45 lines
888 B
Plaintext
45 lines
888 B
Plaintext
##
|
|
# Deny access to any files with a .php extension in any uploads / files directory
|
|
# add more folder names to protect as you like
|
|
##
|
|
|
|
location ~* /(?:uploads|files)/.*\.php$ {
|
|
return 418;
|
|
}
|
|
|
|
##
|
|
# Block attempts to access PHPMyAdmin.
|
|
# If you use phpmyadmin, DO NOT activate this rule !!!
|
|
# Disabled by default
|
|
##
|
|
|
|
location ~* .(administrator|[pP]hp[mM]y[aA]dmin) {
|
|
return 418;
|
|
}
|
|
|
|
##
|
|
# Protect any config files in your web root
|
|
##
|
|
|
|
location ~* /(wp-config.php|nginx.conf|wp-config-sample.php) {
|
|
return 418;
|
|
}
|
|
|
|
##
|
|
# Block access to anything non image/video/music/document related from your uploads folder.
|
|
##
|
|
|
|
location ~* ^/wp-content/uploads/.*.(asp|cgi|htm|html|js|jsp|php|pl|py|sh|shtml|swf)$ {
|
|
return 418;
|
|
}
|
|
|
|
##
|
|
# Disallows Access to plugin or theme readme files
|
|
# Also helps block Wordpress Theme Detectors
|
|
##
|
|
|
|
location ~* /wp-content/.*.txt$ {
|
|
return 418;
|
|
}
|
|
|