What Apache Needs Access To & Why
READ access to everything:
Apache needs to read ALL WordPress files to serve your website:
- PHP files (to execute them)
- CSS, JS, images (to serve to visitors)
- Theme and plugin files (to run your site)
WRITE access only to specific directories:
wp-content/uploads/- When users upload images through the media librarywp-content/plugins/- When installing/updating plugins via dashboardwp-content/themes/- When installing/updating themes via dashboardwp-content/upgrade/- Temporary directory for updateswp-content/cache/- If using caching plugins (if exists)
Optionally WRITE access for auto-updates:
wp-admin/- Core WordPress admin fileswp-includes/- Core WordPress system files- Root WordPress files (like
wp-config.phpduring major updates)
SELinux
You will probably need to set to Permissive on updates SELinux