Here's a sample configuration for optimizing nginx for WordPress:
user nginx;
worker_processes auto;
worker_cpu_affinity auto;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
multi_accept on;
}
http {
sendfile on;\n tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
# Add these to enable Gzip compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# Maximum file upload size
client_max_body_size 64m;
# file descriptors
worker_rlimit_nofile 100000;
# Disable serving .htaccess files for security
location ~ /\.ht {
deny all;
}
# WordPress rules
location / {
# First attempt to serve request as file, then fallback to index.php
try_files $uri $uri/ /index.php?$args;
}
# Deny direct access to PHP files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# WordPress php processing
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# Cache static files for a month
location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff|woff2|ttf|svg|otf|eot)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# Security settings
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always;
# Access log settings
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}Remember to backup your existing configuration file before replacing it with this optimized configuration.
