WordPress file permissions hardening tool written in Go.

New mailing list added

7 months ago

New mailing list added

7 months ago


wpmod is a simple tool written in Go that sets WordPress' file and directory permissions to the ones recommended by the WordPress core team. The tool also improves permissions for the wp-config.php file and the /mu-plugins/ directory if --strict is used; testing is recommended.

I got tired of seeing plugins and users changing permissions and breaking everything, so I wrote this as a solution. Set it to run every N hours with a cron job and you should be good to go.


#From source

First install the dependencies:

  • Go 1.21 or above.
  • make.
  • scdoc.

Then compile and install:

sudo make install


$ wpmod --help
   wpmod - harden WordPress' file permissions

   wpmod [global options] [arguments...]


   --path value, -p value   path to the WordPress installation
   --user value, -u value   user for file ownership
   --group value, -g value  group for file ownership
   --strict, -s             enable strict file permission mode (default: false)
   --help, -h               show help
   --version, -v            print the version

See wpmod(1) after installing for more information.


Anyone can help make wpmod better. Send patches on the mailing list and report bugs on the issue tracker.

You must sign-off your work using git commit --signoff. Follow the Linux kernel developer's certificate of origin for more details.

All contributions are made under the GPL-2.0 license.


The following resources are available:

Released under the GPL-2.0 license.