diff --git a/etc/nginx/common/locations-php7.conf b/etc/nginx/common/locations-php7.conf
index 81b4cc0..43dc5ad 100644
--- a/etc/nginx/common/locations-php7.conf
+++ b/etc/nginx/common/locations-php7.conf
@@ -15,10 +15,14 @@ location @empty {
 location = /robots.txt {
 # Some WordPress plugin gererate robots.txt file
 # Refer #340 issue
-    try_files $uri $uri/ /index.php?$args;
+    try_files $uri $uri/ /index.php?$args @robots;
     access_log off;
     log_not_found off;
 }
+# fallback for robots.txt with default wordpress rules
+location @robots {
+   return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
+}
 # Cache static files
 location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
     add_header "Access-Control-Allow-Origin" "*";
diff --git a/etc/nginx/common/locations-php71.conf b/etc/nginx/common/locations-php71.conf
index 029c6c5..e537320 100644
--- a/etc/nginx/common/locations-php71.conf
+++ b/etc/nginx/common/locations-php71.conf
@@ -15,10 +15,14 @@ location @empty {
 location = /robots.txt {
 # Some WordPress plugin gererate robots.txt file
 # Refer #340 issue
-    try_files $uri $uri/ /index.php?$args;
+    try_files $uri $uri/ /index.php?$args @robots;
     access_log off;
     log_not_found off;
 }
+# fallback for robots.txt with default wordpress rules
+location @robots {
+   return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
+}
 # Cache static files
 location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
     add_header "Access-Control-Allow-Origin" "*";
diff --git a/etc/nginx/common/locations-php72.conf b/etc/nginx/common/locations-php72.conf
index 029c6c5..e537320 100644
--- a/etc/nginx/common/locations-php72.conf
+++ b/etc/nginx/common/locations-php72.conf
@@ -15,10 +15,14 @@ location @empty {
 location = /robots.txt {
 # Some WordPress plugin gererate robots.txt file
 # Refer #340 issue
-    try_files $uri $uri/ /index.php?$args;
+    try_files $uri $uri/ /index.php?$args @robots;
     access_log off;
     log_not_found off;
 }
+# fallback for robots.txt with default wordpress rules
+location @robots {
+   return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
+}
 # Cache static files
 location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
     add_header "Access-Control-Allow-Origin" "*";
diff --git a/etc/nginx/common/locations.conf b/etc/nginx/common/locations.conf
index 0d9ba76..db549c4 100644
--- a/etc/nginx/common/locations.conf
+++ b/etc/nginx/common/locations.conf
@@ -15,10 +15,14 @@ location @empty {
 location = /robots.txt {
 # Some WordPress plugin gererate robots.txt file
 # Refer #340 issue
-    try_files $uri $uri/ /index.php?$args;
+    try_files $uri $uri/ /index.php?$args @robots;
     access_log off;
     log_not_found off;
 }
+# fallback for robots.txt with default wordpress rules
+location @robots {
+   return 200 "User-agent: *\nDisallow: /wp-admin/\nAllow: /wp-admin/admin-ajax.php\n";
+}
 # Cache static files
 location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|zip|webm|mp3|aac|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
     add_header "Access-Control-Allow-Origin" "*";
diff --git a/etc/nginx/conf.d/fastcgi.conf b/etc/nginx/conf.d/fastcgi.conf
index dff039a..af87ce1 100644
--- a/etc/nginx/conf.d/fastcgi.conf
+++ b/etc/nginx/conf.d/fastcgi.conf
@@ -11,3 +11,6 @@ fastcgi_temp_file_write_size 512K;
 fastcgi_param SERVER_NAME $http_host;
 fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
 fastcgi_keep_conn on;
+fastcgi_cache_background_update on;
+fastcgi_socket_keepalive on;
+
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 39e51b1..bc662da 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -101,6 +101,7 @@ http
     more_set_headers "X-Xss-Protection : 1; mode=block";
     more_set_headers "X-Content-Type-Options : nosniff";
     more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
+    more_set_headers "X-Download-Options : noopen;";
 
     ##
     # Basic Settings
diff --git a/etc/php/7.0/cli/php.ini b/etc/php/7.0/cli/php.ini
index 4f45177..7420721 100644
--- a/etc/php/7.0/cli/php.ini
+++ b/etc/php/7.0/cli/php.ini
@@ -5,15 +5,15 @@ precision = 14
 output_buffering = 8096
 zlib.output_compression = Off
 implicit_flush = Off
-unserialize_callback_func = 
+unserialize_callback_func =
 serialize_precision = 17
 disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
-disable_classes = 
+disable_classes =
 zend.enable_gc = On
 expose_php = Off
-max_execution_time = 300
-max_input_time = 600
-max_input_vars = 10000
+max_execution_time = 1800
+max_input_time = 1800
+max_input_vars = 20000
 memory_limit = -1
 error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 display_errors = Off
@@ -30,12 +30,12 @@ request_order = "GP"
 register_argc_argv = Off
 auto_globals_jit = On
 post_max_size = 128M
-auto_prepend_file = 
-auto_append_file = 
+auto_prepend_file =
+auto_append_file =
 default_mimetype = "text/html"
 default_charset = "UTF-8"
-doc_root = 
-user_dir = 
+doc_root =
+user_dir =
 enable_dl = Off
 file_uploads = On
 upload_max_filesize = 128M
diff --git a/etc/php/7.0/pool.d/www-sock.conf b/etc/php/7.0/pool.d/www-sock.conf
index cb7924a..5e3d3ab 100644
--- a/etc/php/7.0/pool.d/www-sock.conf
+++ b/etc/php/7.0/pool.d/www-sock.conf
@@ -1,4 +1,4 @@
-[www-sock]
+[php70-fpm-sock]
 user = www-data
 group = www-data
 prefix = /var/run
diff --git a/etc/php/7.0/pool.d/www-two-sock..conf b/etc/php/7.0/pool.d/www-two-sock..conf
index 5c09206..08acfc5 100644
--- a/etc/php/7.0/pool.d/www-two-sock..conf
+++ b/etc/php/7.0/pool.d/www-two-sock..conf
@@ -1,4 +1,4 @@
-[www-two-sock]
+[php70-fpm-two-sock]
 user = www-data
 group = www-data
 prefix = /var/run
diff --git a/etc/php/7.1/fpm/php.ini b/etc/php/7.1/fpm/php.ini
index 271f280..8c12137 100644
--- a/etc/php/7.1/fpm/php.ini
+++ b/etc/php/7.1/fpm/php.ini
@@ -26,7 +26,6 @@ ignore_repeated_source = Off
 report_memleaks = On
 track_errors = Off
 html_errors = On
-
 variables_order = "GPCS"
 request_order = "GP"
 register_argc_argv = Off
@@ -52,19 +51,16 @@ cli_server.color = On
 [Date]
 date.timezone = Europe/Paris
 
-
 [filter]
 
 [iconv]
 
 [intl]
 
-
 [sqlite3]
 
 [Pcre]
 
-
 [Pdo]
 
 [Pdo_mysql]
@@ -81,7 +77,6 @@ SMTP = localhost
 smtp_port = 25
 mail.add_x_header = On
 
-
 [SQL]
 
 sql.safe_mode = Off
@@ -89,77 +84,48 @@ sql.safe_mode = Off
 [ODBC]
 
 odbc.allow_persistent = On
-
 odbc.check_persistent = On
-
 odbc.max_persistent = -1
-
 odbc.max_links = -1
-
 odbc.defaultlrl = 4096
-
 odbc.defaultbinmode = 1
 
 [Interbase]
 
 ibase.allow_persistent = 1
-
 ibase.max_persistent = -1
-
 ibase.max_links = -1
-
 ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
-
 ibase.dateformat = "%Y-%m-%d"
-
 ibase.timeformat = "%H:%M:%S"
 
 [MySQLi]
 
 mysqli.max_persistent = -1
-
-
 mysqli.allow_persistent = On
-
 mysqli.max_links = -1
-
 mysqli.cache_size = 2000
-
-
 mysqli.default_port = 3306
-
 mysqli.default_socket =
-
 mysqli.default_host =
-
 mysqli.default_user =
-
 mysqli.default_pw =
-
 mysqli.reconnect = Off
 
 [mysqlnd]
 
 mysqlnd.collect_statistics = On
-
 mysqlnd.collect_memory_statistics = Off
 
-
-
 [OCI8]
 
 [PostgreSQL]
 
 pgsql.allow_persistent = On
-
 pgsql.auto_reset_persistent = Off
-
 pgsql.max_persistent = -1
-
 pgsql.max_links = -1
-
 pgsql.ignore_notice = 0
-
 pgsql.log_notice = 0
 
 [bcmath]
@@ -171,48 +137,26 @@ bcmath.scale = 0
 [Session]
 
 session.save_handler = files
-
 session.use_strict_mode = 0
-
 session.use_cookies = 1
-
 session.cookie_secure = 1
-
 session.use_only_cookies = 1
-
 session.name = PHPSESSID
-
 session.auto_start = 0
-
 session.cookie_lifetime = 0
-
 session.cookie_path = /
-
 session.cookie_domain =
-
 session.cookie_httponly = 1
-
 session.serialize_handler = php
-
 session.gc_probability = 0
-
-
 session.gc_divisor = 1000
-
 session.gc_maxlifetime = 1440
-
 session.referer_check =
-
 session.cache_limiter = nocache
-
 session.cache_expire = 180
-
 session.use_trans_sid = 0
-
 session.sid_length = 26
-
 session.trans_sid_tags = "a=href,area=href,frame=src,form="
-
 session.sid_bits_per_character = 5
 
 [Assertion]
@@ -223,13 +167,10 @@ zend.assertions = -1
 
 [mbstring]
 
-
 [gd]
 
-
 [exif]
 
-
 [Tidy]
 
 tidy.clean_output = Off
@@ -237,11 +178,8 @@ tidy.clean_output = Off
 [soap]
 
 soap.wsdl_cache_enabled=1
-
 soap.wsdl_cache_dir="/tmp"
-
 soap.wsdl_cache_ttl=86400
-
 soap.wsdl_cache_limit = 5
 
 [sysvshm]
@@ -254,9 +192,7 @@ ldap.max_links = -1
 
 [dba]
 
-
 [opcache]
-
 opcache.enable=1
 opcache.enable_cli=1
 opcache.interned_strings_buffer=8
@@ -264,8 +200,9 @@ opcache.max_accelerated_files=10000
 opcache.memory_consumption=256
 opcache.save_comments=1
 opcache.revalidate_freq=1
+opcache.consistency_checks=0
+opcache.validate_timestamps=0
 
 [curl]
 
-
 [openssl]
diff --git a/etc/php/7.1/fpm/pool.d/www-sock.conf b/etc/php/7.1/fpm/pool.d/www-sock.conf
index 1e930fd..ac9982a 100644
--- a/etc/php/7.1/fpm/pool.d/www-sock.conf
+++ b/etc/php/7.1/fpm/pool.d/www-sock.conf
@@ -1,4 +1,4 @@
-[www-sock]
+[php71-fpm-sock]
 user = www-data
 group = www-data
 prefix = /var/run
diff --git a/etc/php/7.1/fpm/pool.d/www-two-sock..conf b/etc/php/7.1/fpm/pool.d/www-two-sock..conf
index 26aab82..24eb1bc 100644
--- a/etc/php/7.1/fpm/pool.d/www-two-sock..conf
+++ b/etc/php/7.1/fpm/pool.d/www-two-sock..conf
@@ -1,4 +1,4 @@
-[www-two-sock]
+[php71-fpm-two-sock]
 user = www-data
 group = www-data
 prefix = /var/run
diff --git a/etc/php/7.2/cli/php.ini b/etc/php/7.2/cli/php.ini
index 7be1582..077699c 100644
--- a/etc/php/7.2/cli/php.ini
+++ b/etc/php/7.2/cli/php.ini
@@ -11,10 +11,10 @@ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexi
 disable_classes =
 zend.enable_gc = On
 expose_php = Off
-max_execution_time = 300
-max_input_vars = 10000
-max_input_time = 600
-memory_limit = 256M
+max_execution_time = -1
+max_input_vars = 20000
+max_input_time = 1800
+memory_limit = -1
 error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 display_errors = Off
 display_startup_errors = Off
@@ -178,6 +178,8 @@ opcache.max_accelerated_files=10000
 opcache.memory_consumption=256
 opcache.save_comments=1
 opcache.revalidate_freq=1
+opcache.consistency_checks=0
+opcache.validate_timestamps=0
 
 [curl]
 
diff --git a/etc/php/7.2/fpm/pool.d/www-sock.conf b/etc/php/7.2/fpm/pool.d/www-sock.conf
index 13a202b..d6dacb6 100644
--- a/etc/php/7.2/fpm/pool.d/www-sock.conf
+++ b/etc/php/7.2/fpm/pool.d/www-sock.conf
@@ -1,4 +1,4 @@
-[www-sock]
+[php72-fpm-sock]
 user = www-data
 group = www-data
 prefix = /var/run
@@ -14,9 +14,9 @@ catch_workers_output = yes
 
 pm = ondemand
 pm.max_children = 100
-pm.start_servers = 20
-pm.min_spare_servers = 10
-pm.max_spare_servers = 30
+pm.start_servers = 10
+pm.min_spare_servers = 5
+pm.max_spare_servers = 25
 ping.path = /ping
 pm.status_path = /status
 pm.max_requests = 500
diff --git a/etc/php/7.2/fpm/pool.d/www-two-sock..conf b/etc/php/7.2/fpm/pool.d/www-two-sock..conf
index 23aae5b..9a5a60e 100644
--- a/etc/php/7.2/fpm/pool.d/www-two-sock..conf
+++ b/etc/php/7.2/fpm/pool.d/www-two-sock..conf
@@ -1,4 +1,4 @@
-[www-two-sock]
+[php72-fpm-two-sock]
 user = www-data
 group = www-data
 prefix = /var/run
@@ -14,9 +14,9 @@ catch_workers_output = yes
 
 pm = ondemand
 pm.max_children = 100
-pm.start_servers = 20
-pm.min_spare_servers = 10
-pm.max_spare_servers = 30
+pm.start_servers = 10
+pm.min_spare_servers = 5
+pm.max_spare_servers = 25
 ping.path = /ping
 pm.status_path = /status
 pm.max_requests = 500
diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
index b221c8a..cb5c660 100644
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@@ -39,7 +39,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 # Host keys the client accepts - order here is honored by OpenSSH
 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
 
-# use strong ciphers (you may have to comment those lines with some sftp clients)
-KexAlgorithms curve25519-sha256@libssh.org
-Ciphers chacha20-poly1305@openssh.com
-MACs umac-128-etm@openssh.com,umac-128@openssh.com
+# use strong ciphers
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
\ No newline at end of file