Introduction

A WordPress file upload permission denied error usually means the upload reached the server but could not be written where WordPress expected. That can happen because of ownership mistakes, restrictive permissions, security controls, missing temp paths, or hosting policies that block specific file operations. The right fix is to identify which write step is failing instead of recursively chmodding the whole site.

Symptoms

  • Media uploads fail in the WordPress admin with a permission error
  • Theme, plugin, or update uploads stop working even though login succeeds
  • The issue started after migration, cleanup, hardening, or hosting changes
  • Temporary files appear but final files do not land in the uploads directory
  • Logs show denied write, move, or open operations for upload-related paths

Common Causes

  • Upload directories have incorrect ownership or permissions for the web server user
  • The PHP temporary upload directory is missing, full, or inaccessible
  • Security plugins, SELinux-style controls, or hosting restrictions block writes or file moves
  • Disk space or inode exhaustion prevents successful upload completion
  • Reverse proxy or WAF rules reject parts of multipart upload requests before WordPress can save them

Step-by-Step Fix

  1. Determine whether the failure happens when receiving the upload, storing the temp file, or moving the file into the final uploads path.
  2. Check ownership and permissions on the WordPress uploads directory and its parent paths so the web server can write where expected.
  3. Verify the PHP temporary upload directory exists, is writable, and has available space.
  4. Review security controls, hosting policies, and any recent hardening changes that may block file writes or moves.
  5. Check disk capacity and inode usage before assuming the issue is only a permission problem.
  6. Inspect PHP, web server, and WordPress logs for the exact path or operation being denied.
  7. Test with a small safe file type first so you can separate general write failures from file-type or request-size restrictions.
  8. Retest plugin or theme upload flows if those were affected, not just media library uploads.
  9. Keep file ownership and upload-path expectations documented so future migrations do not quietly break write operations again.