I'm trying to serve the static files from a Wordpress installation and I'm using a symbolic link placed in the NGINX folder pointing to the wp-content/uploads folder.
Every file is being served correctly, but unfortunately there are some plugins that include some of their .php files inside this folder, so NGINX serve them as static files, leading to potential security risks.
Is there any way to instruct NGINX to return a Forbidden 403 error when trying to access .php files?
Thanks in advance.
asked Sep 20 '11 at 13:23
You can't make Nginx return a 403 for those files.
Instead, you can use a second symlink app to serve those PHP files via Apache.
For example, if you have some PHP file at
That way, requests for http://yourdomain.com/wp-content/uploads/someplugin/whatever.php will be served by Apache and have the PHP processed normally, so Nginx won't serve the PHP as a static file.
Hope that helps!
answered Sep 20 '11 at 15:44