wordpress.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name www.server.name server.name;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 default_server;
  listen [::]:443 default_server ipv6only=on;
  server_name www.server.name server.name;
  root /var/www;
  index index.php;
  charset utf-8;

  error_log /var/log/nginx/server.name.log crit;

  ssl on;
  ssl_certificate /etc/ssl/certs/server.crt;
  ssl_certificate_key /etc/ssl/private/server.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  
  #The following only works on nginx 1.6 or newer
  #ssl_session_tickets off;
  
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;
  resolver 208.67.220.220 208.67.222.222 8.8.4.4 8.8.8.8;
  resolver_timeout 2s;

  client_max_body_size 20M;

  include /etc/nginx/conf.d/*;
  
	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ /index.php?$args;
	}

	error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
		root /usr/share/nginx/html;
	}

	# Block PHP files in uploads directory.
	location ~* /(?:uploads|files)/.*\.php$ {
	  deny all;
	}

	# Block PHP files in content directory.
	location ~* /wp-content/.*\.php$ {
	  deny all;
	}

	# Block PHP files in includes directory.
	location ~* /wp-includes/.*\.php$ {
  	  deny all;
	}

	# Block PHP files in uploads, content, and includes directory.
	location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
	  deny all;
	}

	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		include fastcgi_params;
		fastcgi_buffers 16 16k;
		fastcgi_buffer_size 32k;
	}