Instantly share code, notes, and snippets.

Embed
What would you like to do?
[nginx] WordPress システムファイルプロテクション
# Protect System Files
location ~ /\.(?!well-known) { deny all; access_log off; log_not_found off; }
location ~* /wp-includes/.*\.php$ { access_log off; log_not_found off; return 404; }
location ~* /wp-admin/includes/.*$ { access_log off; log_not_found off; return 404; }
location ~* /wp-content/uploads/.*\.php$ { access_log off; log_not_found off; return 404; }
location ~* /wp-(config|blog-header)\.php$ { access_log off; log_not_found off; return 404; }
location ~* /(readme|readme-[^\.]+)\.(txt|html?)$ { access_log off; log_not_found off; return 404; }
location ~* .*\.(cache|sql|log|bak)$ { access_log off; log_not_found off; return 404; }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment