# WordPress Common Settings


# Limit Access To Avoid Brute Force Attack
location = /wp-login.php {
	limit_req zone=one burst=1 nodelay;
	include fastcgi_params;
	fastcgi_pass php;
}

# Disable wp-config.txt
location = /wp-config.txt {
	deny  all;
	access_log off;
	log_not_found off;
}

# Disallow PHP In Upload Folder
location /wp-content/uploads/ {
	location ~ \.php$ {
		#Prevent Direct Access Of PHP Files From Web Browsers
		deny all;
	}
}