file permission

# before setup
chown www-data:www-data  -R * # Let Apache be owner
find . -type d -exec chmod 755 {} \;  # rwxr-xr-x
find . -type f -exec chmod 644 {} \;  # rw-r--r--

# after setup
chown <username>:<username>  -R * 
chown www-data:www-data wp-content

Source:

• https://wordpress.org/documentation/article/hardening-wordpress/#file-permissions
• https://stackoverflow.com/questions/18352682/correct-file-permissions-for-wordpress
• https://wordpress.org/documentation/article/changing-file-permissions/
• https://httpd.apache.org/docs/2.2/misc/security_tips.html