WordPress Nginx 安全配置 – 禁用某些目錄執行PHP

以下我們將介紹Wordpress Nginx 安全配置：禁用某些目錄執行PHP，詳細說明查看如下配置信息：

server {
listen 80;
server_name website.com;
# Redirect non-www to www (website.com -> www.website.com)
return 301 http://www.$server_name$request_uri;
}

server {
listen 80;
server_name www.website.com;
access_log /var/www/website.com/logs/access.log main;
error_log /var/www/website.com/logs/error.log warn;
root /var/www/website.com/public/htdocs;
index index.html index.htm index.php;

# 日誌不記錄 robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}

# 如果沒有 favicon 文件則退出並返回 204 (沒有錯誤內容)
location ~* /favicon.ico$ {
try_files $uri =204;
expires max;
log_not_found off;
access_log off;
}

# 以下格式文件日誌不需要記錄
location ~* .(js|css|png|jpg|jpeg|bmp|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
# Send the all shebang in one fell swoop
tcp_nodelay off;
# Set the OS file cache
open_file_cache max=1000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}

# http://wiki.nginx.org/WordPress
# 設置靜態地址必須要添加的配置
# 如果你後台添加了固定鏈接，則需要添加以下配置
location / {
try_files $uri $uri/ /index.php?$args;
}

# 禁止訪問 htaccess 文件
location ~ /. {
deny all;
}

# 禁止訪問 /wp-content/ 目錄的 php 格式文件 (包含子目錄)
location ~* ^/wp-content/.*.(php|phps)$ {
deny all;
}

# 允許內部分 wp-includes 目錄的 .php 文件
location ~* ^/wp-includes/.*.(php|phps)$ {
internal;
}

# 禁止訪問 wp-config.php 文件
location = /wp-config.php {
deny all;
}

# 禁止訪問 /wp-content/ 目錄的以下文件格式 (包含子目錄)
location ~* ^/wp-content/.*.(txt|md|exe)$ {
deny all;
}

# 處理 .php 文件
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_connect_timeout 180s;
fastcgi_send_timeout 180s;
fastcgi_read_timeout 180s;
fastcgi_intercept_errors on;
fastcgi_max_temp_file_size 0;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
}

# wordpress 重寫規則
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

# Add trailing slash to */wp-admin requests
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
}

喜歡這篇文章嗎？立刻分享出去讓更多人知道吧！