[NGINX] WORDPRESS - fourslickz/notes GitHub Wiki
server {
listen 80;
root /var/www/html/YOUR-DOMAIN;
index index.php index.html;
server_name YOUR-DOMAIN;
access_log /var/log/nginx/YOUR-DOMAIN.access.log;
error_log /var/log/nginx/YOUR-DOMAIN.error.log;
# Restrict access to sensitive files
location ~* wp-config.php {
deny all;
}
# Only allow access to index.php and wp-admin directory
location / {
if ($request_uri !~* ^/(index\.php|info\.php|wp-admin/|$)) {
return 403;
}
try_files $uri $uri/ /index.php?$is_args$args =404;
}
# Allow access to PHP files in wp-admin directory from special ip
location ~* /wp-admin {
allow 139.59.107.53;
deny all;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# Deny access to all PHP files except index.php in the root
location ~* \.php$ {
if ($uri !~* ^/(index|wp-login)\.php) {
return 403;
}
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 1200;
}
location ~ /\.ht {
deny all;
}
location ~ /\.git {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}