Configuration file for WP Security


#1

Security of sites on the WordPress - is a very necessary topic I want to share the solution. If someone has their own solutions or there are comments to the attached file - I ask for a discussion.

wp_security.conf.txt (2.7 KB)


#2

Hello, EasyEngine already set nginx additional rules for wordpress, I pasted them on gist : https://gist.github.com/VirtuBox/574cc70c44f3c9a28ecdf1e96b7c10c1

You can even add more rules against SQL injection and other attack :

You should only need to forbid .php execution in uploads folder or you may have issues. And “if” statement isn’t very efficient with nginx, try to avoid it as much as possible.


#3