Wordpress expires not set on Autoptimize js/css requests

Running some webperf tests I noticed that AO assets don't have expires set.
I spotted the thread announcing the new AO-Fallback header from September, but I've deactivated the AO fallback in AO itself.

I'm wondering do I need to do something else to ensure there are expires set on those assets? (also, I've double checked, the css/js files do indeed exist and AO is definitely off).

 

adding expires30d to this block seems to do the trick

Code:

location ~* /wp-content/cache/autoptimize/.*\.(js|css)$ {
  include /usr/local/nginx/conf/php.conf;
  add_header AO-Fallback 1;
  try_files $uri $uri/ /wp-content/autoptimize_404_handler.php;
  expires 30d;
}

 

Here's my AO settings output

Code:

+---------------------------------+-------------------------------------------------------------------------------------------+
| option_name                     | option_value                                                                              |
+---------------------------------+-------------------------------------------------------------------------------------------+
| autoptimize_cache_clean         | 0                                                                                         |
| autoptimize_cache_fallback      |                                                                                           |
| autoptimize_cache_nogzip        | on                                                                                        |
| autoptimize_ccss_version        | AO_2.7.8                                                                                  |
| autoptimize_cdn_url             |                                                                                           |
| autoptimize_css                 | on                                                                                        |
| autoptimize_css_aggregate       | on                                                                                        |
| autoptimize_css_datauris        |                                                                                           |
| autoptimize_css_defer           |                                                                                           |
| autoptimize_css_defer_inline    |                                                                                           |
| autoptimize_css_exclude         | wp-content/cache/, wp-content/uploads/, admin-bar.min.css, dashicons.min.css              |
| autoptimize_css_include_inline  |                                                                                           |
| autoptimize_css_inline          |                                                                                           |
| autoptimize_css_justhead        |                                                                                           |
| autoptimize_enable_site_config  | on                                                                                        |
| autoptimize_extra_settings      | a:5:{s:31:"autoptimize_extra_radio_field_4";s:1:"1";s:32:"autoptimize_extra_select_field_ |
|                                 | 6";s:1:"2";s:34:"autoptimize_extra_checkbox_field_1";s:1:"1";s:30:"autoptimize_extra_text |
|                                 | _field_2";s:239:"https://i0.wp.com, https://ii1.wp.com, https://ii2.wp.com, https://is0.w |
|                                 | p.com, https://istats.wp.com, https://ifonts.googleapis.com, https://ipixel.wp.com, https |
|                                 | ://ifonts.gstatic.com, https://fonts.googleapis.com, https://fonts.gstatic.com";s:30:"aut |
|                                 | optimize_extra_text_field_3";s:0:"";}                                                     |
| autoptimize_html                | on                                                                                        |
| autoptimize_html_keepcomments   |                                                                                           |
| autoptimize_imgopt_launched     | on                                                                                        |
| autoptimize_imgopt_settings     | a:5:{s:35:"autoptimize_imgopt_checkbox_field_1";s:1:"0";s:33:"autoptimize_imgopt_select_f |
|                                 | ield_2";s:1:"2";s:35:"autoptimize_imgopt_checkbox_field_3";s:1:"0";s:35:"autoptimize_imgo |
|                                 | pt_checkbox_field_4";s:1:"0";s:31:"autoptimize_imgopt_text_field_5";s:0:"";}              |
| autoptimize_js                  | on                                                                                        |
| autoptimize_js_aggregate        | on                                                                                        |
| autoptimize_js_exclude          | seal.js, js/jquery/jquery.js, kirki/modules/webfont-loader/vendor-typekit/webfontloader.j |
|                                 | s                                                                                         |
| autoptimize_js_forcehead        |                                                                                           |
| autoptimize_js_include_inline   |                                                                                           |
| autoptimize_js_justhead         |                                                                                           |
| autoptimize_js_trycatch         |                                                                                           |
| autoptimize_minify_excluded     | on                                                                                        |
| autoptimize_optimize_checkout   | on                                                                                        |
| autoptimize_optimize_logged     | on                                                                                        |
| autoptimize_service_availablity | a:2:{s:12:"extra_imgopt";a:3:{s:6:"status";s:2:"up";s:5:"hosts";a:1:{i:1;s:26:"https://cd |
|                                 | n.shortpixel.ai/";}s:16:"launch-threshold";s:4:"4096";}s:7:"critcss";a:2:{s:6:"status";s: |
|                                 | 2:"up";s:5:"hosts";a:1:{i:1;s:24:"https://criticalcss.com/";}}}                           |
| autoptimize_show_adv            | 1                                                                                         |
| autoptimize_version             | 2.7.8                                                                                     |
+---------------------------------+-------------------------------------------------------------------------------------------+

Awesome thanks!

 

@eva2000 I think I've identified an indirectly related bug on the AO settings.

If a request to a stale/purged Autoptimize css/js file is generated the existing config would eventually end up calling the 404 handler - e.g.
https://yourdomain.com/wp-content/a...optimize_d0c10a64d157b321abefafc4fe5d408ds.js

However, these are currently forbidden thanks to this:

Code:

# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}

Based on your other examples in wpsecure_mydomain.com.conf - I added the following:

Code:

location ~ ^/(wp-content/autoptimize_404_handler.php) {
  allow all;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
}

That seems to do the trick now.
You'll probably have a more elegant solution - but I think something like this is needed for the fallback to work properly.

 

I don't think so. It's a brand new site/vhost config (cmm fully up to date). The fallback config is there, but the handler script won't run because of this rule

Code:

# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}

 

Sorry for the delay - Happy New Year!

Code:

# prevent .zip, .gz, .tar, .bzip2 files from being accessed by default
# impossible for centmin mod to know which wp backup plugins they installed
# which may save backups to directories in wp-content/
# such plugins may deploy .htaccess protection but that isn't supported in
# nginx, so blocking access to these extensions is a workaround to cover all bases

# prepare for letsencrypt
# https://community.centminmod.com/posts/17774/
location ~ /.well-known {
  location ~ /.well-known/acme-challenge/(.*) {
    more_set_headers    "Content-Type: text/plain";
    }
}

location ~ ^/(wp-content/autoptimize_404_handler.php) {
  allow all;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
}

location ~* /wp-content/cache/autoptimize/.*\.(js|css)$ {
  include /usr/local/nginx/conf/php.conf;
  add_header AO-Fallback 1;
  try_files $uri $uri/ /wp-content/autoptimize_404_handler.php;
  expires 366d;
}

# allow AJAX requests in themes and plugins
location ~ ^/wp-admin/admin-ajax.php$ { allow all; include /usr/local/nginx/conf/php.conf; }

location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; }

location ~ ^/wp-content/uploads/sucuri { deny all; }

location ~ ^/wp-content/updraft { deny all; }

# Block nginx-help log from public viewing
location ~* /wp-content/uploads/nginx-helper/ { deny all; }

# WebP extension support if you are converting /uploads images to webp
location ~ ^/wp-content/uploads/ {
  #pagespeed off;
  #pagespeed unplugged;
  #autoindex on;
  #add_header X-Robots-Tag "noindex, nofollow";
  location ~* ^/wp-content/uploads/(.+/)?(.+)\.(png|jpe?g)$ {
    expires 30d;
    add_header Vary "Accept";
    add_header Cache-Control "public, no-transform";
    try_files $uri$webp_extension $uri =404;
  }
}

# Whitelist Exception for seo-by-rank-math
location ~ ^/wp-content/plugins/seo-by-rank-math/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for amp
location ~ ^/wp-content/plugins/amp/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for async-javascript
location ~ ^/wp-content/plugins/async-javascript/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for autoptimize
location ~ ^/wp-content/plugins/autoptimize/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for autoptimize-gzip
location ~ ^/wp-content/plugins/autoptimize-gzip/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Security for wp-cloudflare-page-cache debug.log which is exposed to public access
# /wp-content/wp-cloudflare-super-page-cache/yourdomain.com/debug.log
location ~ ^/wp-content/wp-cloudflare-super-page-cache/devshoptimizer.commercegurus.com/(debug.log)$ {
  deny all;
}

# Whitelist Exception for wp-cloudflare-page-cache
location ~ ^/wp-content/plugins/wp-cloudflare-page-cache/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for cloudflare
location ~ ^/wp-content/plugins/cloudflare/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for post-grid
location ~ ^/wp-content/plugins/post-grid/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for breadcrumb-navxt
location ~ ^/wp-content/plugins/breadcrumb-navxt/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/onesignal-free-web-push-notifications//
location ~ ^/wp-content/plugins/onesignal-free-web-push-notifications/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/sparkpost/
location ~ ^/wp-content/plugins/sparkpost/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/sendgrid-email-delivery-simplified/
location ~ ^/wp-content/plugins/sendgrid-email-delivery-simplified/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailgun/
location ~ ^/wp-content/plugins/mailgun/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailjet-for-wordpress/
location ~ ^/wp-content/plugins/mailjet-for-wordpress/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/easy-wp-smtp/
location ~ ^/wp-content/plugins/easy-wp-smtp/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/postman-smtp/
location ~ ^/wp-content/plugins/postman-smtp/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/sendpress/
location ~ ^/wp-content/plugins/sendpress/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-mail-bank/
location ~ ^/wp-content/plugins/wp-mail-bank/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/theme-check/
location ~ ^/wp-content/plugins/theme-check/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/woocommerce/
location ~ ^/wp-content/plugins/woocommerce/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/woocommerce-csvimport/
location ~ ^/wp-content/plugins/woocommerce-csvimport/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/advanced-custom-fields/
location ~ ^/wp-content/plugins/advanced-custom-fields/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/contact-form-7/
location ~ ^/wp-content/plugins/contact-form-7/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/duplicator/
location ~ ^/wp-content/plugins/duplicator/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/jetpack/
location ~ ^/wp-content/plugins/jetpack/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/nextgen-gallery/
location ~ ^/wp-content/plugins/nextgen-gallery/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/tinymce-advanced/
location ~ ^/wp-content/plugins/tinymce-advanced/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/updraftplus/
location ~ ^/wp-content/plugins/updraftplus/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordpress-importer/
location ~ ^/wp-content/plugins/wordpress-importer/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordpress-seo/
location ~ ^/wp-content/plugins/wordpress-seo/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wpclef/
location ~ ^/wp-content/plugins/wpclef/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailchimp-for-wp/
location ~ ^/wp-content/plugins/mailchimp-for-wp/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-optimize/
location ~ ^/wp-content/plugins/wp-optimize/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/si-contact-form/
location ~ ^/wp-content/plugins/si-contact-form/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/akismet/
location ~ ^/wp-content/plugins/akismet/ {
  location ~ ^/wp-content/plugins/akismet/(.+/)?(form|akismet)\.(css|js)$ { allow all; expires 30d;}
  location ~ ^/wp-content/plugins/akismet/(.+/)?(.+)\.(png|gif)$ { allow all; expires 30d;}
  location ~* /wp-content/plugins/akismet/akismet/.*\.php$ {
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/staticfiles.conf;
    # below include file needs to be manually created at that path and to be uncommented
    # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
    # allows you to add commonly shared settings to all wp plugin location matches which
    # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
    #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
    allow 127.0.0.1;
    deny all;
  }
}

# Whitelist Exception for https://wordpress.org/plugins/bbpress/
location ~ ^/wp-content/plugins/bbpress/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/buddypress/
location ~ ^/wp-content/plugins/buddypress/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/all-in-one-seo-pack/
location ~ ^/wp-content/plugins/all-in-one-seo-pack/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/google-analytics-for-wordpress/
location ~ ^/wp-content/plugins/google-analytics-for-wordpress/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/regenerate-thumbnails/
location ~ ^/wp-content/plugins/regenerate-thumbnails/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
location ~ ^/wp-content/plugins/wp-pagenavi/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordfence/
location ~ ^/wp-content/plugins/wordfence/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/really-simple-captcha/
location ~ ^/wp-content/plugins/really-simple-captcha/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
location ~ ^/wp-content/plugins/wp-pagenavi/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/ml-slider/
location ~ ^/wp-content/plugins/ml-slider/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/black-studio-tinymce-widget/
location ~ ^/wp-content/plugins/black-studio-tinymce-widget/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/disable-comments/
location ~ ^/wp-content/plugins/disable-comments/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/plugins/better-wp-security/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for http://wlmsocial.com/
location ~ ^/wp-content/plugins/wlm-social/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for mediagrid timthumb
location ~ ^/wp-content/plugins/media-grid/classes/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for webp-express
location ~ ^/wp-content/plugins/webp-express/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Whitelist Exception for wp-shortcode 
location ~ ^/wp-content/plugins/wp-shortcode/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpsecure_devshoptimizer.commercegurus.com.conf
  #include /usr/local/nginx/conf/wpincludes/devshoptimizer.commercegurus.com/wpwhitelist_common.conf;
}

# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}

# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php$ {
  deny all;
}

# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
  deny all;
}

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
return 444;
}

location ~* \.(tpl)$
{
  deny all;
}

#nocgi
location ~* \.(pl|cgi|py|sh|lua)$ {
return 444;
}

#disallow
location ~* (w00tw00t) {
return 444;
}

location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }

location /wp-content/uploads/wp-personal-data-exports/ {
  location ~ ^/wp-content/uploads/wp-personal-data-exports/(.+/)?(.+)\.(zip)$ { allow all; expires 30d; }
}

location ~* /(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z|txt)$ { deny all; }