Join the community today
Register Now

Nginx Wordpress wp-includes seem to have duplicate config?

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by rdan, Dec 8, 2018.

  1. rdan

    rdan Premium Member Premium Member

    4,444
    1,069
    113
    May 25, 2014
    Ratings:
    +1,561
    Local Time:
    5:33 PM
    Mainline
    10.2
    Code:
    # Deny access to any files with a .php extension in the uploads directory
    location ~* /(?:uploads|files)/.*\.php$ { deny all; }
    
    # Block PHP files in content directory.
    location ~* /wp-content/.*\.php$ { deny all; }
    
    # Block PHP files in includes directory.
    location ~* /wp-includes/.*\.php$ { deny all; }
    
    Is the same/duplicate to?
    Code:
    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ { deny all; }

     
  2. rdan

    rdan Premium Member Premium Member

    4,444
    1,069
    113
    May 25, 2014
    Ratings:
    +1,561
    Local Time:
    5:33 PM
    Mainline
    10.2
    Code:
    location ~ ^/wp-content/updraft { deny all; }
    Is also duplicate on drop.conf
     
  3. eva2000

    eva2000 Administrator Staff Member

    37,710
    8,254
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,710
    Local Time:
    7:33 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah 1st post ones technically duplicates

    this is in separate include files so is important to have in both as some folks edit their vhosts and remove or disable one of these include files i.e. disable drop.conf
     
..