server { listen 443 http2 ssl; server_name yowpdomain.example.com; index index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; } # hide any hidden files location ~ /\. { deny all; } # except for .well-known location ^~ /.well-known { allow all; } # limit xmlrpc access # this is a management API location ~* /xmlrpc.php$ { allow 127.0.0.1; deny all; } }