From Han Wiki

My notes taken while installing WordPress 4.1.1 on Ubuntu 14.04.02 LTS (CLi)

Recommended file permissions

  • Last tested on CentOS 7 (2018/4/22)

Private WordPress installations seem to be the drum that hackers like to hit on these days. It seems that many themes are also vulnerable as well. Anyway, as a starting point for fortifying a WP installation here are recommended file permissions settings for a WordPress installation on a Linux box. These commands will set 750 for all folders, 640 for files, and 600 for wp-config.php file. Sitting with a root/sudo access on a parent folder from a WP installation folder (assuming wpfolder here).

# sudo find wpfolder -type d -exec chmod 750 {} +

# sudo find wpfolder -type f -exec chmod 640 {} +

# sudo chmod 600 wpfolder/wp-config.php