings needed
  • ✅ Avoid 777 unless absolutely necessary (and even then, temporarily)
  • ✅ Secure sensitive configuration files
  • ✅ Regularly review permissions on your site

Summary

Item Type Recommended Permission
Standard files 644
Sensitive files 600
Executable scripts 700
Directories 755
.htaccess (secure) 444

Correct permissions help protect your website from unauthorised access while ensuring everything runs smoothly.

If you’re unsure about your file permissions or need help adjusting them, the Firstserv support team is always available to assist.

 

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to disable LiteSpeed connection timeouts

LiteSpeed Timeouts Explained (Firstserv Guide) What is LiteSpeed? All Firstserv hosting...

Where should I upload my website files?

Where Should I Upload My Website Files? (Firstserv Guide) The Short Answer Your website...

How to clear your web browser cache

How to Clear Your Browser Cache (Firstserv Guide) Web browsers store cached data such as...

Using FileZilla to upload files via SFTP(SSH) or FTPS(SSL/TLS)

Setting Up FileZilla (Firstserv Guide) FileZilla is a free, open-source FTP client available...

How to flush your computers DNS cache

Understanding DNS Propagation (Firstserv Guide) When you make changes to your DNS (such as...