33 lines
1.2 KiB
Text
33 lines
1.2 KiB
Text
# Global restrictions configuration file.
|
|
# Designed to be included in any server {} block.
|
|
|
|
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac), .git.
|
|
location /.git { deny all; }
|
|
location /.htaccess { deny all; }
|
|
location /.htpasswd { deny all; }
|
|
location /.user.ini { deny all; }
|
|
# this actually covers every dot file, except what follows below it (ex: CertBot)
|
|
location ~ ^/\. { deny all; }
|
|
|
|
# but allow CertBot - see http://stackoverflow.com/a/34262192
|
|
location ^~ /.well-known/acme-challenge {
|
|
auth_basic off;
|
|
try_files $uri =404;
|
|
expires -1;
|
|
}
|
|
|
|
# Deny access to any files with a .php extension in the uploads directory
|
|
location ~* /uploads/.*\.php$ { deny all; }
|
|
|
|
# Deny access to any files with a .php extension in the uploads directory for multisite
|
|
location ~* /files/.*\.php$ { deny all; }
|
|
|
|
# Since version 2.5.7, Akismet introduced a new .htaccess file to block direct access to php files
|
|
# Ref: http://wordpress.org/extend/plugins/akismet/changelog/
|
|
location ~* /akismet/.*\.php$ { deny all; }
|
|
|
|
# Restrict direct access to cached content
|
|
location /wp-content/cache/ { deny all; }
|
|
|
|
# Deny access to backup files!
|
|
location ~ ~$ { deny all; }
|