@ditikos
You can secure nginx:
location /wp-content/content/ {
location ~ \.php$ {
deny all;
}
}
Above will prevent access to php file from web-browser. Applications that use old style-ajax may break (but its better they break today than rather create havoc tomorrow!)
