[Hosting] Need to add custom rules to nginx.conf

My site hosted with us, and I got the following notification from one of my plugins:

Because your server is running on nginx, our .htaccess file can't protect your downloads.
Please add the following rules to your nginx config to disable direct file access:
location /wp-content/uploads/dlm_uploads {
deny all;
return 403;
}

Could you help me with this?

  • Konstantinos Xenos
    • Rubber Duck Debugger

    Hey Keith ,

    I've added the rule for you so everything should return a 403 now in the folder mentioned :slight_smile: . Please verify as well.

    --

    Julian we will have an internal chat about this, but on the base nginx.conf it won't be possible I'm afraid since we're managing the hosts so we have to know how systems are set up for easier debugging if something happens. We might be able to add an extra file though that you could alter with custom extra rules as long as they don't interfere the base rules but I can't promise anything at the moment.

    Regards,
    Konstantinos

    • Julian
      • Fake Russian Bot

      Yeah I thought that might be the reason and it makes total sense. An extra file for extra custom rules would be nice and definitely better than nothing. It saves folks from having to request a custom change and possibly having to wait several days for the change to be applied.

        • Konstantinos Xenos
          • Rubber Duck Debugger

          You can add as many cronjobs as you want since you already have access to WordPress though via wp_schedule_event ( https://developer.wordpress.org/reference/functions/wp_schedule_event/ ) and other WP native functions. I don't personally see a reason why a server-side cron would be needed.

          WP Cron offers better logging as well to see if something missfired or lost it's queue as well.

          Regards,
          Konstantinos

          • Julian
            • Fake Russian Bot

            That is true. I'm so used to setting up cronjobs on the server. Correct me if I'm wrong but aren't server-side cronjobs a little more reliable, as in they actually fire at the time/interval you set? Otherwise they only fire when someone visits your site which may not necessarily be what you want.

          • Konstantinos Xenos
            • Rubber Duck Debugger

            That is absolutely correct regarding crons, but that depends on the system setup :slight_smile: .

            WP Cron as you correctly mention keeps it's "internal clock" let's say updated with visitors so essentially the website must have a good amount of visits to keep them running on time and on point. Or you can set up an external cron service to always keep the WP Cron active ( I'm sure you've seen solutions like that ).

            We are doing things a bit differently here, we have an actual server-side cron job that "visits" wp cron itself every 5 minutes. This way wp-cron is always updated and should never misfire or skip something. The only way that something would be "skipped" would be if WP itself is running into issues, but essentially the same thing would happen with a server-side cron job plus you wouldn't have the error log to cross-check that.

            In essence you can script anything you like within WP itself and make it run at any time you like as well by utilizing PHP date/time related functions as wp-cron will be on point.

            By doing this we can have let's say the best of both worlds ( at lest in our opinion ), avoid using server-side settings ( many users don't know how to do it so they can simply utilize a plugin like WP Crontrol to easily add extra crons instead ) and there's also no need for any extra constants i.e. the DISABLE_WP_CRON or ALTERNATE_WP_CRON to be set that could create confusion.

            I hope this gives some extra insight on why we haven't seen the need to enable any server-side cron editing :slight_smile: .

            Regards,
            Konstantinos

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.