ansible-playbooks/ubuntu/roles/webservers-nginx/files/wordpress-security.conf

# Global restrictions configuration file.
# Designed to be included in any server {} block.</p>
location = /favicon.ico {
        log_not_found off;
        access_log off;
}

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
}

# Deny access to any files with a .php extension in the uploads directory
location ~* ^/wp-content/uploads/.*.php$ {
        deny all;
        access_log off;
        log_not_found off;
}

# Deny access to any files with a .php extension in the uploads directory for multisite
location ~* /files/(.*).php$ {
        deny all;
        access_log off;
        log_not_found off;
}
Add a slightly modified playbook for Ubuntu systems. - No need for nginx repo anymore. 2015-05-24 17:22:57 +00:00			`# Global restrictions configuration file.`
			`# Designed to be included in any server {} block.</p>`
			`location = /favicon.ico {`
			`log_not_found off;`
			`access_log off;`
			`}`

			`location = /robots.txt {`
			`allow all;`
			`log_not_found off;`
			`access_log off;`
			`}`

			`# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).`
			`location ~ /\. {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`

			`# Deny access to any files with a .php extension in the uploads directory`
			`location ~* ^/wp-content/uploads/.*.php$ {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`

			`# Deny access to any files with a .php extension in the uploads directory for multisite`
			`location ~* /files/(.*).php$ {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`