WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
disabling wp-content/uploads php execution doesn't work in nginx 1.6 (1 post)

  1. primolarry
    Member
    Posted 2 months ago #

    The inserted rule:

    # Rules to prevent php execution in uploads
    location ^(.*)/uploads/(.*).php(.?){ deny all; }

    Doesn't work. Instead, I suggest this one:

    # Prevent any potentially-executable files in the uploads directory from being executed
    # by forcing their MIME type to text/plain
    location ~* ^/wp-content/uploads/.*.(|php|js|swf|WHATEVEROTHERTYPEYOUWANT)$ {
    types { }
    default_type text/plain;
    }

    Source: http://www.queryadmin.com/854/secure-wordpress-nginx/

    https://wordpress.org/plugins/better-wp-security/

Reply

You must log in to post.

About this Plugin

About this Topic