Defender: Prevent Information Disclosure on SiteGround Cloud Hosting

I'm working on building a new multisite network for my business from scratch. I learned a lot in the first year and want to get a good clean fresh start...

So I'm starting with Defender, working though the hardening issues now. I've got one left... Prevent Information Disclosure. I'm not sure how to edit the .conf files on my server, so I asked SG support to take care of it. I'll include my conversation with them below:


Hello! I'm using the defender plugin to secure a new multisite installation at and need some help adding some lines of code to the server.

Here are the full instructions that the Defender plugin are giving me:



Often servers are incorrectly configured, and can allow an attacker to get access to sensitive information that can be used in attacks. WP Defender can help you prevent that disclosure.


For NGINX servers:

1. Copy the generated code into your site specific .conf file usually located in a subdirectory under /etc/nginx/... or /usr/local/nginx/conf/...

2. Add the code above inside the server section in the file, right before the php location block. Looks something like:

location ~ \.php$ {

3. Reload NGINX.

## WP Defender - Prevent information disclosure ##
# Turn off directory indexing
autoindex off;

# Deny access to htaccess and other hidden files
location ~ /\. {
deny all;

# Deny access to wp-config.php file
location = /wp-config.php {
deny all;

# Deny access to revealing or potentially dangerous files in the /wp-content/ directory (including sub-folders)
location ~* ^/wp-content/.*\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {
deny all;
## WP Defender - End ##


And here is their reply:


Hello Mark,

I have added the code into the Nginx vhost file for your domain and it was detected as invalid code as Nginx failed to start after it was added:


root@c2**** [/home/m******2]# /etc/init.d/nginx restart
nginx: [emerg] "location" directive is not allowed here in /etc/nginx/vhosts/
nginx: configuration file /etc/nginx/nginx.conf test failed

Please check this with the developers of the plugin to modify the code accordingly and provide us with the new one.

We are looking forward to your reply.


I appreciate your help!