gcch/haiku-atelier-2024
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
haiku-atelier-2024/containers/conf/angie/snippets/wordpress-example.conf
gcch 66397de267 2025-11-04
2025-11-04 13:27:49 +01:00

124 lines
2.6 KiB
Text
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#
# A sample .conf file for enhancing wordpress security
# Include this file in your wordpress vhost
#
# httpblock: limit_req_zone $binary_remote_addr zone=WPRATELIMIT:10m rate=2r/s;
location ~ \wp-login.php$ {
limit_req zone=WPRATELIMIT;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
# log_not_found off;
# access_log off;
}
location ~ /\. {
deny all;
}
#Deny access to wp-content folders for suspicious files
location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z|sql|bak|txt|orig|confbak|log|old|orig|original|php#|php~|php_bak|save|swo|swp)\$ {
deny all;
}
location ~ ^/wp-content/uploads/sucuri {
deny all;
}
location ~ ^/wp-content/updraft {
deny all;
}
# nginx block wpscann on plugins folder
location ~* ^/wp-content/plugins/.+\.(txt|log|md)$ {
deny all;
error_page 403 =404 / ;
}
# block access to install.php and upgrade.php
location ^~ /wp-admin/install.php {
deny all;
error_page 403 =404 / ;
}
location ^~ /wp-admin/upgrade.php {
deny all;
error_page 403 =404 / ;
}
# Stop scann for the follow files on themes folder
location ~* ^/wp-content/themes/.+\.(txt|log|md)$ {
deny all;
error_page 403 =404 / ;
}
#Disable execution of scripts other than PHP from your document root
location ~* .(pl|cgi|py|sh|lua|asp)$ {
return 444;
}
#Disable access to your configuration files and other files that you dont want to users are able to see
location ~* /(wp-config.php|readme.html|license.txt|nginx.conf) {
deny all;
}
# Disable wp-config.txt
location = /wp-config.txt {
deny all;
access_log off;
log_not_found off;
}
location ~* /xmlrpc.php$ {
allow 172.30.0.0/16;
deny all;
}
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
return 444;
}
# Deny access to uploads that arent images, videos, music, etc.
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
deny all;
}
location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
deny all;
# access_log off;
# log_not_found off;
}
location ~ /\.(svn|git)/* {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.ht {
deny all;
access_log off;
log_not_found off;
}
location ~ /\.user.ini {
deny all;
access_log off;
log_not_found off;
}
#location ~ ^/(?!(blog)/?) {
# deny all;
# access_log off;
# log_not_found off;
#}
# PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
# rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
# rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
Reference in a new issue View git blame Copy permalink