From 8789bd2c9c7128f65ab3ed11039d6f6b3cd7d60d Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@debianiste.org>
Date: Sat, 3 Sep 2016 12:43:28 +0200
Subject: [PATCH] Add some security rules for wordpress

---
 templates/etc/nginx/sites-available/_wordpress.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/templates/etc/nginx/sites-available/_wordpress.j2 b/templates/etc/nginx/sites-available/_wordpress.j2
index b99565d..ca560c5 100644
--- a/templates/etc/nginx/sites-available/_wordpress.j2
+++ b/templates/etc/nginx/sites-available/_wordpress.j2
@@ -3,3 +3,9 @@
 {% block template_try_files %}
 	try_files $uri $uri/ /index.php?$args;
 {% endblock %}
+
+{% block template_custom_location %}
+	location ~* /(?:uploads|files)/.*\.php$ {
+		deny all;
+	}
+{% endblock %}