Created
July 13, 2021 16:45
-
-
Save 2shrestha22/fe75bc9ebe7afddaef652468d2573d27 to your computer and use it in GitHub Desktop.
WordPress nginx config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/nginx/snippets/wp.conf | |
# include inside server block | |
index index.php; | |
location / { | |
# try to serve static file if not found then directory then php | |
# include the "?$args" part so non-default permalinks doesn't break when usi> | |
try_files $uri $uri/ /index.php?$args; | |
} | |
# php-fpm7.4, check your php-fpm version and setup accordingly | |
location ~ \.php$ { | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; | |
#include snippets/fastcgi-php.conf; | |
fastcgi_intercept_errors on; | |
#The following parameter can be also included in fastcgi_params file | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
} | |
# favicon.ico | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
} | |
# CACHING RELATED | |
# robots.txt | |
location = /robots.txt { | |
# wordpress dynamically generates robots.txt | |
try_files $uri $uri/ /index.php?$args; | |
allow all; | |
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0"; | |
expires -1; | |
log_not_found off; | |
access_log off; | |
} | |
location ~* \.(xml|xsl)$ { | |
# wordpress dynamically generates sitemap.xml | |
try_files $uri $uri/ /index.php?$args; | |
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0"; | |
expires -1; | |
log_not_found off; | |
access_log off; | |
} | |
location /wp-cron.php { | |
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0"; | |
expires -1; | |
} | |
# END CACHING RELATED | |
# static assets caching | |
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { | |
expires max; | |
log_not_found off; | |
} | |
# RESTRICTIONS | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~ /\. { | |
deny all; | |
} | |
# Deny access to any files with a .php extension in the uploads directory | |
# Works in sub-directory installs and also in multisite network | |
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | |
location ~* /(?:uploads|files)/.*\.php$ { | |
deny all; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment