WordPress vhosts update

[chris-ard]

Hey there, just as a basic security precaution, it's probably good to deny all to common dot files and config associated with WordPress. I'd suggest just a small addition that should cover most cases:

To only cover the obvious ones:

location ~* \.(htaccess|conf|ini|log)$ {
    deny all;
}

[cloudpanel-io]

The web server NGINX doesn't understand .htaccess. By default there are no "conf, ini or log" files.

You may want to block all hidden files:

location ~ /. { deny all; access_log off; log_not_found off; }