# NGINX
# FILE: /usr/local/etc/nginx/conf.d/wordpress.conf


# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

# Directives to send expires headers and turn off 404 error logging for Static assets
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpe?g|gif|png|ico|zip|pdf|t?gz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|swf|bmp|txt|rtf|md)$ {
    access_log off;
    log_not_found off;
    expires max;

    # CORS headers; this is wide-open, you want to tight it up a bit
    add_header Cache-Control public;
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods GET,OPTIONS;
    add_header Access-Control-Allow-Headers *;
}

# Attempted to match last if rules below fail.
location / {
    try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Pass PHP scripts to PHP-FPM daemon
# Check: http://wiki.nginx.org/Pitfalls
location ~* \.php$ {
    # filter out problem conditions
    try_files $uri $uri/ =404;

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send requests to upstream
    fastcgi_pass phpfpm;
}