# Nginx UI Template Start
name = "WordPress Security"
author = "@sanvu88"
description = { en = "WordPress Security Config", zh_CN = "WordPress 安全配置", vi_VN = "Cấu hình bảo mật cho WordPress"}

[variables.blockUserAPI]
type = "boolean"
name = { en = "Block WordPress User API", zh_CN = "禁用用户 API", vi_VN = "Chặn truy cập danh sách user"}
value = true

[variables.blockXMLRPC]
type = "boolean"
name = { en = "Block WordPress XMLRPC", zh_CN = "禁用 XMLRPC", vi_VN = "Chặn truy cập xmlrpc.php"}
value = true
# Nginx UI Template End

{{- if .blockUserAPI }}
location ~* /wp-json/wp/v2/users {
    return 444;
}
{{- end }}

{{- if .blockXMLRPC }}
location = /xmlrpc.php {
    return 444;
}
{{- end }}

location ~* wp-admin/includes { return 444; }
location ~* wp-includes/theme-compat { return 444; }

location /wp-includes/ {
    location ~ \.(gz|tar|bzip2|7z|php|php5|php7|log|error|py|pl|kid|love|cgi|shtml|phps|pht|jsp|asp|sh|bash)$ {
        access_log off;
        log_not_found off;
        return 444;
    }
}

location /wp-content/uploads/ {
    location ~ \.(gz|tar|bzip2|7z|php|php5|php7|log|error|py|pl|kid|love|cgi|shtml|phps|pht|jsp|asp|sh|bash)$ {
        access_log off;
        log_not_found off;
        return 444;
    }
}

location /wp-content/cache/ {
    location ~ \.(php|php5|php7|log|error|py|pl|kid|love|cgi|shtml|phps|pht|jsp|asp|sh|bash)$ {
        access_log off;
        log_not_found off;
        return 444;
    }
}

location /wp-content/plugins/ {
  location ~ \.(htm|shtml|php|swf|phps|pht|log|error|py|pl|kid|love|cgi|jsp|asp|sh|bash)$ {
    access_log off;
    log_not_found off;
    return 444;
  }
}

location /wp-content/plugins/onesignal-free-web-push-notifications/ {
    access_log off;
    log_not_found off;
    allow all;
}

location /wp-content/updraft/ {
    access_log off;
    log_not_found off;
    return 444;
}

location /wp-content/backups-dup-pro/ {
    access_log off;
    log_not_found off;
    return 444;
}

location /wp-snapshots/ {
    access_log off;
    log_not_found off;
    return 444;
}

location /wp-content/uploads/sucuri/ {
    access_log off;
    log_not_found off;
    return 444;
}

location /wp-content/uploads/nginx-helper/ {
    access_log off;
    log_not_found off;
    return 444;
}

location ~* ^/(?:wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    access_log off;
    log_not_found off;
    return 444;
}