# Redirección HTTP → HTTPS
server {
listen 80;
server_name tudominio.com www.tudominio.com;
return 301 https://$host$request_uri;
}
# Servidor HTTPS principal
server {
listen 443 ssl;
http2 on; # Sintaxis actualizada para Debian 13
server_name tudominio.com www.tudominio.com;
root /var/www/wordpress;
index index.php index.html;
# Certificados Let's Encrypt
ssl_certificate /etc/letsencrypt/live/tudominio.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tudominio.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Límites
client_max_body_size 64M;
# Logs
access_log /var/log/nginx/wordpress_access.log;
error_log /var/log/nginx/wordpress_error.log;
# Headers de seguridad (hardening)
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Server "nginx";
# WordPress / Permalinks
location / {
try_files $uri $uri/ /index.php?$args;
}
# PHP-FPM (Ajustado a PHP 8.3 para Debian 13)
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
fastcgi_intercept_errors on;
}
# Bloquear archivos sensibles y XML-RPC (frecuente vector de ataque)
location ~* /(wp-config\.php|readme\.html|license\.txt|xmlrpc\.php) {
deny all;
}
# Evitar ejecución PHP en carpetas de contenido
location ~* /wp-content/uploads/.*\.php$ {
deny all;
}
# Cache de activos estáticos con "immutable" (mejora rendimiento)
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
expires 30d;
access_log off;
add_header Cache-Control "public, immutable";
}
# Bloqueo de archivos ocultos
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
Created
February 8, 2026 16:19
-
-
Save jure-ve/6eb192809894d58f0b3ed50b57db3550 to your computer and use it in GitHub Desktop.
Configuración Final para Wordpress con Nginx en Debian 13
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment