roles/nginx: Add protection for PHP scripts in uploads directory

By the way, :? starts a non-capturing group (ie, don't save the
back references).

Signed-off-by: Alan Orth <alan.orth@gmail.com>

roles/nginx/templates/wordpress.j2

@@ -13,6 +13,13 @@
     # Add trailing slash to */wp-admin requests.
     rewrite /wp-admin$ $scheme://$host$uri/ permanent;
 
+    # Deny access to any files with a .php extension in the uploads directory
+    # Works in sub-directory installs and also in multisite network
+    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+    location ~* /(?:uploads|files)/.*\.php$ {
+        deny all;
+    }
+
     # Yoast SEO plugin
     # https://yoast.com/wordpress/plugins/seo/
     rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;