MaxLazar · September 10, 2019 15:31
diff --git a/nginx.conf b/nginx.conf
 location ~* /xmlrpc.php$ {
    allow 172.0.1.1;
    deny all;
 }

 if ($request_method !~ ^(GET|POST)$ ) {
    return 444;
 }

 location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
    deny all;
    access_log off;
    log_not_found off;
 }

 location ~ /\.(svn|git)/* {
    deny all;
    access_log off;
    log_not_found off;
 }
 location ~ /\.ht {
    deny all;
    access_log off;
    log_not_found off;
 }
 location ~ /\.user.ini { 
    deny all; 
    access_log off;
    log_not_found off;
 }

 #Hide the nginx version.
 server_tokens off;

 #Hide the PHP version.
 fastcgi_hide_header X-Powered-By;
 proxy_hide_header X-Powered-By;

 add_header X-Frame-Options SAMEORIGIN;
 add_header Strict-Transport-Security "max-age=31536000";
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";

 location ~ ^/(?!(blog)/?) { 
    deny all;
    access_log off;
    log_not_found off;
 }

 set $comment_flagged 0;
 set $comment_request_method 0;
 set $comment_request_uri 0;
 set $comment_referrer 1;
 
 if ($request_method ~ "POST"){
    set $comment_request_method 1;
 }
 
 if ($request_uri ~ "/wp-comments-post\.php$"){
    set $comment_request_method 1;
 }
 
 if ($http_referer !~ "^https?://(([^/]+\.)?site\.com|jetpack\.wordpress\.com/jetpack-comment)(/|$)"){
    set $comment_referrer 0;
 }
 
 set $comment_flagged "${comment_request_method}${comment_request_uri}${comment_referrer}";
 if ($comment_flagged = "111") {
    return 403;
 }

 limit_req_zone $binary_remote_addr zone=WPRATELIMIT:10m rate=2r/s;
 location ~ \wp-login.php$ {
    limit_req zone=WPRATELIMIT;
 }

 autoindex off;
	location ~* /xmlrpc.php$ {
	allow 172.0.1.1;
	deny all;
	}

	if ($request_method !~ ^(GET\|POST)$ ) {
	return 444;
	}

	location ~* /(?:uploads\|files\|wp-content\|wp-includes\|akismet)/.*.php$ {
	deny all;
	access_log off;
	log_not_found off;
	}

	location ~ /\.(svn\|git)/* {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~ /\.ht {
	deny all;
	access_log off;
	log_not_found off;
	}
	location ~ /\.user.ini {
	deny all;
	access_log off;
	log_not_found off;
	}

	#Hide the nginx version.
	server_tokens off;

	#Hide the PHP version.
	fastcgi_hide_header X-Powered-By;
	proxy_hide_header X-Powered-By;

	add_header X-Frame-Options SAMEORIGIN;
	add_header Strict-Transport-Security "max-age=31536000";
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";

	location ~ ^/(?!(blog)/?) {
	deny all;
	access_log off;
	log_not_found off;
	}

	set $comment_flagged 0;
	set $comment_request_method 0;
	set $comment_request_uri 0;
	set $comment_referrer 1;

	if ($request_method ~ "POST"){
	set $comment_request_method 1;
	}

	if ($request_uri ~ "/wp-comments-post\.php$"){
	set $comment_request_method 1;
	}

	if ($http_referer !~ "^https?://(([^/]+\.)?site\.com\|jetpack\.wordpress\.com/jetpack-comment)(/\|$)"){
	set $comment_referrer 0;
	}

	set $comment_flagged "${comment_request_method}${comment_request_uri}${comment_referrer}";
	if ($comment_flagged = "111") {
	return 403;
	}

	limit_req_zone $binary_remote_addr zone=WPRATELIMIT:10m rate=2r/s;
	location ~ \wp-login.php$ {
	limit_req zone=WPRATELIMIT;
	}

	autoindex off;