Introduction

A failed to open stream: Permission denied error means WordPress or PHP tried to read, write, or include a file path that the current process user cannot access. The message often appears during plugin updates, uploads, cache writes, or theme loading. The safest fix is to identify which exact path is blocked and then correct ownership and directory permissions without making the whole site broadly writable.

Symptoms

  • Plugin or theme updates fail during extraction or copy steps
  • Media uploads break even though the disk is not full
  • The error appears in logs with a specific file or directory path
  • Certain pages fail only when WordPress tries to include a template or write cache data
  • The problem started after a migration, manual file copy, or server user change

Common Causes

  • Files are owned by a different system user than the PHP or web server process
  • Directory permissions are too restrictive for uploads, cache, or update operations
  • A deploy copied files as root or another privileged user
  • Security hardening changed directory modes without accounting for WordPress write paths
  • The target path no longer exists or is mounted read-only

Step-by-Step Fix

  1. Read the full error message and note the exact file or directory WordPress is trying to access.
  2. Confirm which system user runs PHP or the web server for this site so you know which account needs access.
  3. Check ownership on the failing path and compare it with the process user that serves the application.
  4. Correct ownership only on the affected WordPress directories such as uploads, cache, or specific plugin paths rather than broadening permissions everywhere.
  5. Review directory and file modes to ensure directories can be traversed and writable paths can be updated safely.
  6. If the issue started after deployment, inspect your deploy workflow for files copied by the wrong user or into a read-only mount.
  7. Re-run the exact action that failed, such as uploading media or updating a plugin.
  8. Verify there are no remaining permission errors in logs for adjacent paths that the same workflow touches next.
  9. Keep ownership and deploy user conventions documented so future releases do not recreate the mismatch.