# WordPress COMMON SETTINGS
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
# Limit access to avoid brute force attack
location = /wp-login.php {
  limit_req zone=one burst=1 nodelay;
  include fastcgi_params;
  fastcgi_pass php7;
}
# Disable wp-config.txt
location = /wp-config.txt {
  deny all;
  access_log off;
  log_not_found off;
}
# Disallow php in upload folder
location /wp-content/uploads/ {
  location ~ \.php$ {
    #Prevent Direct Access Of PHP Files From Web Browsers
    deny all;
  }
}