Welcome to Centmin Mod Community
Register Now

Wordpress Best place to add custom wpsecure nginx rules?

Discussion in 'Blogs & CMS usage' started by ct_roy, Apr 8, 2022.

  1. ct_roy

    ct_roy Premium Member Premium Member

    39
    6
    8
    Jun 21, 2020
    Ratings:
    +11
    Local Time:
    4:21 AM
    1.17.10
    10.3.22
    I've added a few custom rules to wpsecure_mydomain.com.conf
    But am I right in thinking this isn't the best place for them and that they could be overwritten if I regen that file?

    Is there a place where site specific wpsecure rules should go?

    This one in particular is probably worth considering adding to the core config as it's for the awesome wp-youtube-lyte plugin which removes a lot of youtube player bloat (the custom rule is required to allow the plugin to pull down youtube thumbnails and serve them locally rather than via youtube).


    Code:
    # Whitelist Exception for wp-youtube-lyte
    location ~ ^/wp-content/plugins/wp-youtube-lyte/ {
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/mydomain.com/wpsecure_mydomain.com.conf
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/wpwhitelist_common.conf;
    }
     
  2. eva2000

    eva2000 Administrator Staff Member

    49,585
    11,378
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,682
    Local Time:
    2:21 PM
    Nginx 1.21.x
    MariaDB 10.x
    Generally, Centmin Mod doesn't overwrite generated wpsecure_mydomain.com.conf after centmin.sh menu option 22 Wordpress auto install as I know very well folks want to or need to modify their setups. At most if there's a bug or security issue with auto generated wpsecure_mydomain.com.conf, I will try to only make that change as a last resort.

    So you'd be safe adding your own rules. Though yes wp-youtube-lyte plugin is a more commonly used plugin so I may eventually add it to default centmin.sh menu option 22 routines. If you have other suggestions too, happy to hear of them :)

    But for now you'd be safe modifying wpsecure_mydomain.com.conf
     
  3. ct_roy

    ct_roy Premium Member Premium Member

    39
    6
    8
    Jun 21, 2020
    Ratings:
    +11
    Local Time:
    4:21 AM
    1.17.10
    10.3.22
    Ok perfect thanks!
    To be honest there's very few additional configs I'd add to that list at the moment - you've got a pretty solid list in there already :)