Home / Security / Review file permissions on your server — nothing should be world-writable
Defensive & Operational · Security Ring

Review file permissions on your server — nothing should be world-writable

30-60 min Impact: medium Effort: low ✓ Manual completion

File permissions on your server control who and what can read, write, or execute each file, and a world-writable file, one anyone or anything can modify, is a serious, direct vulnerability that gives an attacker an easy path to alter your site's code.

A single world-writable file is sometimes all an attacker genuinely needs to inject malicious code directly, this is foundational server hygiene that is easy to check and fix once, but is genuinely serious if overlooked.

How to do it

  1. 1
    Review your file permissions
    Via your hosting control panel or direct server access, check current permission settings across your site files.
  2. 2
    Identify anything world-writable
    Permissions allowing write access to anyone, not just the specific user or group that should have it.
  3. 3
    Correct permissions to the minimum genuinely needed
    Typical safe defaults are 644 for files and 755 for directories, with narrower exceptions only where genuinely required.
  4. 4
    Re-check after any major site change
    A migration or bulk file upload can sometimes reset permissions incorrectly.

Common mistakes

How you will know it is done

No world-writable files remain, and permissions across the site follow least-privilege defaults.

Track this in your hive

The Security Ring turns this into a real, permanent mission — mark it complete once you have genuinely done it.

Open this mission in H.I.V.E. →