diff --git a/webserver-configs/nginx.conf b/webserver-configs/nginx.conf
index 18db9fdd5..640964a6d 100644
--- a/webserver-configs/nginx.conf
+++ b/webserver-configs/nginx.conf
@@ -16,6 +16,17 @@ server {
     }
     ## End - Index
 
+    ## Begin - Security
+    # deny all direct access for these folders
+    location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
+    # deny running scripts inside core system folders
+    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny running scripts inside user folder
+    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny access to specific files in the root folder
+    location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
+    ## End - Security
+
     ## Begin - PHP
     location ~ \.php$ {
         # Choose either a socket or TCP/IP address
@@ -28,16 +39,5 @@ server {
         fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
     }
     ## End - PHP
-
-    ## Begin - Security
-    # deny all direct access for these folders
-    location ~* /(.git|cache|bin|logs|backups|tests)/.*$ { return 403; }
-    # deny running scripts inside core system folders
-    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
-    # deny running scripts inside user folder
-    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
-    # deny access to specific files in the root folder
-    location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
-    ## End - Security
 }