feat(plugins): deny access to .txt and .md files in plugin directories (#1625)

Author: AltanS

roles/wordpress-setup/templates/wordpress-site.conf.j2

@@ -170,6 +170,13 @@ server {
   }
   {% endblock %}
 
+  {% block plugin_theme_docs_files -%}
+  # Block .txt and .md files in plugins, mu-plugins, and themes directories to prevent version disclosure
+  location ~* /app/(plugins|mu-plugins|themes)/.+\.(txt|md)$ {
+    deny all;
+  }
+  {% endblock %}
+
   {% block location_primary -%}
   location / {
     try_files $uri $uri/ /index.php?$args;