| by Scott Kilroy

Block php files from being uploaded (using nginx)

If you find people trying to upload php into your wordpress site you can add this to your nginx config file location ~* /(?:uploads)/.*.php$ { deny all; access_log off; log_not_found off; }

Share Button
Read More
| by Scott Kilroy

Stop image hotlinking on NGINX

If you think it’s possible that someone is linking to images hosted on your site add the following to you nginx config file # Stop deep linking or hot linking location /images/ { valid_referers none blocked www.linuxconsultant.org linuxconsultant.org; if ($invalid_referer) { return 403; } } Or if you want to be a wiseguy and replace the hotlinked image with something else # Stop deep linking or hot linking location /images/ { valid_referers none blocked www.linuxconsultant.org linuxconsultant.org; if ($invalid_referer) { return […]

Share Button
Read More
| by Scott Kilroy

Nginx with certbot

Remember when setting up certbot using nginx to turn off the line in your config that blocks files that start with . This line: location ~ /\. { access_log off; log_not_found off; deny all; } A good guide can be found here https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Share Button
Read More