Restricting Access to Files and Directories
Have a specific IP address in mind?
location = /wp-config.php {
allow <ip>;
deny all;
}Blocking Unauthorized Access to xmlrpc.php
location = /xmlrpc.php {
deny all;
}Disabling Pingbacks
This could be done from the WP Dashboard.
1. WP-Admin > Settings > Discussion
UNCHECK: "Allow link notifications from other blogs (pingbacks and trackbacks) on new posts"
UNCHECK: "Attempt to notify any blogs linked to from the article"’ option."Disabling File Editing in WordPress Dashboard
Add this to the wp-config.php file:
define('DISALLOW_FILE_EDIT', 'true');Forbidding Execution of PHP Scripts in Specific Directories
location = /(?:uploads|files|wp-content|wp-includes)/.*.php$ {
deny all;
}Disabling Scripts Concatenation for WordPress Admin Panel
Add this to the wp-config.php file:
define('CONCATENATE_SCRIPTS', false);Blocking Access to Sensitive Files
You could use this for example:
location = /install.php {
deny all;
}
location = /upgrade.php {
deny all;
}
location = /wp-config-sample.php {
deny all;
}
