Skip to content

Instantly share code, notes, and snippets.

@iamkingsleyf

iamkingsleyf/betterwp-security-nginx-rewrite

Created February 23, 2015 09:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iamkingsleyf/fe251e350f5e6dc08c5e to your computer and use it in GitHub Desktop.
Save iamkingsleyf/fe251e350f5e6dc08c5e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
betterwp-security-nginx-rewrite
# BEGIN Ban Users
# Begin HackRepair.com Blacklist
if ($http_user_agent ~* "^[Ww]eb[Bb]andit"){ return 403; }
if ($http_user_agent ~* "^binlar"){ return 403; }
if ($http_user_agent ~* "^BlackWidow"){ return 403; }
if ($http_user_agent ~ "^Bolt"){ return 403; }
if ($http_user_agent ~* "^casper"){ return 403; }
if ($http_user_agent ~* "^ChinaClaw"){ return 403; }
if ($http_user_agent ~* "^cmsworldmap"){ return 403; }
if ($http_user_agent ~* "^comodo"){ return 403; }
if ($http_user_agent ~* "^Custo"){ return 403; }
if ($http_user_agent ~ "^Default"){ return 403; }
if ($http_user_agent ~* "^diavol"){ return 403; }
if ($http_user_agent ~* "^DIIbot"){ return 403; }
if ($http_user_agent ~* "^DISCo"){ return 403; }
if ($http_user_agent ~* "^dotbot"){ return 403; }
if ($http_user_agent ~* "^eCatch"){ return 403; }
if ($http_user_agent ~* "^EirGrabber"){ return 403; }
if ($http_user_agent ~* "^EmailCollector"){ return 403; }
if ($http_user_agent ~* "^EmailSiphon"){ return 403; }
if ($http_user_agent ~* "^EmailWolf"){ return 403; }
if ($http_user_agent ~* "^ExtractorPro"){ return 403; }
if ($http_user_agent ~* "^EyeNetIE"){ return 403; }
if ($http_user_agent ~* "^feedfinder"){ return 403; }
if ($http_user_agent ~* "^FlashGet"){ return 403; }
if ($http_user_agent ~* "^flicky"){ return 403; }
if ($http_user_agent ~* "^GetRight"){ return 403; }
if ($http_user_agent ~* "^GetWeb!"){ return 403; }
if ($http_user_agent ~* "^Go-Ahead-Got-It"){ return 403; }
if ($http_user_agent ~* "^Go!Zilla"){ return 403; }
if ($http_user_agent ~* "^GrabNet"){ return 403; }
if ($http_user_agent ~* "^Grafula"){ return 403; }
if ($http_user_agent ~* "^HMView"){ return 403; }
if ($http_user_agent ~* "^ia_archiver"){ return 403; }
if ($http_user_agent ~* "^InterGET"){ return 403; }
if ($http_user_agent ~* "^InternetSeer.com"){ return 403; }
if ($http_user_agent ~* "^jakarta"){ return 403; }
if ($http_user_agent ~* "^Java"){ return 403; }
if ($http_user_agent ~* "^JetCar"){ return 403; }
if ($http_user_agent ~* "^kmccrew"){ return 403; }
if ($http_user_agent ~* "^larbin"){ return 403; }
if ($http_user_agent ~* "^LeechFTP"){ return 403; }
if ($http_user_agent ~* "^Maxthon$"){ return 403; }
if ($http_user_agent ~* "^microsoft.url"){ return 403; }
if ($http_user_agent ~* "^Mozilla.*Indy"){ return 403; }
if ($http_user_agent ~* "^Mozilla.*NEWT"){ return 403; }
if ($http_user_agent ~* "^MSFrontPage"){ return 403; }
if ($http_user_agent ~* "^Navroad"){ return 403; }
if ($http_user_agent ~* "^NearSite"){ return 403; }
if ($http_user_agent ~* "^NetAnts"){ return 403; }
if ($http_user_agent ~* "^NetSpider"){ return 403; }
if ($http_user_agent ~* "^NetZIP"){ return 403; }
if ($http_user_agent ~* "^nutch"){ return 403; }
if ($http_user_agent ~* "^Octopus"){ return 403; }
if ($http_user_agent ~* "^PageGrabber"){ return 403; }
if ($http_user_agent ~* "^pavuk"){ return 403; }
if ($http_user_agent ~* "^pcBrowser"){ return 403; }
if ($http_user_agent ~* "^PeoplePal"){ return 403; }
if ($http_user_agent ~* "^planetwork"){ return 403; }
if ($http_user_agent ~* "^psbot"){ return 403; }
if ($http_user_agent ~* "^purebot"){ return 403; }
if ($http_user_agent ~* "^pycurl"){ return 403; }
if ($http_user_agent ~* "^RealDownload"){ return 403; }
if ($http_user_agent ~* "^ReGet"){ return 403; }
if ($http_user_agent ~* "^Rippers"){ return 403; }
if ($http_user_agent ~* "^SeaMonkey$"){ return 403; }
if ($http_user_agent ~* "^sitecheck.internetseer.com"){ return 403; }
if ($http_user_agent ~* "^SiteSnagger"){ return 403; }
if ($http_user_agent ~* "^skygrid"){ return 403; }
if ($http_user_agent ~* "^SmartDownload"){ return 403; }
if ($http_user_agent ~* "^sucker"){ return 403; }
if ($http_user_agent ~* "^SuperBot"){ return 403; }
if ($http_user_agent ~* "^SuperHTTP"){ return 403; }
if ($http_user_agent ~* "^Surfbot"){ return 403; }
if ($http_user_agent ~* "^tAkeOut"){ return 403; }
if ($http_user_agent ~* "^Teleport"){ return 403; }
if ($http_user_agent ~* "^Toata"){ return 403; }
if ($http_user_agent ~* "^turnit"){ return 403; }
if ($http_user_agent ~* "^vikspider"){ return 403; }
if ($http_user_agent ~* "^VoidEYE"){ return 403; }
if ($http_user_agent ~* "^WebAuto"){ return 403; }
if ($http_user_agent ~* "^WebCopier"){ return 403; }
if ($http_user_agent ~* "^WebFetch"){ return 403; }
if ($http_user_agent ~* "^WebLeacher"){ return 403; }
if ($http_user_agent ~* "^WebReaper"){ return 403; }
if ($http_user_agent ~* "^WebSauger"){ return 403; }
if ($http_user_agent ~* "^WPScan"){ return 403; }
if ($http_user_agent ~* "^WebStripper"){ return 403; }
if ($http_user_agent ~* "^WebWhacker"){ return 403; }
if ($http_user_agent ~* "^WebZIP"){ return 403; }
if ($http_user_agent ~* "^Wget"){ return 403; }
if ($http_user_agent ~* "^Widow"){ return 403; }
if ($http_user_agent ~* "^WWW-Mechanize"){ return 403; }
if ($http_user_agent ~* "^WWWOFFLE"){ return 403; }
if ($http_user_agent ~* "^Zeus"){ return 403; }
if ($http_user_agent ~* "^zmeu"){ return 403; }
if ($http_user_agent ~* "CazoodleBot"){ return 403; }
if ($http_user_agent ~* "discobot"){ return 403; }
if ($http_user_agent ~* "ecxi"){ return 403; }
if ($http_user_agent ~* "GT::WWW"){ return 403; }
if ($http_user_agent ~* "heritrix"){ return 403; }
if ($http_user_agent ~* "HTTP::Lite"){ return 403; }
if ($http_user_agent ~* "HTTrack"){ return 403; }
if ($http_user_agent ~* "ia_archiver"){ return 403; }
if ($http_user_agent ~* "id-search"){ return 403; }
if ($http_user_agent ~* "id-search.org"){ return 403; }
if ($http_user_agent ~* "IDBot"){ return 403; }
if ($http_user_agent ~* "IRLbot"){ return 403; }
if ($http_user_agent ~* "LinksManager.com_bot"){ return 403; }
if ($http_user_agent ~* "linkwalker"){ return 403; }
if ($http_user_agent ~* "lwp-trivial"){ return 403; }
if ($http_user_agent ~* "MFC_Tear_Sample"){ return 403; }
if ($http_user_agent ~* "panscient.com"){ return 403; }
if ($http_user_agent ~* "PECL::HTTP"){ return 403; }
if ($http_user_agent ~* "PHPCrawl"){ return 403; }
if ($http_user_agent ~* "PleaseCrawl"){ return 403; }
if ($http_user_agent ~* "SBIder"){ return 403; }
if ($http_user_agent ~* "Snoopy"){ return 403; }
if ($http_user_agent ~* "Steeler"){ return 403; }
if ($http_user_agent ~* "URI::Fetch"){ return 403; }
if ($http_user_agent ~* "urllib"){ return 403; }
if ($http_user_agent ~* "User-Agent"){ return 403; }
if ($http_user_agent ~* "webalta"){ return 403; }
if ($http_user_agent ~* "WebCollage"){ return 403; }
if ($http_user_agent ~* "zermelo"){ return 403; }
if ($http_user_agent ~* "ZyBorg"){ return 403; }
# END Ban Users
# BEGIN Tweaks
# Rules to block access to WordPress specific files and wp-includes
location ~ /\.ht { deny all; }
location ~ wp-config.php { deny all; }
location ~ readme.html { deny all; }
location ~ readme.txt { deny all; }
location ~ /install.php { deny all; }
location ^wp-includes/(.*).php { deny all; }
location ^/wp-admin/includes(.*)$ { deny all; }
# Rules to disable XML-RPC
location ~ xmlrpc.php { deny all; }
# Rules to prevent php execution in uploads
location ^(.*)/uploads/(.*).php(.?){ deny all; }
# Rules to block unneeded HTTP methods
if ($request_method ~* "^(TRACE|DELETE|TRACK)"){ return 403; }
# Rules to help reduce spam
location /wp-comments-post.php {
valid_referers jetpack.wordpress.com/jetpack-comment/ *.coralseait.com;
set $rule_0 0;
if ($request_method ~ "POST"){ set $rule_0 1$rule_0; }
if ($invalid_referer) { set $rule_0 2$rule_0; }
if ($http_user_agent ~ "^$"){ set $rule_0 3$rule_0; }
if ($rule_0 = "3210") { return 403; }
}
# END Tweaks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment