MaxLazar/nginx.conf

## nginx.conf
location ~* /xmlrpc.php$ {
    allow 172.0.1.1;
    deny all;
}

if ($request_method !~ ^(GET|POST)$ ) {
    return 444;
}

location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
    deny all;
    access_log off;
    log_not_found off;
}

location ~ /\.(svn|git)/* {
    deny all;
    access_log off;
    log_not_found off;
}
location ~ /\.ht {
    deny all;
    access_log off;
    log_not_found off;
}
location ~ /\.user.ini {
    deny all;
    access_log off;
    log_not_found off;
}

#Hide the nginx version.
server_tokens off;

#Hide the PHP version.
fastcgi_hide_header X-Powered-By;
proxy_hide_header X-Powered-By;

add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

location ~ ^/(?!(blog)/?) {
    deny all;
    access_log off;
    log_not_found off;
}

set $comment_flagged 0;
set $comment_request_method 0;
set $comment_request_uri 0;
set $comment_referrer 1;

if ($request_method ~ "POST"){
    set $comment_request_method 1;
}

if ($request_uri ~ "/wp-comments-post\.php$"){
    set $comment_request_method 1;
}

if ($http_referer !~ "^https?://(([^/]+\.)?site\.com|jetpack\.wordpress\.com/jetpack-comment)(/|$)"){
    set $comment_referrer 0;
}

set $comment_flagged "${comment_request_method}${comment_request_uri}${comment_referrer}";
if ($comment_flagged = "111") {
    return 403;
}

limit_req_zone $binary_remote_addr zone=WPRATELIMIT:10m rate=2r/s;
location ~ \wp-login.php$ {
    limit_req zone=WPRATELIMIT;
}

autoindex off;
	location ~* /xmlrpc.php$ {
	allow 172.0.1.1;
	deny all;
	}

	if ($request_method !~ ^(GET\|POST)$ ) {
	return 444;
	}

	location ~* /(?:uploads\|files\|wp-content\|wp-includes\|akismet)/.*.php$ {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ /\.(svn\|git)/* {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~ /\.ht {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~ /\.user.ini {
	deny all;
	access_log off;
	log_not_found off;
	}

	#Hide the nginx version.
	server_tokens off;

	#Hide the PHP version.
	fastcgi_hide_header X-Powered-By;
	proxy_hide_header X-Powered-By;

	add_header X-Frame-Options SAMEORIGIN;
	add_header Strict-Transport-Security "max-age=31536000";
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";

	location ~ ^/(?!(blog)/?) {
	deny all;
	access_log off;
	log_not_found off;
	}

	set $comment_flagged 0;
	set $comment_request_method 0;
	set $comment_request_uri 0;
	set $comment_referrer 1;

	if ($request_method ~ "POST"){
	set $comment_request_method 1;
	}

	if ($request_uri ~ "/wp-comments-post\.php$"){
	set $comment_request_method 1;
	}

	if ($http_referer !~ "^https?://(([^/]+\.)?site\.com\|jetpack\.wordpress\.com/jetpack-comment)(/\|$)"){
	set $comment_referrer 0;
	}

	set $comment_flagged "${comment_request_method}${comment_request_uri}${comment_referrer}";
	if ($comment_flagged = "111") {
	return 403;
	}

	limit_req_zone $binary_remote_addr zone=WPRATELIMIT:10m rate=2r/s;
	location ~ \wp-login.php$ {
	limit_req zone=WPRATELIMIT;
	}

	autoindex off;