Manage User, File, and Folder Permissions

A permissions issue can prevent you from accessing certain features or functions on your site. To resolve these issues, it’s important to understand the different types of permissions and permissions errors. In this guide, we’ll cover file permissions, user permissions, and how to resolve common permissions errors.

Permissions in General

There are two main types of permissions: file permissions and user permissions. File permissions determine when and by whom your site files are accessible. User permissions determine site users’ capabilities, including which areas of the site dashboard they can access and what they can do in those areas.

File Permissions

By default, a WordPress.com site is set to the following file permissions:

Unmanaged Directories: 775 or 755
- This allows owners to read, write, and execute, and group members and other users to read and write.
- If the permission is 775, group members can also execute.
Files: 644
- This allows owners to read and write, and group other users to read-only.

Sites on WordPress.com also include files and folders managed for performance, security, or other platform reasons. These have 755 or 644 permissions and cannot be changed.

An exception is for some symlinked files, such as managed plugins or themes. When using symlinked versions of these items, you cannot alter the files or folders within. However, except for Jetpack, Akismet, and the must-use plugin wpcomsh, you can remove the managed version of these plugins and replace them with unmanaged versions.

When you convert symlinks, you become responsible for ensuring the plugin or theme stays up to date. You also remove access to performance or security changes added to the managed versions. You can learn more about symlinked plugins and themes here.

Change File Permissions

Changing permissions can break your site functionality and should only be done if you are absolutely certain what you are changing and why.

You can change file or folder permissions through your site’s SFTP or SSH connection.

User Permissions

WordPress.com sites are created with default user roles and corresponding permissions. You can learn more about these default roles and permissions here.

When you invite a user to your site or create a WP-Admin user via the WP-Admin dashboard, CLI commands, or database changes, you can choose their assigned role. They will automatically be assigned the default permissions corresponding to the role unless you modify their permissions.

Some plugins and themes can add roles and permissions to your site. These may be required for extensions to operate correctly and can be applied as an additional role or as the only role for a user.

SFTP and SSH Access Credentials

Users with access to SFTP or SSH credentials will have administrative privileges to add, modify, and remove site files and settings. SSH permissions also grant access to the database directly and all available CLI commands.

It is not possible to restrict permissions within SFTP or SSH to certain activities or abilities. If you do not want users to access these privileges, you should not grant them an administrator role or provide them with SFTP or SSH credentials, regardless of their role/permissions on the site.

Change User Roles or Permissions

You can change a user’s role or permissions in a few built-in ways:

From the WordPress.com dashboard, in the Users section. You can find full instructions on this method in the Changing User Roles guide.
Through WP CLI (available via SSH).

In addition to built-in methods, you can use third-party plugins to manage custom file and user permissions. Popular plugins like User Role Editor or Members can help you tailor permissions to suit your website’s needs. This includes customizing permissions and assigning multiple roles to users.

Some Helpful Tips

You can see what capabilities a user is currently assigned with user list-caps {userID} in CLI:

wp user list-caps youruser
read
level_0
subscriber

If the permissions do not match your expectations, you can reassign the correct role to reset permissions.

If the permissions are still not correct after the role is corrected, the role’s default permissions may have been changed. In this case, you can reset the permissions to default with the CLI command role reset {role}. This will then update the permissions for anyone assigned to that role:

wp role reset editor
Restored 0 capabilities to and removed 0 capabilities from 'editor' role.
Success: Role reset.

Plugins can create new roles or modify existing user roles. Well-written plugins should remove these roles as part of the plugin removal process, but if not, you may be left with unused custom roles.

If custom roles remain after the plugin they are connected to is removed, you may need to remove them and reassign a default role to affected users.

To remove roles, you can use the CLI command role delete {ROLE} .

If you accidentally remove a default role or a default role is otherwise missing, you can re-add it using role reset {ROLE} :

wp role delete editor
Success: Role with key 'editor' deleted.

Correct Permission Errors

Occasionally, you may run into issues related to roles and permissions on your site. Below are the most common issues that may occur.

Access Errors

You may see a “Sorry, You Are Not Allowed to Access This Page” or “You do not have permission to access this page” message.

These messages often appear when trying to access WP-Admin pages, such as the installed plugins page or settings pages of plugins. You may also see the wrong or no plan in the Upgrades section of your site.

To troubleshoot:

Confirm you are signed in with the correct account by visiting your profile.
Check that the correct plan is showing next to Upgrades.
- If it is not and you have verified that the plan is currently active, go to Jetpack → Dashboard. This will cause Jetpack to sync and should cause the correct plan to appear.
- If it does not appear, please reach out to WordPress.com support.
Check what role is assigned to the affected user. You can check the role in Users → All Users.
- If the role is incorrect:
  - Assign the correct role
  - Navigate to the page you were trying to visit again.
Check the permissions assigned to the user.
- If the role is correct but the permissions aren’t, reset the role and navigate to the page again.
If multiple roles are assigned to a user, or you are using plugins that may affect permissions, you can temporarily deactivate these plugins. This will help you verify if roles are conflicting.

Unable to Install Plugins or Themes

If you cannot install plugins, it may be related to permissions issues, incompatible plugins, incorrect plan information, or other site errors.

To troubleshoot:

Confirm you are signed in with the correct account by visiting your profile.
Verify that this account has the correct role and permissions assigned. You can check the role in Users → All Users.
- If the role is incorrect, assign the correct role
Confirm that your sidebar Upgrades section reflects a plugin-enabled plan.
Ensure that the plugin or theme you are trying to upload is a valid file format (i.e., does not contain a zip file within a zip file) and is compatible with WordPress.com.

While we try to ensure your site here at WordPress.com is compatible with as many plugins and themes as possible, some plugins and themes conflict with our platform or are otherwise incompatible. You may see a message informing you if a plugin or theme is incompatible. However, if you aren’t sure, you can check our list of incompatible plugins here.

Unable to Upload Media

Media upload issues are not usually associated with user permissions. The cause is often related to file size or format, available storage, or connection issues.

To troubleshoot:

Verify that you have enough remaining storage space to accommodate the file.
Verify that the file is one of the accepted file types.
- Keep in mind that the file’s extension may be incorrect and mismatch the file type. In these cases, you may be able to resave the file with the correct extension or convert the file using third-party software.
Verify that your upload does not exceed the max size of 2GB.
- If your file is larger than 2 GB, you can upload it via SFTP or SSH.
Verify that you have a stable connection that is not timing out while uploading your file.
Verify that your Uploads folder and subfolder permissions are correct.

Other Media Errors

If you see broken thumbnails in your media gallery or receive a 404 response when visiting the source URL for media items, it’s usually due to one of three reasons:

Your site privacy is set to Private.
The media is missing from your site files. This can happen if you migrate a site and not all uploaded content is imported.
File or folder permissions have been changed.

To troubleshoot:

Verify that your site is set to Public or Coming Soon by going to Settings → General and scrolling down to the Privacy section.
Using SFTP or SSH, verify that the media files exist in your site Uploads folders.
- If the media does not exist, you will need to re-import it.
- If the media was manually uploaded directly to the file structure via SFTP or SSH, or is in a custom folder structure, you can use a plugin like Media Sync to associate it correctly.
Verify that your folder and file permissions match the default values.
- If permissions have been changed, you can correct them following the instructions provided in the Change File Permissions section above.

Privacy Errors

You may see a “403 Forbidden Permission denied” or “Our sentries tell us that you should not be here” error message.

You may see these errors if your site is set to private or if you use a maintenance plugin to hide your site before it’s ready to go live. Using private mode or third-party plugins for this purpose may limit dashboard functionality and prevent you from accessing features in the dashboard of your site.

To resolve this issue, we recommend using the Coming Soon mode. Activate this mode by going to Settings → General and scrolling down to the Privacy section.

Last updated: April 09, 2024