amanjuman · February 16, 2021 16:55
diff --git a/WordPress Nginx Config b/WordPress Nginx Config
 server
 {
 	# Listen
 	listen 80;
 	listen [::]:80;
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;

 	# Server Name and Alias
 	server_name example.com www.example.com;

 	# Directory & Server Naming
 	root /var/www/example.com;

 	# Disable Directory Listing
 	autoindex off;

 	# Index Files
 	index index.php index.html;

 	# HTTP2 Preload
 	http2_push_preload on;

 	# CloudFlare Proxy Issue for Large Header
 	large_client_header_buffers 4 16k;

 	# HTTP to HTTPS redirection
 	if ($scheme != "https")
 	{
 		return 301 https://$host$request_uri;
 	}

 	# SSL
 	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
 	ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

 	# Disable Hidden FIle Access Except Lets Encrypt Verification
 	location ~ /\.well-known 
 	{ 
 		allow all;
 		log_not_found off;
 		access_log off;
 	}

 	# Nginx Logging
 	access_log /var/log/nginx/example.com-access.log;
 	error_log /var/log/nginx/example.com-error.log warn;

 	# Max Upload Size
 	client_max_body_size 100M;

 	# Permalink Support
 	location / {
 		try_files $uri $uri/ /index.php?$args;
 	}

 	# PHP Upsteam
 	location ~ \.php$ 
 	{
 		include snippets/fastcgi-php.conf;
 		## For PHP 7.4
 		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 		include fastcgi_params;
 	}

 	# WordPress: deny wp-content, wp-includes php files
 	location ~* ^/(?:wp-content|wp-includes)/.*\.php$ 
 	{
 		deny all;
 	}

 	# WordPress: Deny nasty stuff uploads that aren’t images, videos, music, etc
 	location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ 
 	{
 		deny all;
 	}

 	# WordPress: deny scripts and styles concat
 	location ~* \/wp-admin\/load-(?:scripts|styles)\.php 
 	{
 		deny all;
 		log_not_found off;
 	    access_log off;
 	}

 	# WordPress: deny general stuff
 	location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ 
 	{
 		deny all;
 		#allow 192.0.64.0/18; To allow any IP
 		log_not_found off;
 	    access_log off;
 	}

 	# Robot Text Logging Off
 	location = /robots.txt
 	{
 	    allow all;
 	    log_not_found off;
 	    access_log off;
 	}

 	# Fav ICON Disable
 	location = /favicon.ico 
 	{
 	    log_not_found off;
 	    access_log off;
 	}

 	# Assets Pull: Configure CORS to Resolve Web Font Issues
 	location ~* \.(eot|otf|ttf|woff|woff2)$
 	{
 		add_header Access-Control-Allow-Origin *;
 	}

 	# WordPRess: Cache
 	location ~*  \.(jpg|jpeg|png|gif|ico|css|js|pdf|svg)$
 	{
 		expires 30d;
 		add_header Cache-Control "public, no-transform";
 		log_not_found off;
 		access_log off;
 	}
 }
	server
	{
	# Listen
	listen 80;
	listen [::]:80;
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	# Server Name and Alias
	server_name example.com www.example.com;

	# Directory & Server Naming
	root /var/www/example.com;

	# Disable Directory Listing
	autoindex off;

	# Index Files
	index index.php index.html;

	# HTTP2 Preload
	http2_push_preload on;

	# CloudFlare Proxy Issue for Large Header
	large_client_header_buffers 4 16k;

	# HTTP to HTTPS redirection
	if ($scheme != "https")
	{
	return 301 https://$host$request_uri;
	}

	# SSL
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

	# Disable Hidden FIle Access Except Lets Encrypt Verification
	location ~ /\.well-known
	{
	allow all;
	log_not_found off;
	access_log off;
	}

	# Nginx Logging
	access_log /var/log/nginx/example.com-access.log;
	error_log /var/log/nginx/example.com-error.log warn;

	# Max Upload Size
	client_max_body_size 100M;

	# Permalink Support
	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	# PHP Upsteam
	location ~ \.php$
	{
	include snippets/fastcgi-php.conf;
	## For PHP 7.4
	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}

	# WordPress: deny wp-content, wp-includes php files
	location ~* ^/(?:wp-content\|wp-includes)/.*\.php$
	{
	deny all;
	}

	# WordPress: Deny nasty stuff uploads that aren’t images, videos, music, etc
	location ~* ^/wp-content/uploads/.*.(html\|htm\|shtml\|php\|js\|swf)$
	{
	deny all;
	}

	# WordPress: deny scripts and styles concat
	location ~* \/wp-admin\/load-(?:scripts\|styles)\.php
	{
	deny all;
	log_not_found off;
	access_log off;
	}

	# WordPress: deny general stuff
	location ~* ^/(?:xmlrpc\.php\|wp-links-opml\.php\|wp-config\.php\|wp-config-sample\.php\|wp-comments-post\.php\|readme\.html\|license\.txt)$
	{
	deny all;
	#allow 192.0.64.0/18; To allow any IP
	log_not_found off;
	access_log off;
	}

	# Robot Text Logging Off
	location = /robots.txt
	{
	allow all;
	log_not_found off;
	access_log off;
	}

	# Fav ICON Disable
	location = /favicon.ico
	{
	log_not_found off;
	access_log off;
	}

	# Assets Pull: Configure CORS to Resolve Web Font Issues
	location ~* \.(eot\|otf\|ttf\|woff\|woff2)$
	{
	add_header Access-Control-Allow-Origin *;
	}

	# WordPRess: Cache
	location ~* \.(jpg\|jpeg\|png\|gif\|ico\|css\|js\|pdf\|svg)$
	{
	expires 30d;
	add_header Cache-Control "public, no-transform";
	log_not_found off;
	access_log off;
	}
	}