Current File : //etc/nginx/conf.d/users/rinforma/wpt.rinformaticos.com.ar/wp-toolkit.conf
# This file is automatically generated by WP Toolkit.
# Please do not modify the contents of this file, because this can lead to reduced security or malfunctioning of your website.
# If the file was accidentally modified or otherwise damaged, you can regenerate it by deleting it and reapplying all security
# measures for this site in WP Toolkit UI.
# "Block access to wp-config.php"
# To remove this rule, revert this security measure on each WordPress installation on this domain
location ~* wp-config.php { deny all; }
# "Block access to xmlrpc.php"
# To remove this rule, revert this security measure on each WordPress installation on this domain
location ~* xmlrpc.php { deny all; }
# "Forbid execution of PHP scripts in the wp-content/uploads directory"
# To remove this rule, revert this security measure for WordPress installation #130
location ~* "^(?:/)wp-content/uploads/.*\.php" { deny all; }
# "Forbid execution of PHP scripts in the wp-includes directory"
# To remove this rule, revert this security measure for WordPress installation #130
location ~* "^(?:/)wp-includes/(?!js/tinymce/wp\-tinymce\.php$).*\.php" {
deny all;
}
# "Disable scripts concatenation for WordPress admin panel"
# To remove this rule, revert this security measure for WordPress installation #130
location ~* "^(?:/)wp-admin/(load-styles|load-scripts)\.php" { deny all; }
# "Block author scans"
# To remove this rule, revert this security measure for WordPress installation #130
if ($query_string ~ "author=\d+") {
rewrite "^/(?!wp-admin/)" "/fake-author-scan" last;
}
# "Disable PHP execution in cache directories"
# To remove this rule, revert this security measure on each WordPress installation on this domain
location ~* ".*/cache/.*\.ph(?:p[345]?|t|tml)" {
access_log off;
log_not_found off;
deny all;
}
# "Block author scans"
# To remove this rule, revert this security measure on each WordPress installation on this domain
location = /fake-author-scan {
internal;
deny all;
}
# "Block access to sensitive files"
# To remove this rule, revert this security measure on each WordPress installation on this domain
location ~* "(?:wp-config\.bak|\.wp-config\.php\.swp|(?:readme|license|changelog|-config|-sample)\.(?:php|md|txt|htm|html))" {
return 403;
}
# "Block access to potentially sensitive files"
# To remove this rule, revert this security measure on each WordPress installation on this domain
location ~* ".*\.(?:psd|log|cmd|exe|bat|csh|ini|sh)$" {
return 403;
}
# "Block access to .htaccess and .htpasswd"
# To remove this rule, revert this security measure on each WordPress installation on this domain
location ~* /\.ht {
deny all;
}
# "Enable bot protection"
# To remove this rule, revert this security measure on each WordPress installation on this domain
if ($http_user_agent ~* "(?:acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|MJ12bot/v|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests)") {
return 403;
}
# WordPress permalink
# To remove this rule, add "wordpressPermalinkHandlingFeature = false" in the [ext-wp-toolkit] section of panel.ini
# then reconfigure the current domain
set $sef_entry_point /;
if ($uri ~* "^/") {
set $sef_entry_point "/index.php?$args";
}
location @wpt_permalinks_fallback {
try_files $uri $sef_entry_point;
}
error_page 404 = @wpt_permalinks_fallback;
error_page 405 = @wpt_permalinks_fallback;
Mini Shell