Title: Why does WordPress set 666 on wp-config.php?
Last modified: August 20, 2016

---

# Why does WordPress set 666 on wp-config.php?

 *  [aommundsen](https://wordpress.org/support/users/aommundsen/)
 * (@aommundsen)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/why-does-wordpress-set-666-on-wp-configphp/)
 * I just tested installing WordPress without a wp-config.php file, and let WordPress
   automatically create wp-config.php when doing the installe wizard from the browser.
 * However I noticed that when WordPress created wp-config.php file, it set this
   file to have permissions 666!
 * However this only happened to wp-config.php, when uploading images, installing
   plugins, setting permalinks, then all files created by WordPress get the correct
   644 permissions
 * The server is running php in cgi mode using suphp, and permissions should never
   be higher then 644 on files.
 * When WordPress create the wp-config.php, why does it create it with 666 permissions?
 * Is WordPress going to change this default behaviour of setting wp-config.php 
   to 666, or will this continue to be the default when created by WordPress itself?
 * I am a webhost, and when users don’t create the wp-config.php themself, they 
   get 666 permissions on the file, and many of them will not understand they should
   change the permissions, so this is a problem.

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Pioneer Web Design](https://wordpress.org/support/users/swansonphotos/)
 * (@swansonphotos)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/why-does-wordpress-set-666-on-wp-configphp/#post-2591004)
 * Probably because this works best for most large hosts?
 * Write a [script to force it to 644](http://ant.apache.org/manual/Tasks/chmod.html).
 *  [kodomo00](https://wordpress.org/support/users/kodomo00/)
 * (@kodomo00)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/why-does-wordpress-set-666-on-wp-configphp/#post-2591271)
 * Was just going to ask the same thing. One of my sites got infected by malware
   and got blacklisted by google, I found the malicious code in wp-config.php and
   discovered that it was 666! While in the Codex they recommend 600. Turns out 
   that wp-config.php is 666 on all the WP sites I setup, I agree that they should
   change the default value to 644 or 600. Just my 2 cents.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/why-does-wordpress-set-666-on-wp-configphp/#post-2591272)
 * As far as I am aware, the permissions are set by your server – not WP.
 *  Thread Starter [aommundsen](https://wordpress.org/support/users/aommundsen/)
 * (@aommundsen)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/why-does-wordpress-set-666-on-wp-configphp/#post-2591273)
 * No, the permission set on wp-config.php when using the web browser to install
   WordPress, is set by WordPress to 666 no matter what the server setup is like.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Why does WordPress set 666 on wp-config.php?’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 4 participants
 * Last reply from: [aommundsen](https://wordpress.org/support/users/aommundsen/)
 * Last activity: [13 years, 9 months ago](https://wordpress.org/support/topic/why-does-wordpress-set-666-on-wp-configphp/#post-2591273)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics