# try for WordPress index.php in /
# fall back to index.php + args (passed to php-fpm later)
# also serves static files from the disk instead of passing to interpreter,
location / {
try_files $uri $uri/ /index.php?$args;
location ~* \.(?:ico|css|js|gif|jpe?g|png|svg)$ {
add_header Cache-Control "public, max-age=604800";
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
# Yoast SEO plugin
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;