41 lines
908 B
Plaintext
41 lines
908 B
Plaintext
# WordPress COMMON SETTINGS
|
|
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE Webinoly
|
|
|
|
# Limit access to avoid brute force attack
|
|
# https://baraktawily.blogspot.com/2018/02/how-to-dos-29-of-world-wide-websites.html
|
|
location /wp-admin {
|
|
location ~ /wp-admin/admin-ajax.php$ {
|
|
limit_req zone=wp burst=6 nodelay;
|
|
include fastcgi_params;
|
|
fastcgi_pass php;
|
|
}
|
|
location ~* /wp-admin/.*\.php$ {
|
|
limit_req zone=wp burst=6 nodelay;
|
|
include common/acl.conf;
|
|
include fastcgi_params;
|
|
fastcgi_pass php;
|
|
}
|
|
}
|
|
location = /wp-login.php {
|
|
limit_req zone=one burst=1 nodelay;
|
|
include common/acl.conf;
|
|
include fastcgi_params;
|
|
fastcgi_pass php;
|
|
}
|
|
|
|
# Disable wp-config.txt
|
|
location = /wp-config.txt {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Disallow php in upload folder
|
|
location /wp-content/uploads/ {
|
|
location ~ \.php$ {
|
|
#Prevent Direct Access Of PHP Files From Web Browsers
|
|
deny all;
|
|
}
|
|
}
|
|
|