WordPress Nginx 安全配置 – 禁用某些目录执行PHP

以下我们将介绍Wordpress Nginx 安全配置:禁用某些目录执行PHP,详细说明查看如下配置信息:

server { listen 80; server_name website.com; # Redirect non-www to www (website.com -> www.website.com) return 301 http://www.$server_name$request_uri;} server { listen 80; server_name www.website.com; access_log /var/www/website.com/logs/access.log main; error_log /var/www/website.com/logs/error.log warn; root /var/www/website.com/public/htdocs; index index.html index.htm index.php; # 日志不记录 robots.txt location = /robots.txt { log_not_found off; access_log off; } # 如果没有 favicon 文件则退出并返回 204 (没有错误内容) location ~* /favicon.ico$ { try_files $uri =204; expires max; log_not_found off; access_log off; } # 以下格式文件日志不需要记录 location ~* .(js|css|png|jpg|jpeg|bmp|gif|ico)$ { expires max; log_not_found off; access_log off; # Send the all shebang in one fell swoop tcp_nodelay off; # Set the OS file cache open_file_cache max=1000 inactive=120s; open_file_cache_valid 45s; open_file_cache_min_uses 2; open_file_cache_errors off; } # http://wiki.nginx.org/WordPress # 设置静态地址必须要添加的配置 # 如果你后台添加了固定链接,则需要添加以下配置 location / { try_files $uri $uri/ /index.php?$args; } # 禁止访问 htaccess 文件 location ~ /. { deny all; } # 禁止访问 /wp-content/ 目录的 php 格式文件 (包含子目录) location ~* ^/wp-content/.*.(php|phps)$ { deny all; } # 允许内部分 wp-includes 目录的 .php 文件 location ~* ^/wp-includes/.*.(php|phps)$ { internal; } # 禁止访问 wp-config.php 文件 location = /wp-config.php { deny all; } # 禁止访问 /wp-content/ 目录的以下文件格式 (包含子目录) location ~* ^/wp-content/.*.(txt|md|exe)$ { deny all; } # 处理 .php 文件 location ~ .php$ { try_files $uri =404; fastcgi_split_path_info ^(.+.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_connect_timeout 180s; fastcgi_send_timeout 180s; fastcgi_read_timeout 180s; fastcgi_intercept_errors on; fastcgi_max_temp_file_size 0; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; } # wordpress 重写规则 rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last; rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; # Add trailing slash to */wp-admin requests rewrite /wp-admin$ $scheme://$host$uri/ permanent;}
WordPress Nginx 安全配置 – 禁用某些目录执行PHP

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin
avatar

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: