750
750 Permission Code**
Permission Code: 750 Owner Full, Group Read/Execute, Public No Access
750 allows the owner full control, the group read/execute, and denies all access to others (public).
rwxr-x---
This configuration is used when only the site owner and system/webserver group should access directories, and **no one else should have visibility or traversal capabilities.
Technical Permission Structure
| No | Role | Bits | Access Granted | Symbol |
|---|---|---|---|---|
| 1 | Owner | rwx | ✓ full | 🔑 |
| 2 | Group | r-x | ✓ read/execute | 👥 |
| 3 | Others | --- | ✗ no access | 🚫 |
Behavior in Linux
- Owner can read, write, execute
- Group can read and enter directory (no write)
- Others cannot read, traverse, or execute
- Directory becomes private to owner + trusted group
WordPress Use Cases
| No | Use Case | Suitability | Reason |
|---|---|---|---|
| 1 | Hardened single-site VPS | ✅ recommended | restrict public filesystem access |
| 2 | Private intranet WordPress | ✅ recommended | full privacy |
| 3 | Staging server behind auth | ✅ ideal | limit exposure |
| 4 | Multi-site shared dev | ❌ avoid | group needs write (use 775) |
| 5 | Shared hosting | ❌ avoid | others may need read access |
Why Choose 750
750 is a **security-first variant of 755.
755
- Public can read and traverse directories
- Standard WordPress hosting
750
- Public cannot access directories
- Only owner + web server group allowed
- Better for hardened private WordPress servers
Required Ownership Model
To use 750, web server must belong to the same group:
Example:
wpuser:www-data
Command
chown -R wpuser:www-data /var/www/your-site
Then apply:
find . -type d -exec chmod 750 {} ;
find . -type f -exec chmod 640 {} ;
Default File Permissions with 750 Directory Strategy
| No | Component | Permission |
|---|---|---|
| 1 | Directories | 750 |
| 2 | Files | 640 |
| 3 | wp-config.php | 600 |
This is stricter than the standard 755/644 pattern.
Myth vs Reality
| No | Statement | Truth | Symbol |
|---|---|---|---|
| 1 | 750 breaks WordPress | ✗ not if ownership correct | ⚙️ |
| 2 | Better than 755 for privacy | ✓ yes | 🔐 |
| 3 | Suitable for shared hosting | ✗ avoid | ❌ |
| 4 | Safe for hardened VPS | ✓ ideal | 🛡️ |
Scenarios Where 750 Shines
- Dedicated VPS with strict isolation
- Projects storing sensitive files or internal docs
- WordPress membership systems private to users
- Corporate/internal WP used only by a controlled team
- When server runs Cloudflare Access or VPN-only
Practical Example
Harden a WordPress site on private VPS
chown -R wpuser:www-data /var/www/your-site
find . -type d -exec chmod 750 {} ;
find . -type f -exec chmod 640 {} ;
chmod 600 wp-config.php
Verify
stat wp-content/
stat wp-config.php
Expected:
Directories: 750
Files: 640
wp-config.php: 600
Troubleshooting Notes
| No | Issue | Cause | Fix |
|---|---|---|---|
| 1 | Site breaks | group mismatch | chown to wpuser:www-data |
| 2 | Cannot upload via WP admin | missing write for group | add wpuser to web group or use 775 |
| 3 | CLI errors | wrong PHP/OLS group | align group permissions |
Alternate for strict mode with uploads:
chmod 770 wp-content/uploads
Practice Exercise
- Assign correct group
chown -R wpuser:www-data /var/www/your-site
- Apply secure permissions
find . -type d -exec chmod 750 {} ;
find . -type f -exec chmod 640 {} ;
- Test normal WP usage
- Confirm no public directory traversal
Key Takeaways
| No | Rule | Value |
|---|---|---|
| 1 | 750 = private directories | ✓ |
| 2 | Only owner + group access | ✓ |
| 3 | Requires correct ownership | ✓ |
| 4 | Ideal for hardened or private WP | ✓ |
| 5 | Not suitable for shared hosting | ✗ |
Summary:
Use 750 when you control the server user + group and want tighter filesystem security than 755.