Wordpress on Nginx, which security plugin to use?

So while trying to setup custom permalinks on a new Wordpress install today, I discovered that Nginx doens’t use .htaccess and as a result requires some configuration changes to support custom permalinks.

That now has me wondering, what other plugins rely on .htaccess and may not work by default on Nginx? In particlular I’m concerned about security plugins.

I’m currently using Wordfence. Can anyone recommend a security plugin that works correctly on Nginx? Or confirm if Wordfence already will?

Hello all,

I have a question regarding the hardening of my wordpress + nginx setup.

I see a lot of websites advise to block php execution in the uploads folders since users can upload files to that location. But let’s say there is a vulnerability in a theme and/or plugin. Since the wp-content folder is owned by the web process user (to upload new plugins and themes). It can (in theory) upload a malicous php file anywhere in the wp-content folder. Not just in the uploads folder. And since the php execution block is only active for the uploads folder - they can still execute their script and do bad stuff.

So i was wondering why you almost never read that people advise to block (direct) php execution of a file in any of the sub directories of wp-content. I mean the themes & plugins are all included locally instead of being accessed directly so that will still work.

Am i overlooking something? Ifso, can you please explain what? :slight_smile:

Thanks in advance!
https://nox.tips/ https://xender.vip/