First of all SELinux is your friend not your enemy.
Hosting WordPress on SELinux enforced systems like Centos8 will mostly ruin your security concept since the majority would straight away disable SELinux leaving the system open to all other nasty exploitation attacks against running services.
TL;DR
Please don’t forget to adjust your WordPress root path.
For more information read the man page semanage-fcontext(8).
semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/wordpress/wp-content" semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/wordpress/wp-content/plugins(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/wordpress/wp-content/themes(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/wordpress/wp-content/upgrade(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/wordpress/wp-content/uploads(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/wordpress/wp-content/wflogs(/.*)?"
Make sure your default label for e.g. /usr/share/nginx/ is “httpd_sys_content_t”.
[root@53c70r wordpress]# semanage fcontext -l | grep /usr/share/nginx/ /usr/share/nginx/html(/.*)? all files system_u:object_r:httpd_sys_content_t:s0
This will cause all other files not defined by our own file context to be read only.
Finaly execute
restorecon -RFv /usr/share/nginx/
After the command being executed labeling should look as follow:
[root@53c70r wordpress]# ll -Z total 208 -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 405 Apr 17 23:32 index.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 19915 Aug 27 23:24 license.txt -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 7278 Sep 23 00:56 readme.html -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 7101 Aug 27 23:24 wp-activate.php drwxr-xr-x. 9 nginx nginx system_u:object_r:httpd_sys_content_t:s0 4096 Jan 19 2020 wp-admin -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 351 Apr 17 23:32 wp-blog-header.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 2332 Aug 27 23:24 wp-comments-post.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 2897 Jan 19 2020 wp-config.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 2913 Apr 17 23:32 wp-config-sample.php drwxr-xr-x. 7 nginx nginx system_u:object_r:httpd_sys_rw_content_t:s0 96 Sep 23 00:57 wp-content -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 3940 Apr 17 23:32 wp-cron.php drwxr-xr-x. 24 nginx nginx system_u:object_r:httpd_sys_content_t:s0 8192 Aug 27 23:24 wp-includes -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 2496 Apr 17 23:32 wp-links-opml.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 3300 Apr 17 23:32 wp-load.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 48761 Aug 27 23:24 wp-login.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 8509 Jun 17 12:56 wp-mail.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 20181 Aug 27 23:24 wp-settings.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 31159 Aug 27 23:24 wp-signup.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 4755 Apr 17 23:32 wp-trackback.php -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 3236 Aug 27 23:24 xmlrpc.php [root@53c70r wordpress]# ll -Z wp-content/ total 4 -rw-r--r--. 1 nginx nginx system_u:object_r:httpd_sys_content_t:s0 28 Jan 19 2020 index.php drwxr-xr-x. 7 nginx nginx system_u:object_r:httpd_sys_rw_content_t:s0 129 Sep 23 00:49 plugins drwxr-xr-x. 4 nginx nginx system_u:object_r:httpd_sys_rw_content_t:s0 56 Aug 27 23:17 themes drwxr-xr-x. 2 nginx nginx system_u:object_r:httpd_sys_rw_content_t:s0 6 Sep 23 00:56 upgrade drwxr-xr-x. 6 nginx nginx system_u:object_r:httpd_sys_rw_content_t:s0 68 Jan 19 2020 uploads drwxr-xr-x. 2 nginx nginx system_u:object_r:httpd_sys_rw_content_t:s0 224 Jan 19 2020 wflogs
If you want to upgrade your WordPress later just execute this before
setsebool httpd_unified 1
And when your upgrade is finished
setsebool httpd_unified 0