Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Common root location
- # location / {
- # This try_files directive is used to enable pretty, SEO-friendly URLs
- # and permalinks for Wordpress. Leave it *off* to start with, and then
- # turn it on once you've gotten Wordpress configured!
- # try_files $uri $uri/ /index.php?$args;
- # }
- # This location pevents any requests for the Wordpress admin interface
- # from being accepted if those requests don't come from your LAN. This
- # is optional but recommended.
- # location ~* wp-admin {
- # try_files $uri $uri/ =404;
- # allow 192.168.1.0/24;
- # allow 127.0.0.1;
- # deny all;
- # }
- # Show "Not Found" 404 errors in place of "Forbidden" 403 errors, because
- # forbidden errors allow attackers potential insight into your server's
- # layout and contents
- error_page 403 =404;
- # Prevent access to any files starting with a dot, like .htaccess
- # or text editor temp files
- location ~ /\. { access_log off; log_not_found off; deny all; }
- # Prevent access to any files starting with a $ (usually temp files)
- location ~ ~$ { access_log off; log_not_found off; deny all; }
- # Common deny or internal locations, to help prevent access to areas of
- # the site that should not be public
- location ~* wp-admin/includes { deny all; }
- location ~* wp-includes/theme-compat/ { deny all; }
- location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
- location /wp-content/ { internal; }
- location /wp-includes/ { internal; }
- # The next line protects the wp-config.php file from being accessed, but
- # we need to be able to run the file for the initial site setup. Uncomment
- # the next line after setup is completed and reload Nginx.
- location ~* wp-config.php { deny all; }
- # Prevent any potentially-executable files in the uploads directory from
- # being executed by forcing their MIME type to text/plain
- location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
- types { }
- default_type text/plain;
- }
- # Add trailing slash to */wp-admin requests so the admin interface
- # works correctly
- rewrite /wp-admin$ $scheme://$host$uri/ permanent;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement