WordPress Nginx 安全配置 – 禁用某些目录执行PHP

以下将介绍Wordpress Nginx 安全配置：禁用某些目录执行PHP 详细说明查看如下配置信息：

server {    listen 80;    server_name website.com;    # Redirect non-www to www (website.com -> www.website.com)    return 301 http://www.$server_name$request_uri;} server {    listen 80;    server_name www.website.com;    access_log /data/website.com/logs/access.log main;    error_log /data/website.com/logs/error.log warn;    root /data/website.com/public/htdocs;    index index.html index.htm index.php;     #  日志不记录 robots.txt    location = /robots.txt {      log_not_found off;      access_log off;    }     #  如果没有 favicon  文件则退出并返回 204 ( 没有错误内容)    location ~* /favicon.ico$ {      try_files $uri =204;      expires max;      log_not_found off;      access_log off;    }     # 以下格式文件 日志不需要记录    location ~* .(js|css|png|jpg|jpeg|bmp|gif|ico)$ {      expires max;      log_not_found off;      access_log off;      # Send the all shebang in one fell swoop      tcp_nodelay off;      # Set the OS file cache      open_file_cache max=1000 inactive=120s;      open_file_cache_valid 45s;      open_file_cache_min_uses 2;      open_file_cache_errors off;    }     # http://wiki.nginx.org/WordPress    # 设置静态地址必须要添加的配置    #  如果你后台添加了固定链接 则需要添加以下配置    location / {      try_files $uri $uri/ /index.php?$args;    }     # 禁止访问 htaccess  文件    location ~ /. {      deny all;    }     # 禁止访问 /wp-content/  目录的 php 格式文件 ( 包含子目录)    location ~* ^/wp-content/.*.(php|phps)$ {      deny all;    }     #  允许内部分 wp-includes 目录的 .php  文件     location ~* ^/wp-includes/.*.(php|phps)$ {      internal;    }     #  禁止访问 wp-config.php  文件    location = /wp-config.php {      deny all;    }     #  禁止访问 /wp-content/  目录的以下文件格式 ( 包含子目录)    location ~* ^/wp-content/.*.(txt|md|exe)$ {      deny all;    }     #  处理 .php 文件    location ~ .php$ {      try_files $uri =404;      fastcgi_split_path_info ^(.+.php)(/.+)$;      include /etc/nginx/fastcgi_params;      fastcgi_connect_timeout 180s;      fastcgi_send_timeout 180s;      fastcgi_read_timeout 180s;      fastcgi_intercept_errors on;      fastcgi_max_temp_file_size 0;      fastcgi_pass 127.0.0.1:9000;      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;      fastcgi_index index.php;    }     #  wordpress 重写规则    rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;    rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;     # Add trailing slash to */wp-admin requests    rewrite /wp-admin$ $scheme://$host$uri/ permanent;}