Understanding Wordpress File Upload Permissions

Wordpress sets permissions on uploaded files based on the permissions of the directory they are in. The code below taken from wp-admin/includes/file.php shows how the permissions of uploaded files is determined.

$stat = stat( dirname( $new_file ));
$perms = $stat['mode'] & 0000666;
@ chmod( $new_file, $perms );

The first line does a stat on the upload directory which includes the mode. The next line takes the mode (perms) of the upload directory and modifies it. Last chmod is run on the uploaded file with the newly created permissions.

Running wordpress with suPHP

If your running suPHP and try to lock down your uploads directory using 0711 permissions files that are uploaded are going to end up with 0600 perms. This is a problem when those files are accessed directly using Apache. The solution is to set your uploads directory permissions to 0755. Doing this will cause the permissions for uploaded files to become 0644.