<![CDATA[How to secure my Woocommerce site in Nginx server ?]]>Hi lankadevs,

I'm new to nginx server i want to know how to secure my woocommerce site, i'm selling digital contents to my customers (photos, art works , etc), i want to protect digital content in the server side. please help me to achieve this task .

Thanks guys.

]]>https://lankadevelopers.lk/topic/141/how-to-secure-my-woocommerce-site-in-nginx-serverRSS for NodeWed, 17 Jun 2026 03:28:51 GMTSun, 10 Feb 2019 17:28:56 GMT60<![CDATA[Reply to How to secure my Woocommerce site in Nginx server ? on Sat, 23 Feb 2019 15:02:52 GMT]]>Thnaks yo very much @root , this is awesome

]]>https://lankadevelopers.lk/post/1088https://lankadevelopers.lk/post/1088Sat, 23 Feb 2019 15:02:52 GMT<![CDATA[Reply to How to secure my Woocommerce site in Nginx server ? on Sat, 16 Feb 2019 18:45:01 GMT]]>Special Block for woocommerce digital content security

location ~ /woocommerce_uploads {
   deny  all;
}
]]>https://lankadevelopers.lk/post/967https://lankadevelopers.lk/post/967Sat, 16 Feb 2019 18:45:01 GMT<![CDATA[Reply to How to secure my Woocommerce site in Nginx server ? on Sat, 16 Feb 2019 18:38:45 GMT]]>Add following content to /etc/nginx/sites-available/example.com file

#Deny access to wp-content folders for suspicious files
location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)\$ { deny all; }
location ~ ^/wp-content/uploads/sucuri { deny all; }
location ~ ^/wp-content/updraft { deny all; }

# Block nginx-help log from public viewing
location ~* /wp-content/uploads/nginx-helper/ { deny all; }
location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
  include /usr/local/nginx/conf/php.conf;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
location ~* /(?:uploads|files)/.*\.php\$ { deny all; }

# Deny access to uploads that aren’t images, videos, music, etc.
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf|css)$ {
    deny all;
}

# Block PHP files in content directory.
location ~* /wp-content/.*\.php\$ {
  deny all;
}

# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php\$ {
  deny all;
}

# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php\$ {
  deny all;
}

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)\$|^(\..*|Entries.*|Repository|Root|Tag|Template)\$|\.php_
{
return 444;
}

#nocgi
location ~* \.(pl|cgi|py|sh|lua)\$ {
return 444;
}

#disallow
location ~* (w00tw00t) {
return 444;
}
location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }

Add Following Headers to /etc/nginx/sites-available/example.com file

add_header X-Frame-Options SAMEORIGIN;

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

Source

  1. https://gist.github.com/ethanpil/1bfd01a817a8198369efec5c4cde6628
  2. https://gist.github.com/plentz/6737338
]]>https://lankadevelopers.lk/post/966https://lankadevelopers.lk/post/966Sat, 16 Feb 2019 18:38:45 GMT