Skip to content

Instantly share code, notes, and snippets.

@bjornjohansen
Last active April 1, 2022 13:46
Show Gist options
  • Save bjornjohansen/95192922525e975779b501addab49a28 to your computer and use it in GitHub Desktop.
Save bjornjohansen/95192922525e975779b501addab49a28 to your computer and use it in GitHub Desktop.
Nginx config for WordPress
index index.php index.html;
# Don’t log favicon requests
location /favicon.ico {
log_not_found off;
access_log off;
}
# Disallow access to readme.html
location /readme.html {
deny all;
access_log off;
log_not_found off;
}
# Disallow access to XML-RPC
location ~ xmlrpc\.php {
deny all;
access_log off;
log_not_found off;
}
# Allow access to the ACME Challenge (Let’s encrypt)
location ~ /\.well-known\/acme-challenge {
allow all;
auth_basic off;
}
# Disallow access to all other dotfiles
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny access to any files with a .php extension in the uploads directory
location ~* /uploads/.*\.php$ {
deny all;
access_log off;
log_not_found off;
}
if (!-e $request_filename) {
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# WordPress is in a subdir
rewrite (/wp-.*) /wp$1 last;
rewrite (/.*\.php)$ /wp$1 last;
# WordPress is in docroot
#rewrite (/wp-.*) /$1 last;
#rewrite (/.*\.php)$ /$1 last;
# Yoast SEO Sitemap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
}
# Directives to send expires headers and turn off 404 error logging.
location ~* \.(png|jpg|jpeg|gif|ico|woff|otf|ttf|eot)$ {
expires max;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public";
add_header Vary "Accept-Encoding";
}
# Directives to send expires headers and turn off 404 error logging.
location ~* \.(js|css|svg)$ {
expires max;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public";
}
location / {
# WordPress is in a subdir
try_files $uri $uri/ /wp/index.php?$args;
# WordPress is in docroot
#try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
# WordPress is in a subdir
try_files $uri /wp/index.php;
# WordPress is in docroot
#try_files $uri /index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_read_timeout 3600s;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Node $hostname;
if ($scheme = 'https') {
add_header Strict-Transport-Security "max-age=31536000; preload" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Node $hostname;
}
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
@KevinJaniky
Copy link

Thank's for this. You save my day.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment