nginxconfig.io/public/templates/conf/_wordpress.conf.html

# allow tinymce
location = /wp-includes/js/tinymce/wp-tinymce.php {
	include _php_fastcgi.conf;
}

# wp-content, wp-includes php files
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
	deny all;
}

# wp-content/uploads nasty stuff
location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
	deny all;
}

# wp-content/plugins nasty stuff
location ~* ^/wp-content/plugins/.*\.(?!{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }}) {
	deny all;
}

# WordPress stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
	deny all;
}<span ng-if="isLimitReq()">

# wp-login.php throttle
location = /wp-login.php {
	limit_req zone=login burst=2 nodelay;
	include _php_fastcgi.conf;
}</span>
initial commit 2018-01-07 15:30:12 +00:00			`# allow tinymce`
			`location = /wp-includes/js/tinymce/wp-tinymce.php {`
			`include _php_fastcgi.conf;`
			`}`

			`# wp-content, wp-includes php files`
cdn support, regex fixes 2018-01-07 21:42:27 +00:00			`location ~* ^/(?:wp-content\|wp-includes)/.*\.php$ {`
initial commit 2018-01-07 15:30:12 +00:00			`deny all;`
			`}`

			`# wp-content/uploads nasty stuff`
cdn support, regex fixes 2018-01-07 21:42:27 +00:00			`location ~* ^/wp-content/uploads/.*\.(?:s?html?\|php\|js\|swf)$ {`
initial commit 2018-01-07 15:30:12 +00:00			`deny all;`
			`}`

			`# wp-content/plugins nasty stuff`
cdn support, regex fixes 2018-01-07 21:42:27 +00:00			`location ~* ^/wp-content/plugins/.*\.(?!{{ extensions.assets }}\|{{ extensions.fonts }}\|{{ extensions.svg }}\|{{ extensions.images }}\|{{ extensions.audio }}\|{{ extensions.video }}\|{{ extensions.docs }}) {`
initial commit 2018-01-07 15:30:12 +00:00			`deny all;`
			`}`

			`# WordPress stuff`
WordPress: deny wp-links-opml.php 2018-01-22 20:57:47 +00:00			`location ~* ^/(?:xmlrpc\.php\|wp-links-opml\.php\|wp-config\.php\|wp-config-sample\.php\|wp-comments-post\.php\|readme\.html\|license\.txt)$ {`
initial commit 2018-01-07 15:30:12 +00:00			`deny all;`
major refactor 2018-02-18 13:02:11 +00:00			`}<span ng-if="isLimitReq()">`
initial commit 2018-01-07 15:30:12 +00:00
			`# wp-login.php throttle`
			`location = /wp-login.php {`
			`limit_req zone=login burst=2 nodelay;`
			`include _php_fastcgi.conf;`
tabulation fixes 2018-01-08 01:49:44 +00:00			`}</span>`