ansible-playbooks/ubuntu/roles/webservers-nginx/files/wordpress-security.conf

35 lines
833 B
Plaintext
Raw Normal View History

# Global restrictions configuration file.
# Designed to be included in any server {} block.</p>
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny access to any files with a .php extension in the uploads directory
location ~* ^/wp-content/uploads/.*.php$ {
deny all;
access_log off;
log_not_found off;
}
# Deny access to any files with a .php extension in the uploads directory for multisite
location ~* /files/(.*).php$ {
deny all;
access_log off;
log_not_found off;
}