Resolving the “Your wp-config.php is Not Writable” Issue in WordPress

The wp-config.php file is central for WordPress to operate correctly as it contains your website’s base configuration details, such as database connection information. When this file isn’t writable, WordPress can’t update configurations dynamically.

Sometimes, WordPress will inform you that ‘Your wp-config.php is not writable’. The very first moment in which this can happen is during setup. When setting up WordPress for the first time, the installation process might try to write to wp-config.php if it isn’t able to detect an existing configuration file. If the permissions aren’t set correctly from the start, or if WordPress doesn’t have the necessary file ownership to write to the directory where it’s being installed, this could prevent the creation or modification of the wp-config.php file, thereby halting the installation process.

Also, when converting a standard WordPress installation into a Multisite network, WordPress needs to make changes to both wp-config.php and .htaccess files. If wp-config.php does not have the correct writable permissions, WordPress will not be able to insert the necessary configurations, such as enabling the network setup and defining the domain or path-based network. This will halt the setup process, prompting the “Your wp-config.php is Not Writable” error, indicating that manual changes to the configuration file are required.

Another real-word case is when certain plugins and themes might require changes to the wp-config.php file when enabling or disabling specific features. If a plugin attempts to enable a feature that requires to set a different value in a constant, it could trigger this error. Here it’s mandatory to note that generally speaking, plugins and themes typically do not and should not programmatically change wp-config.php through the admin dashboard due to security reasons. Usually, these changes are manual recommendations provided by plugins or themes, and administrators are expected to make these changes themselves. But not recommended does not mean that doesn’t happen; and in some cases there are legitimate reasons.

In all these cases, we may encounter a “Your wp-config.php is Not Writable” error. This issue can arise not just in the admin dashboard through alerts but also when managing files directly on the server.

When trying to modify wp-config.php via SFTP or SSH and encountering a non-writable file error, the root causes are often the same as those discussed in my comprehensive article on 403 Forbidden errors. These include incorrect file permissions and ownership issues, which prevent you from making changes even when using these more secure methods.

File permissions may be set in such a way that the user account you are using to access the files via SFTP or SSH does not have the necessary write permissions. To solve this, you would adjust the file’s permissions to allow the appropriate level of access. As outlined in my detailed guide on file permissions, setting files to 644 is generally safe and allows you to write to them while keeping them secure from external access.

Ownership issues can also arise if the wp-config.php file is owned by a different user than the one you are logged in with. This is common when files are uploaded using a different account or through an automated script that sets ownership differently. To resolve this, you would use the chown command to change the ownership of the file to your user. For example, if your web server runs as ‘www-data’, you might need to execute sudo chown www-data:www-data wp-config.php to ensure that your web server and your SFTP/SSH user can modify the file.

Moreover, server-specific security settings or configurations might restrict file modifications. This can include read-only filesystems, security modules SELinux, or hosting provider policies that lock down certain files. If adjusting permissions and ownership doesn’t resolve the issue, it’s advisable to contact your hosting provider or consult your server’s documentation to understand if there are additional security measures in place.