30 lines
741 B
HTML
30 lines
741 B
HTML
# allow tinymce
|
|
location = /wp-includes/js/tinymce/wp-tinymce.php {
|
|
include _php_fastcgi.conf;
|
|
}
|
|
|
|
# wp-content, wp-includes php files
|
|
location ~* ^/(wp-content|wp-includes)/.*\.php$ {
|
|
deny all;
|
|
}
|
|
|
|
# wp-content/uploads nasty stuff
|
|
location ~* ^/wp-content/uploads/.*\.(html|htm|shtml|php|js|swf|css)$ {
|
|
deny all;
|
|
}
|
|
|
|
# wp-content/plugins nasty stuff
|
|
location ~* ^/wp-content/plugins/.*\.(?!jpe?g|gif|png|svg|heic|js|css) {
|
|
deny all;
|
|
}
|
|
|
|
# WordPress stuff
|
|
location ~* ^/(xmlrpc\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
|
|
deny all;
|
|
}<span ng-if="data.limit_req">
|
|
|
|
# wp-login.php throttle
|
|
location = /wp-login.php {
|
|
limit_req zone=login burst=2 nodelay;
|
|
include _php_fastcgi.conf;
|
|
}</span> |