~/virtual/home/joho | DeltaFelter | Stealth Cookie | FidoNet | Joaquim Homrighausen | joho68
Using the APIs over at trafiklab.se can yield some quite useful results. I needed to be able to display the commute stop departure times for public transport in a given place, so I wrote this WordPress plugin called Stopsign. It uses the Trafiklab.se API. The plugin is free (GPLv2) and open source.
Knock yourself out: github.com/joho1968/Stopsign
There are many posts about nginx, re-directs, PHP, and WordPress. There are somewhat fewer posts that talk about (internal) re-writes, where the request by the web browser is mangled to be served by another resource than the one requested.
For example, I may want a request for https://mysite.foo/cool/penguin to actually be served by https://mysite.foo/coolstuff.php?id=penguin, or simply setup an alias such as https://mysite.foo/cool/penguin to be served by https://mysite.foo/cool/linux, but preserve the URL in the browser address bar.
With PHP-FPM and nginx, you run into an additional problem, which is the fastcgi_parm variables that are passed from nginx to PHP-FPM. So even if you have really fancy URL re-writing configured (and working), the end result may not be passed on to PHP-FPM from nginx.
So solve this, you should look into this construct, which is present in many nginx configurations as a default setup:
fastcgi_param REQUEST_URI $request_uri;
Since your needs probably differ from mine, I wont make this post any longer than it has to be, but that fastcgi_param line above may be a good starting point if you’re experiencing problems with nginx, PHP-FPM, and URL re-writing.
Good luck!
The list of things to do to harden a WordPress site with Apache is long, but some things that could be done include:
FileETag None
<Files wp-config.php>
Require all denied
</Files>
<Files xmlrpc.php>
Require all denied
</Files>
<LocationMatch "/wp-content/uploads/.*(?i)\.php$">
Require all denied
</LocationMatch>