Categories
How-To

Update WordPress with SELinux Enabled

We are moving to Medium! You can read continue reading this article here or at Medium.

Are you getting permission errors when you update WordPress with SELinux enabled? And facing similar errors you when you install plugins like W3 Total Cache?

You are not alone!

I had just experienced this problem and it took me several hours to realize that it is due to SELinux. But don’t be tempted to disable SELinux completely.

In this article, I will show you how you can update WordPress with SELinux enabled.

What is SELinux?

SELinux, also known as Security-Enhanced Linux, is the bane of developers running web applications like WordPress on CentOS. But SELinux is there for a reason. It is a security module to support access control security policies. This limits privileges to the minimum.

So, when you disable SELinux, you are opening your server to security vulnerabilities.

Start Hacking SELinux

Update the ownership of your WordPress folder. This depends on the server you are using, Apache or Nginx.

$ sudo chown nginx:nginx -R /path/to/wordpress

Next, you will need to update the permission of your files and directories respectively.

$ sudo find /path/to/wordpress -type f -exec chmod 0644 {} \;

$ sudo find /path/to/wordpress -type d -exec chmod 0755 {} \;

Now, you will need to configure SELinux permissions. You can check your current settings with -Z.

$ ls -Z
drwxr-xr-x. nginx nginx system_u:object_r:httpd_sys_content_t:s0 wordpress

The following line sets all the documents under the WordPress folder to read-only. This ensures that only the minimum permission required to perform read or write be granted to the document.

$ sudo chcon -t httpd_sys_content_t /path/to/wordpress -R

Here comes the important steps that will allow WordPress to perform updates and install plugins. This will allow WordPress to read and write to the wp-config file and wp-content directory.

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-config.php

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/wp-content -R

If you have just installed W3 Total Cache, you will get an error that nginx.conf cannot be written, as shown in the image below. The fix for this is simple.

W3 Total Cache nginx.conf error when WordPress with SELinux enabled

You will need to allow WordPress to do so with the line below.

$ sudo chcon -t httpd_sys_rw_content_t /path/to/wordpress/nginx.conf

So, if you are getting similar errors that a file or directory cannot be written, simply follow the step above and replace nginx.conf with the file or directory. For directories, remember to add -R to apply the same settings to all files and directories within

Troubleshooting

If WordPress prompts you to enter the credentials of your FTP, add the following line to the end of wp-config.

define('FS_METHOD', 'direct');

Are you getting inconsistent permission errors when you upgrade WordPress? Check out this article on inconsistent permission errors to fix this problem.

Hope this article helped you learned how to update WordPress with SELinux enabled. Stay secure, stay safe.

If you liked this article, please do share this article with your friends and family.