WordPress could get very slow if used without limitations or protection. I wrote about Nginx HttpLimitReqModule and HttpLimitZoneModule a while ago which could be customised as following to protect WordPress blog.
- http{
- ....
-
- geo $limited {
- default 1;
- 127.0.0.1 0;
- }
-
- map $limited $limit {
- 1 $binary_remote_addr;
- 0 "";
- }
-
- #http://wiki.nginx.org/HttpLimitConnModule
- #concurrent connections limited to 200
- limit_conn_zone $limit zone=concurrent:10m;
- limit_conn_log_level warn;
- limit_conn concurrent 200;
-
-
- #http://wiki.nginx.org/HttpLimitReqModule
- #PHP serve zone to limit requests to 50 per second
- limit_req_zone $limit zone=php:10m rate=50r/s;
-
- #limit searches to 100 request per minute
- limit_req_zone $limit zone=search:10m rate=100r/m;
-
- #login zone to limit login request to 1 request per second
- limit_req_zone $limit zone=login:10m rate=1r/s;
-
- limit_req_log_level warn;
-
- server {
- .....
-
- error_page 449 = @search;
- #limit search requests
- if ( $arg_s ){
- return 449;
- }
- location @search {
- limit_req zone=search nodelay;
- rewrite / /index.php?$args last;
- include /etc/nginx/fastcgi_params;
- }
-
- location = /wp-login.php {
- limit_req zone=login nodelay;
- include /etc/nginx/fastcgi_params;
- }
-
- location ~ \.php$ {
- limit_req zone=php burst=50;
- include /etc/nginx/fastcgi_params;
- }
