Created
June 3, 2020 04:05
-
-
Save bachvtuan/63ca70ac09d2e3e76dc45f6c7b5cd47d to your computer and use it in GitHub Desktop.
Good Config For Wordpress site to prevent attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name yoursite.com; | |
| rewrite ^ https://$server_name$request_uri? permanent; | |
| } | |
| server { | |
| listen 443; | |
| server_name yoursite.com www.yoursite.com; | |
| # listen [::]:80 default_server ipv6only=on; | |
| root /var/www/path/wordpress; | |
| index index.php index.html index.htm; | |
| ssl on; | |
| ssl_certificate /etc/ssl/path/ssl.crt; | |
| ssl_certificate_key /etc/ssl/path/private.key; | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_session_timeout 4h; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; | |
| ssl_dhparam /etc/nginx/cert/dhparam.pem; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| ssl_trusted_certificate /etc/ssl/path/trustchain.crt; | |
| resolver 8.8.8.8 8.8.4.4; | |
| #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; | |
| add_header Strict-Transport-Security "max-age=31536000"; | |
| # BEGIN W3TC Browser Cache | |
| gzip on; | |
| gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; | |
| # END W3TC Browser Cache | |
| client_max_body_size 2000M; | |
| location / { | |
| if (-e $request_filename) { | |
| expires max; | |
| break; | |
| } | |
| if (!-e $request_filename) { | |
| rewrite ^/(.*)$ /index.php?c=$1 last; | |
| } | |
| } | |
| location ~* /xmlrpc.php { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| location ~* /wp-includes/.*.php$ { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| location ~* /wp-content/.*.php$ { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| location ~* /modules/.*.php$ { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # Basic http login | |
| # location ~* /wp-login.php$ { | |
| # auth_basic "Private Property"; | |
| # auth_basic_user_file /etc/nginx/.htpasswd; | |
| # include fastcgi_params; | |
| # fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; | |
| # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| # } | |
| location ~ \.php$ { | |
| include snippets/fastcgi-php.conf; | |
| # With php7.0-cgi alone: | |
| #fastcgi_pass 127.0.0.1:9000; | |
| # With php7.0-fpm: | |
| fastcgi_pass unix:/run/php/php7.0-fpm.sock; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment