Optimize nginx for wordpress performance

March 31, 2023 · 0 min read
Optimize nginx for wordpress performance

Here's a sample configuration for optimizing nginx for WordPress:

user  nginx;
worker_processes  auto;
worker_cpu_affinity auto;
pid        /var/run/nginx.pid;

events {
  worker_connections  4096;
  multi_accept on;

http {
  sendfile on;\n  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 15;
  types_hash_max_size 2048;
  # Add these to enable Gzip compression
  gzip on;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  # Maximum file upload size
  client_max_body_size 64m;

  # file descriptors
  worker_rlimit_nofile 100000;

  # Disable serving .htaccess files for security
  location ~ /\.ht {
      deny  all;

  # WordPress rules
  location / {
    # First attempt to serve request as file, then fallback to index.php
    try_files $uri $uri/ /index.php?$args;

  # Deny direct access to PHP files in the uploads directory
  location ~* /(?:uploads|files)/.*\.php$ {
      deny all;

  # WordPress php processing
  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

  # Cache static files for a month
  location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff|woff2|ttf|svg|otf|eot)$ {
    expires 30d;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";

  # Security settings
  add_header X-Frame-Options "SAMEORIGIN" always;
  add_header X-XSS-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header Referrer-Policy "strict-origin-when-cross-origin" always;
  add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always;

  # Access log settings
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

Remember to backup your existing configuration file before replacing it with this optimized configuration.