Security: Block access to sensitive files in WordPress NGINX config

Added security blocks to prevent access to:

 • .git directories
 • Environment files (.env, .env.*)
 • Configuration/log files (.ini, .log, .conf, etc.)
 • Hidden files/directories (/.)

All blocked requests return 403 Forbidden, with logging disabled to reduce noise. This hardens the
WordPress installation against information disclosure attacks and unauthorized access to sensitive
development/config files.

Author: devoply

rootfs/etc/nginx/host.conf

@@ -32,6 +32,30 @@ location ~ ^/(?:\.htaccess){
   deny all;
 }
 
+location ~ /\.git {
+  deny all;
+  access_log off;
+  log_not_found off;
+}
+
+location ~ \.(env|env\..+)$ {
+  deny all;
+  access_log off;
+  log_not_found off;
+}
+
+location ~ \.(ini|log|conf|sql|yml|yaml|bak|config|dist|fla|psd|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl|xtmpl|bak|save|old|orig|template)$ {
+  deny all;
+  access_log off;
+  log_not_found off;
+}
+
+location ~ /\. {
+  deny all;
+  access_log off;
+  log_not_found off;
+}
+
 location = /wp-admin/install.php {
   deny all;
 }