We provide guidance on using NGINX to mitigate the recently discovered vulnerability in PHP-FPM (CVE-2019-11043). The vulnerability is triggered when the PATH_INFO variable passed to PHP-FPM with an invalid value, which can happen in a common NGINX configuration.
NGINX Unit 1.2, available now, adds environment variables across application languages, versions, and sessions; php.ini configuration; and command-line configuration for Go executables. Parameters can still be defined dynamically, with no disruption to running services or loss of connectivity.
NGINX Unit supports PHP, which is very widely used for web programming. NGINX Unit therefore supports WordPress, written in PHP, and which is a content management system and application used by more than 30% of the sites on the Web. Use this blog post to install Unit and NGINX together with WordPress.
Maximize NGINX PHP performance vs. Apache, at the web server level, and NGINX PHP performance by implementing a reverse proxy server.
Learn how to optimize your PHP applications by upgrading to PHP 7 and using NGINX for web serving, caching static files, and microcaching dynamic files.