Open in app

Sign in

Write

Sign in

How to update WordPress with SELinux enabled

Daryl Ng
2 min readMay 11, 2020

Are you getting permission errors when you update WordPress with SELinux enabled? And facing similar errors you when you install plugins like W3 Total Cache?

You are not alone!

I had experienced this problem some time ago and it took me several hours to realize that it is due to SELinux. But don’t be tempted to disable SELinux completely.

In this article, I will show you how you can update WordPress with SELinux enabled.

What is SELinux?

SELinux, also known as Security-Enhanced Linux, is the bane of developers running web applications like WordPress on CentOS. But SELinux is there for a reason. It is a security module to support access control security policies. This limits privileges to the minimum.

So, when you disable SELinux, you are opening your server to security vulnerabilities.

Start Hacking SELinux

Update the ownership of your WordPress folder. This depends on the server you are using, Apache or Nginx.

$ sudo chown nginx:nginx -R /path/to/wordpress

Next, you will need to update the permission of your files and directories respectively.

$ sudo find /path/to/wordpress -type f -exec chmod 0644 {} \;$ sudo find /path/to/wordpress -type d -exec chmod 0755 {} \;

Now, you will need to configure SELinux permissions. You can check your current settings with -Z.

$ ls -Z
drwxr-xr-x. nginx nginx system_u:object_r:httpd_sys_content_t:s0 wordpress

The following line sets all the documents under the WordPress folder to read-only. This ensures that only the minimum permission required to perform read or write be granted to the document.

$ sudo chcon -t httpd_sys_content_t /path/to/wordpress -R

Here comes the important steps that will allow WordPress to perform updates and install plugins. This will allow WordPress to read and write to the wp-config file and wp-content directory.

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-config.php$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-content -R

If you have just installed W3 Total Cache, you will get an error that nginx.conf cannot be written, as shown in the image below. The fix for this is simple.

You will need to allow WordPress to do so with the line below.

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/nginx.conf

So, if you are getting similar errors that a file or directory cannot be written, simply follow the step above and replace nginx.conf with the file or directory. For directories, remember to add -R to apply the same settings to all files and directories within.

Troubleshooting

If WordPress prompts you to enter the credentials of your FTP, add the following line to the end of wp-config.

define('FS_METHOD', 'direct');

Hope you are now able to update WordPress with SELinux enabled.

Give this article a clap if it helped you. ☺

Apache
Centos
Nginx
Security
WordPress

--

--

Daryl Ng

Written by Daryl Ng

42 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams