2017-09-16 20:37:13 +00:00
|
|
|
# WordPress COMMON SETTINGS
|
|
|
|
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
2018-06-22 14:53:29 +00:00
|
|
|
|
2017-09-16 20:37:13 +00:00
|
|
|
# Limit access to avoid brute force attack
|
2018-06-22 14:53:29 +00:00
|
|
|
# https://baraktawily.blogspot.com/2018/02/how-to-dos-29-of-world-wide-websites.html
|
2018-06-28 00:29:55 +00:00
|
|
|
location /wp-admin {
|
|
|
|
|
location ~ /wp-admin/admin-ajax.php$ {
|
2018-12-10 02:56:15 +00:00
|
|
|
limit_req zone=wp burst=6 nodelay;
|
2018-06-28 00:29:55 +00:00
|
|
|
include fastcgi_params;
|
|
|
|
|
fastcgi_pass php;
|
|
|
|
|
}
|
|
|
|
|
location ~* /wp-admin/.*\.php$ {
|
2018-07-06 19:02:51 +00:00
|
|
|
limit_req zone=wp burst=6 nodelay;
|
2018-06-28 00:29:55 +00:00
|
|
|
include common/acl.conf;
|
|
|
|
|
include fastcgi_params;
|
|
|
|
|
fastcgi_pass php;
|
|
|
|
|
}
|
2018-06-22 14:53:29 +00:00
|
|
|
}
|
2017-09-16 20:37:13 +00:00
|
|
|
location = /wp-login.php {
|
2018-06-22 14:53:29 +00:00
|
|
|
limit_req zone=one burst=1 nodelay;
|
|
|
|
|
include common/acl.conf;
|
|
|
|
|
include fastcgi_params;
|
|
|
|
|
fastcgi_pass php;
|
2017-09-16 20:37:13 +00:00
|
|
|
}
|
2018-06-22 14:53:29 +00:00
|
|
|
|
2017-09-16 20:37:13 +00:00
|
|
|
# Disable wp-config.txt
|
|
|
|
|
location = /wp-config.txt {
|
2018-06-22 14:53:29 +00:00
|
|
|
deny all;
|
|
|
|
|
access_log off;
|
|
|
|
|
log_not_found off;
|
2017-09-16 20:37:13 +00:00
|
|
|
}
|
2018-06-22 14:53:29 +00:00
|
|
|
|
2017-09-16 20:37:13 +00:00
|
|
|
# Disallow php in upload folder
|
|
|
|
|
location /wp-content/uploads/ {
|
2018-06-22 14:53:29 +00:00
|
|
|
location ~ \.php$ {
|
|
|
|
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
|
|
|
|
deny all;
|
2018-12-10 02:56:15 +00:00
|
|
|
}
|
2017-09-16 20:37:13 +00:00
|
|
|
}
|
2018-06-22 14:53:29 +00:00
|
|
|
|
