Add some security rules for wordpress

2026-02-24 09:03:29 +07:00 · 2016-09-03 12:43:28 +02:00
parent a2e6e98436
commit 8789bd2c9c
1 changed files with 6 additions and 0 deletions
--- a/templates/etc/nginx/sites-available/_wordpress.j2
+++ b/templates/etc/nginx/sites-available/_wordpress.j2
@@ -3,3 +3,9 @@
 {% block template_try_files %}
 	try_files $uri $uri/ /index.php?$args;
 {% endblock %}
+
+{% block template_custom_location %}
+	location ~* /(?:uploads|files)/.*\.php$ {
+		deny all;
+	}
+{% endblock %}