Many website CMS platforms, especially WordPress, are vulnerable to certain attacks performed by malicious hackers. In some cases, these hackers seek to gain SEO benefits, while others may have other intentions in mind. Either way, here are 3 easy NGINX web rules that will help you prevent these attackers from injecting malware or gaining control over your website:
- This is to prevent Click Jacking:add_header X-Frame-Options “SAMEORIGIN”;
- This is to prevent XSS Attacks: https://geekflare.com/nginx-webserver-security-hardening-guide/ add_header X-XSS-Protection “1; mode=block”;
- This is another layer of protection to prevent TRACE, DELETE, PUT, or OPTIONS requests… you can update the command as needed if the site requires one of those protocols:if ($request_method !~ ^(GET|HEAD|POST)$ ){return 405;}
If you use WordPress, you may be interested in 5 tips to keep your WordPress site safe from hackers.
Leave A Comment