jochum
/
homepage
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.26
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.15
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.28
v1.4.29
v1.4.3
v1.4.30
v1.4.31
v1.4.32
v1.4.33
v1.4.34
v1.4.35
v1.4.36
v1.4.37
v1.4.38
v1.4.39
v1.4.4
v1.4.40
v1.4.41
v1.4.42
v1.4.43
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
homepage/content/post/nginx-wordpress-ithemes-rul...

87 lines
4.1 KiB
Markdown
Raw Permalink Blame History

---
date: 2014-12-15T00:00:00+01:00
title: Froxlor + Nginx + WordPress iThemes Rules
author: jochum
tag:
- howto
---
A short howto on setting up Wordpress iThemes Security with Froxlor and nginx.
<!--more-->Assuming you have this directory layout:
/var/customers/webs/[customer-name]/[domain-name]/htdocs
This is what i did to make it work on my froxlor installation:
1. Login to Froxlor as Administrator
2. Impersonate your wordpress customer by clicking on Customers -&gt; [his username]
3. As Customer click on Domain -&gt; Settings -&gt; [the small edit pensil to edit this domain]
4. Change &quot;Openbasedir-Path&quot; to &quot;Homefolder&quot; - this will **allow** PHP to **access** all files **from this customer**!
5. Wait for the froxlor crontask or run it manually
6. Login to your wordpress backend.
7. Goto Security-&gt;Settings and search for nginx, change the nginx config path to &quot;/var/customers/webs**/[customer-name]**/**[domain-name]**/nginx.conf&quot; and save, it should give a message about a sucessfull write of the nginx.conf!
8. Go back to the Froxlor Administrator Panel
9. Go to Domains -&gt; [small edit pensil to edit your customers domain]
10. Insert &quot;include /var/customers/webs/[customer-name]/[domain-name]/nginx.conf;&quot; to his &quot;Own vHost-Settings&quot;
11. Wait for the froxlor contask again.
12. Voila, now you have improved yours/your customers wordpress installation even more.
### Deprecated Method:
Took me a while to convert the Nginx rules from iThemes to "plain" Text so i could past them into froxlor.
This is what came out.
<pre class="brush:plain;">
# BEGIN iThemes Security
# BEGIN Tweaks
# Rules to block access to WordPress specific files and wp-includes
location ~ /\.ht { deny all; }
location ~ wp-config.php { deny all; }
location ~ readme.html { deny all; }
location ~ readme.txt { deny all; }
location ~ /install.php { deny all; }
location ^wp-includes/(.*).php { deny all; }
location ^/wp-admin/includes(.*)$ { deny all; }
# Rules to prevent php execution in uploads
location ^(.*)/uploads/(.*).php(.?){ deny all; }
# Rules to block unneeded HTTP methods
if ($request_method ~* &quot;^(TRACE|DELETE|TRACK)&quot;){ return 403; }
# Rules to block suspicious URIs
set $susquery 0;
if ($args ~* &quot;\.\./&quot;) { set $susquery 1; }
if ($args ~* &quot;\.(bash|git|hg|log|svn|swp|cvs)&quot;) { set $susquery 1; }
if ($args ~* &quot;etc/passwd&quot;) { set $susquery 1; }
if ($args ~* &quot;boot.ini&quot;) { set $susquery 1; }
if ($args ~* &quot;ftp:&quot;) { set $susquery 1; }
if ($args ~* &quot;http:&quot;) { set $susquery 1; }
if ($args ~* &quot;https:&quot;) { set $susquery 1; }
if ($args ~* &quot;(&lt;|%3C).*script.*(&gt;|%3E)&quot;) { set $susquery 1; }
if ($args ~* &quot;mosConfig_[a-zA-Z_]{1,21}(=|%3D)&quot;) { set $susquery 1; }
if ($args ~* &quot;base64_encode&quot;) { set $susquery 1; }
if ($args ~* &quot;(%24&amp;x)&quot;) { set $susquery 1; }
if ($args ~* &quot;(127.0)&quot;) { set $susquery 1; }
if ($args ~* &quot;(globals|encode|localhost|loopback)&quot;) { set $susquery 1; }
if ($args ~* &quot;(request|insert|concat|union|declare)&quot;) { set $susquery 1; }
if ($args !~ &quot;^loggedout=true&quot;){ set $susquery 0; }
if ($args !~ &quot;^action=jetpack-sso&quot;){ set $susquery 0; }
if ($args !~ &quot;^action=rp&quot;){ set $susquery 0; }
if ($http_cookie !~ &quot;^.*wordpress_logged_in_.*$&quot;){ set $susquery 0; }
if ($http_referer !~ &quot;^http://maps.googleapis.com(.*)$&quot;){ set $susquery 0; }
if ($susquery = 1) { return 403; }
# Rules to help reduce spam
location /wp-comments-post.php {
valid_referers jetpack.wordpress.com/jetpack-comment/ *.smile4.at;
set $rule_0 0;
if ($request_method ~ &quot;POST&quot;){ set $rule_0 1$rule_0; }
if ($invalid_referer) { set $rule_0 2$rule_0; }
if ($http_user_agent ~ &quot;^$&quot;){ set $rule_0 3$rule_0; }
if ($rule_0 = &quot;3210&quot;) { return 403; }
}
# END Tweaks
# END iThemes Security</pre>
Reference in New Issue View Git Blame Copy Permalink