Configuration file for WP Security

Security of sites on the WordPress - is a very necessary topic
I want to share the solution.
If someone has their own solutions or there are comments to the attached file - I ask for a discussion.

wp_security.conf.txt (2.7 KB)

Hello, EasyEngine already set nginx additional rules for wordpress, I pasted them on gist :

You can even add more rules against SQL injection and other attack :

You should only need to forbid .php execution in uploads folder or you may have issues. And “if” statement isn’t very efficient with nginx, try to avoid it as much as possible.