Skip to content

Instantly share code, notes, and snippets.

@2shrestha22
Created July 13, 2021 16:45
Show Gist options
  • Save 2shrestha22/fe75bc9ebe7afddaef652468d2573d27 to your computer and use it in GitHub Desktop.
Save 2shrestha22/fe75bc9ebe7afddaef652468d2573d27 to your computer and use it in GitHub Desktop.
WordPress nginx config
# /etc/nginx/snippets/wp.conf
# include inside server block
index index.php;
location / {
# try to serve static file if not found then directory then php
# include the "?$args" part so non-default permalinks doesn't break when usi>
try_files $uri $uri/ /index.php?$args;
}
# php-fpm7.4, check your php-fpm version and setup accordingly
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
#The following parameter can be also included in fastcgi_params file
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# CACHING RELATED
# robots.txt
location = /robots.txt {
# wordpress dynamically generates robots.txt
try_files $uri $uri/ /index.php?$args;
allow all;
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0";
expires -1;
log_not_found off;
access_log off;
}
location ~* \.(xml|xsl)$ {
# wordpress dynamically generates sitemap.xml
try_files $uri $uri/ /index.php?$args;
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0";
expires -1;
log_not_found off;
access_log off;
}
location /wp-cron.php {
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0";
expires -1;
}
# END CACHING RELATED
# static assets caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
# RESTRICTIONS
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment