Hardened nginx configs with WAF rules, rate limiting, SSL optimization, and caching.
**Core Configs:**
– nginx.conf — optimized worker settings, gzip, buffers, timeouts
– ssl.conf — A+ SSL Labs grade: TLS 1.2-1.3, HSTS, OCSP stapling
– security.conf — hide version, frame options, XSS protection, content-type sniffing
– proxy.conf — WebSocket support, real IP forwarding, buffer tuning
**WAF Rules:**
– SQL injection patterns (union select, sleep, benchmark, information_schema)
– XSS vectors (script tags, event handlers, javascript URIs)
– Path traversal detection
– File inclusion detection
– User-agent blocking (scanners, bots, scrapers)
– Request method allowlisting (GET, POST, HEAD, OPTIONS only)
**Rate Limiting:**
– Zone-based: per-IP, per-endpoint, per-user-agent
– Burst + delay: allow short spikes, throttle sustained abuse
– WP-specific: login page (5 req/min), XML-RPC (blocked), wp-admin (20 req/min)
**Caching:**
– Static asset caching (CSS, JS, images, fonts) — 30+ day expiry
– Micro-caching for dynamic pages — 1s cache for anonymous users
– FastCGI cache for WordPress — 10x speed improvement
– Cache purge rules — auto-invalidate on content updates
**Bonus — WordPress-Specific:**
– Block PHP execution in uploads/
– Deny wp-config.php, .htaccess, xmlrpc.php access
– Hide WordPress version from headers and generator tags
**Tech:** Nginx, ModSecurity rules, Rate Limiting, FastCGI Cache, SSL/TLS, HTTP Security Headers
What You Get
- 📦 Nginx Security Config Pack