https://github.com/devafortun/wordpress-nginx-config

https://github.com/devafortun/wordpress-nginx-config

Last synced: about 1 year ago
JSON representation

• Host: GitHub
• URL: https://github.com/devafortun/wordpress-nginx-config
• Owner: devafortun
• Created: 2024-12-25T20:47:29.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2024-12-25T20:53:22.000Z (over 1 year ago)
• Last Synced: 2025-03-31T19:47:21.486Z (about 1 year ago)
• Language: PHP
• Size: 41 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# WP-nginx-config

Basic Nginx + WordPress setup

It is compiled from our production setup. It is not suitable for Copy&Paste to production use without edits.

# Main features

- extended configuration via "features includes"

- PHP5/PHP7 support

- SSL confing based on "Mozilla SSL Configuration Generator" recommendations

- Let's Encrypt enabled (OCSP Stapling included)

- clientside static resources caching and serverside open files descriptors caching

- gzip compression

- CloudFlare support

- optional GeoIP blocking

- optional Nginx Microcache settings

- optional basic HTTP auth

- Basic & WordPress Security

  - prevent HTTP Poxy

  - prevent Slow Loris (optional)

  - blocking common hacking tools and uncommon HTTP methods

  - usernames harvesting denial

  - blocking access to files with sensitive informaion and VCS systems

  - blocking PHP in uploads directory

  - blocking empty referres into comments, login and ajax

  - blocking suspicious queries (based on iThemes Security blacklist)

  - adding basic security headers

# Extra configs

Look at **extras** folder

- mu-plugins - small mu-plugin for WordPress

  - **Enhancer**

  - enable bcryp hashes for user passwords

  - filter out sensitive user info from rest API

  - change status code of failed logins to 401

  - **Mail Fixer**

  - fix Return-Path header

  - set SMTP server

  - **Team Cookie**

  - allow to exclude web related users from analytics via special cookie

  - **MO Cache**

  - simple file system cache for gettext translations

- fail2ban rules - block many 404, block failed logins

- log rotate - log rotate rule for nginx logs

- php-fpm - basic PHP-FPM pool with open-basedir and disable_functions