IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Block PHP Files Nginx

    • IT Nursery
    • May 23, 2022
    • 0

    In my server block in Nginx config, I have put:

    location ~* /wp-content/.*.php$ {
    deny all;
    access_log off;
    log_not_found off;
}

    However, if I manually enter in a web browser:

    https://www.example.com/wp-content/themes/mytheme/functions.php

    The file is still executed. What am i missing?

    Also in my wp-config I have

    /** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . "https://wordpress.stackexchange.com/");

    Is this related and/or required?

    1 Answer
    1

    Ok found the answer. You need to put this directive above the location:

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    The order apparently matters inside the nging conf file.

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *