Defender: Prevent Information Disclosure Instructions for nginx

The code snippet provided seems to be broken up in the recommendation, so I'm not sure what should be added to the server config. Screenshot attached.

Is this something that could be included in the site without editing the server configuration? We're using ServerPilot to manage Ubuntu 14.04 on Digital Ocean, and ServerPilot could change the configuration files at any time.

  • Rupok

    Hi Primal

    Hope you had a wonderful day.

    I'm not sure what should be added to the server config

    Open your site specific .conf file (usually located in a subdirectory under /etc/nginx/... or /usr/local/nginx/conf/... ) and find the following line on that file:
    location ~ \.php$ {
    Now copy the code below, and paste it above the line you just searched.

    ## WP Defender - Prevent information disclosure ##
    # Turn off directory indexing
    autoindex off;
    
    # Deny access to htaccess and other hidden files
    location ~ /\. {
      deny  all;
    }
    
    # Deny access to wp-config.php file
    location = /wp-config.php {
      deny all;
    }
    
    # Deny access to revealing or potentially dangerous files in the /wp-content/ directory (including sub-folders)
    location ~* ^/wp-content/.*\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {
      deny all;
    }
    ## WP Defender - End ##

    Save and reload nginx.

    Please let us know if you still have any confusion. We will be glad to help.

    Have a nice day. Cheers!

  • James @ Primal

    According to ServerPilot, I should be using the Apache rules, which aren't displayed in Defender because it thinks it should be nginx. I would love to see a server type toggle like on hummingbird's gzip screen.

    Hi James,

    You should actually do this through a .htaccess file. For all practical purposes, you can pretend Nginx does not exist in the same way you can pretend your CDN (if you use one) does not exist.

    Best,
    Justin
    ServerPilot Support
    Check out our community for helpful articles and tutorials.
    https://serverpilot.io/community/

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.