Esse post tô fazendo pois eu sempre preciso disso na hora de atualizar meu site e acabo esquecendo.
Então vou deixar aqui um scriptzinho que eu encontrei que facilita na hora de definir permissoes no worpress.
#!/bin/bash # # This script configures WordPress file permissions based on recommendations # from http://codex.wordpress.org/Hardening_WordPress#File_permissions # # Author: Michael Conigliaro # WP_OWNER=changeme # <-- wordpress owner WP_GROUP=changeme # <-- wordpress group WP_ROOT=/home/changeme # <-- wordpress root directory WS_GROUP=changeme # <-- webserver group # reset to safe defaults find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \; find ${WP_ROOT} -type d -exec chmod 755 {} \; find ${WP_ROOT} -type f -exec chmod 644 {} \; # allow wordpress to manage wp-config.php (but prevent world access) chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php chmod 660 ${WP_ROOT}/wp-config.php # allow wordpress to manage .htaccess touch ${WP_ROOT}/.htaccess chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess chmod 664 ${WP_ROOT}/.htaccess # allow wordpress to manage wp-content find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \; find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \; find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;
https://gist.github.com/macbleser/9136424
Outros links sobre segurança no wordpress
https://wordpress.stackexchange.com/questions/391949/wordpress-sites-being-filled-with-random-php-files
https://www.digitalocean.com/community/questions/how-to-secure-wordpress-without-a-security-plugin