600
600 Permission Code**
Permission Code: 600 Owner Read/Write Only (Highly Sensitive Files)
600 grants **read + write to the owner and **no access at all to group and others.
rw-------
This mode is used for the most sensitive files in a WordPress VPS environment especially those containing credentials or private keys.
It ensures only the file owner can read or modify the file, preventing access by any other user or process.
Technical Structure
| No | Role | Bits | Access | Allowed? |
|---|---|---|---|---|
| 1 | Owner | rw- | read/write | ✅ |
| 2 | Group | --- | no access | ✅ |
| 3 | Others | --- | no access | ✅ |
Behavior
- Only the owner can read and modify the file
- No other system user or service can even read it
- Prevents privilege escalation through configuration exposure
- Essential when storing database credentials, private keys, tokens
WordPress Use Cases
| No | File / Location | Suitability | Reason |
|---|---|---|---|
| 1 | wp-config.php | ✅ | prevents DB & secret leakage |
| 2 | .env config files | ✅ | protects environment secrets |
| 3 | Private keys (id_rsa) | ✅ | SSH security requirement |
| 4 | Sensitive backup credential files | ✅ | blocks unauthorized reads |
| 5 | SSL private key files | ✅ | protects certificates |
This mode helps protect against local privilege attacks, malware, and accidental exposure.
Compare vs Other Modes
| No | Mode | Owner | Group | Others | Use |
|---|---|---|---|---|---|
| 1 | 644 | rw- | r-- | r-- | normal WP files |
| 2 | 640 | rw- | r-- | --- | hardened WP settings |
| 3 | 600 | rw- | --- | --- | maximum protection |
Correct Command Examples
Secure wp-config.php
chmod 600 wp-config.php
Secure environment file
chmod 600 .env
Secure SSH private key
chmod 600 ~/.ssh/id_rsa
Ensure correct ownership
chown wpuser:www-data wp-config.php
The web server often does not need to read wp-config.php directly PHP executes it as the user running the PHP process, so this mode typically works correctly on a VPS.
Practical Recommendations
Most secure baseline for WordPress:
Directories: 755
Files: 644
wp-config.php: 600
Hardened security setup (private VPS)
Directories: 750
Files: 640
wp-config.php: 600
Troubleshooting
| No | Symptom | Cause | Fix |
|---|---|---|---|
| 1 | Site fails to load | PHP-FPM runs under different user than file owner | set correct owner/group |
| 2 | WP CLI cannot access config | running CLI as wrong user | run as correct user or adjust group perms |
| 3 | Config cannot be edited | expected behavior | edit as owner |
If PHP is executed under the web server user instead of site owner, group read (640) may be required instead of 600.
Verification
stat wp-config.php
Expected output:
Access: (0600/-rw-------)
Also check execution user:
ps aux | grep php
id $(whoami)
Hands-On Exercise
-
Set wp-config.php to strict mode
chmod 600 wp-config.php -
Reload site to test
-
Run WP CLI as correct user
wp option get home -
Try reading config as another user denied
Key Takeaways
| No | Statement | Status |
|---|---|---|
| 1 | 600 protects secrets from other users | ✅ |
| 2 | Required for private keys and sensitive configs | ✅ |
| 3 | Ideal for wp-config.php on VPS | ✅ |
| 4 | Must pair with correct ownership | ✅ |
| 5 | Breaks systems where server user must read file | ✅ (rare w/ correct VPS setup) |
Summary:
Use 600 for critical security files like wp-config.php, SSH keys, and environment secrets.