A practical guide to hardening Nginx and PHP-FPM on a single-admin server: user separation, SSH key authentication, connection limits, rate limiting, and PHP configuration defaults that won't get you compromised.
WordPress search queries can hammer your database and bring down a site under heavy load. Use Nginx rate limiting to cap search requests before they reach PHP.
Use Nginx's limit_req module to protect your site from HTTP floods and brute-force attacks — with real-world examples for static pages, PHP handlers, and login endpoints.
Basic authentication in Nginx is a quick way to gate a directory, an admin area, or an entire staging site behind a username and password. It's not a replacement for a full login system, but for internal tools, dev environments, or adding a second layer in front of something already protected, it does the job with almost no overhead.
If you are seeing this error this month (May 2025) and have tried searching the web for a fix you will find that there will be no fix that keeps SSL Stapling enabled. LetsEncrypt no longer includes OCSP URLs. Here's how to update your configuration.