API tools faq
paste
Advertisement
mikeg_de

Common security configuration for Nginx with Wordpress

mikeg_de
Nov 16th, 2014
203
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.91 KB | None | 0 0
raw download clone embed print report
  1. # Find full tutorial at: http://mikeg.de/project/cloud-nginx-server-wordpress/
  2.  
  3. # Deny access to hidden files
  4. location ~* /\. {
  5. deny all;
  6. access_log off;
  7. log_not_found off;
  8. }
  9.  
  10. # Deny access to any files with a .php extension in the uploads directory
  11. location ~* /(?:uploads|files)/.*\.php$ {
  12. deny all;
  13. }
  14.  
  15. # Deny access to any files starting with a $ (usually temp files)
  16. location ~ ~$ {
  17. deny all;
  18. }
  19.  
  20. # Deny access to system files in root
  21. location ~ /(\.|wp-config.php|liesmich.html|readme.html|license.txt) {
  22. deny all;
  23. }
  24.  
  25. # Allow access to favicon and robots.txt
  26. location = /(favicon\.ico|robots\.txt) {
  27. allow all;
  28. log_not_found off;
  29. access_log off;
  30. }
  31.  
  32. # Only recommended when wordpress comments are disabled
  33. # location ~ /(\.|wp-config.php|liesmich.html|readme.html|xmlrpc.php|wp-comments-post.php) {
  34. # return 444
  35. # }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!