Closed chris-ard closed 4 months ago
Hey there, just as a basic security precaution, it's probably good to deny all to common dot files and config associated with WordPress. I'd suggest just a small addition that should cover most cases:
To only cover the obvious ones:
location ~* \.(htaccess|conf|ini|log)$ { deny all; }
The web server NGINX doesn't understand .htaccess. By default there are no "conf, ini or log" files.
You may want to block all hidden files:
location ~ /. { deny all; access_log off; log_not_found off; }
Hey there, just as a basic security precaution, it's probably good to deny all to common dot files and config associated with WordPress. I'd suggest just a small addition that should cover most cases:
To only cover the obvious ones: