diff --git a/etc/nginx/common/php73.conf b/etc/nginx/common/php73.conf
new file mode 100644
index 0000000..ed59698
--- /dev/null
+++ b/etc/nginx/common/php73.conf
@@ -0,0 +1,10 @@
+# PHP NGINX CONFIGURATION
+# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
+location / {
+  try_files $uri $uri/ /index.php$is_args$args;
+}
+location ~ \.php$ {
+  try_files $uri =404;
+  include fastcgi_params;
+  fastcgi_pass php73;
+}
diff --git a/etc/nginx/common/redis-php72.conf b/etc/nginx/common/redis-php72.conf
index 6cb6545..b1a4e28 100644
--- a/etc/nginx/common/redis-php72.conf
+++ b/etc/nginx/common/redis-php72.conf
@@ -18,7 +18,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
 }
 # Use cached or actual file if they exists, Otherwise pass request to WordPress
 location / {
-  try_files $uri $uri/ /index.php?$args;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
 
 location /redis-fetch {
diff --git a/etc/nginx/common/w3tc-php72.conf b/etc/nginx/common/w3tc-php72.conf
index 24b948c..0f194b5 100644
--- a/etc/nginx/common/w3tc-php72.conf
+++ b/etc/nginx/common/w3tc-php72.conf
@@ -19,7 +19,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
 }
 # Use cached or actual file if they exists, Otherwise pass request to WordPress
 location / {
-  try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args;
+  try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args;
 }
 location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
   try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
diff --git a/etc/nginx/common/wp-fcgi-cache-php72.conf b/etc/nginx/common/wp-fcgi-cache-php72.conf
index 66535cc..98d9fc2 100644
--- a/etc/nginx/common/wp-fcgi-cache-php72.conf
+++ b/etc/nginx/common/wp-fcgi-cache-php72.conf
@@ -3,7 +3,7 @@
 add_header X-fastcgi-cache $upstream_cache_status;
 
 location / {
-  try_files $uri $uri/ /index.php?$args;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
 
 location ~ \.php$ {
diff --git a/etc/nginx/common/wpfc-php72.conf b/etc/nginx/common/wpfc-php72.conf
index dc10e43..eefad1e 100644
--- a/etc/nginx/common/wpfc-php72.conf
+++ b/etc/nginx/common/wpfc-php72.conf
@@ -18,7 +18,7 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no
 }
 # Use cached or actual file if they exists, Otherwise pass request to WordPress
 location / {
-  try_files $uri $uri/ /index.php?$args;
+  try_files $uri $uri/ /index.php$is_args$args;
 }
 location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
   try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
diff --git a/etc/nginx/conf.d/map-wp-fastcgi-cache.conf b/etc/nginx/conf.d/map-wp-fastcgi-cache.conf
index 0b8d630..170b8eb 100644
--- a/etc/nginx/conf.d/map-wp-fastcgi-cache.conf
+++ b/etc/nginx/conf.d/map-wp-fastcgi-cache.conf
@@ -24,15 +24,9 @@ map $request_uri $uri_no_cache {
     "~*/sitemap(_index)?.xml" 1;
     "~*/wp-comments-popup.php" 1;
     "~*/wp-links-opml.php" 1;
-    "~*/wp-locations.php" 1;
-    "~*/wp-.*.php" 1;
     "~*/xmlrpc.php" 1;
-    "~*/wp-app.php" 1;
-    "~*/wp-login.php" 1;
-    "~*/wp-register.php" 1;
-    "~*/wp-mail.php" 1;
 }
-map $query_string $query_no_cache {
+map $is_args $query_no_cache {
     default 1;
     "" 0;
 }
diff --git a/etc/nginx/conf.d/stub_status.conf b/etc/nginx/conf.d/stub_status.conf
index e4f8ec0..35a410d 100644
--- a/etc/nginx/conf.d/stub_status.conf
+++ b/etc/nginx/conf.d/stub_status.conf
@@ -1,8 +1,8 @@
 upstream phpstatus {
     server 127.0.0.1:9000;
-    server unix:/run/php/php7.0-fpm.sock;
-    server 127.0.0.1:9070;
-    server unix:/run/php70-fpm.sock;
+    server unix:/run/php/php7.2-fpm.sock;
+    server 127.0.0.1:9090;
+    server unix:/run/php72-fpm.sock;
 }
 
 server {
diff --git a/etc/nginx/nginx-intermediate.conf b/etc/nginx/nginx-intermediate.conf
index e94a6a2..3fc57ff 100644
--- a/etc/nginx/nginx-intermediate.conf
+++ b/etc/nginx/nginx-intermediate.conf
@@ -84,18 +84,21 @@ http
     ##
     # intermediate configuration. tweak to your needs.
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-    ssl_ciphers 'TLS13+AESGCM+AES128:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+    ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:50m;
     ssl_session_timeout 1d;
     ssl_session_tickets off;
     ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
 
-    ##Common headers for security
+    # Common security headers
     more_set_headers "X-Frame-Options : SAMEORIGIN";
     more_set_headers "X-Xss-Protection : 1; mode=block";
     more_set_headers "X-Content-Type-Options : nosniff";
     more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
+    more_set_headers "X-Download-Options : noopen";
+    more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";
+
 
     ##
     # Basic Settings
@@ -125,33 +128,9 @@ http
     ##
     # Gzip Settings
     ##
+    # mitigation of CRIME/BREACH attacks
+    gzip off;
 
-    gzip on;
-    gzip_disable "msie6";
-
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types
-    application/atom+xml
-    application/javascript
-    application/json
-    application/rss+xml
-    application/vnd.ms-fontobject
-    application/x-font-ttf
-    application/x-web-app-manifest+json
-    application/xhtml+xml
-    application/xml
-    font/opentype
-    image/svg+xml
-    image/x-icon
-    text/css
-    text/plain
-    text/x-component
-    text/xml
-    text/javascript;
 
     ##
     # Brotli Settings
diff --git a/etc/nginx/nginx-tlsv12.conf b/etc/nginx/nginx-tlsv12.conf
index afaa4e9..3046ae3 100644
--- a/etc/nginx/nginx-tlsv12.conf
+++ b/etc/nginx/nginx-tlsv12.conf
@@ -88,11 +88,14 @@ http
     ssl_session_tickets off;
     ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
 
-    ##Common headers for security
+    # Common security headers
     more_set_headers "X-Frame-Options : SAMEORIGIN";
     more_set_headers "X-Xss-Protection : 1; mode=block";
     more_set_headers "X-Content-Type-Options : nosniff";
     more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
+    more_set_headers "X-Download-Options : noopen";
+    more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";
+
     ##
     # Basic Settings
     ##
@@ -121,33 +124,9 @@ http
     ##
     # Gzip Settings
     ##
+    # mitigation of CRIME/BREACH attacks
+    gzip off;
 
-    gzip on;
-    gzip_disable "msie6";
-
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types
-    application/atom+xml
-    application/javascript
-    application/json
-    application/rss+xml
-    application/vnd.ms-fontobject
-    application/x-font-ttf
-    application/x-web-app-manifest+json
-    application/xhtml+xml
-    application/xml
-    font/opentype
-    image/svg+xml
-    image/x-icon
-    text/css
-    text/plain
-    text/x-component
-    text/xml
-    text/javascript;
 
     ##
     # Brotli Settings
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 84dbacc..d72797b 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -94,7 +94,7 @@ http
     ssl_early_data off;
 
     ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
+    ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:50m;
     ssl_session_timeout 1d;
@@ -106,7 +106,8 @@ http
     more_set_headers "X-Xss-Protection : 1; mode=block";
     more_set_headers "X-Content-Type-Options : nosniff";
     more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
-    more_set_headers "X-Download-Options : noopen;";
+    more_set_headers "X-Download-Options : noopen";
+    more_set_headers "Feature-Policy : geolocation none; midi none; notifications none; push none; sync-xhr none; microphone none; camera none; magnetometer none; gyroscope none; speaker none; vibrate none; fullscreen self; payment none; usb none";
 
     ##
     # Basic Settings
@@ -136,37 +137,8 @@ http
     ##
     # Gzip Settings
     ##
-
-    gzip on;
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_types application/atom+xml
-	    application/javascript
-	    application/json
-		application/ld+json
-		application/manifest+json
-	    application/rss+xml
-		application/vnd.geo+json
-	    application/vnd.ms-fontobject
-	    application/x-font-ttf
-	    application/x-web-app-manifest+json
-	    application/xhtml+xml
-	    application/xml
-	    font/opentype
-		image/bmp
-	    image/svg+xml
-	    image/x-icon
-    	text/cache-manifest
-    	text/css
-    	text/plain
-    	text/vcard
-    	text/vnd.rim.location.xloc
-   	    text/vtt
-        text/x-component
-        text/x-cross-domain-policy
-        text/javascript;
+    # mitigation of CRIME/BREACH attacks
+    gzip off;
 
     ##
     # Brotli Settings
diff --git a/etc/nginx/sites-available/22222 b/etc/nginx/sites-available/22222
index 40f4feb..058c406 100644
--- a/etc/nginx/sites-available/22222
+++ b/etc/nginx/sites-available/22222
@@ -23,7 +23,7 @@ server {
   include common/acl.conf;
 
   location / {
-    try_files $uri $uri/ /index.php?$args;
+  try_files $uri $uri/ /index.php$is_args$args;
   }
 
   # nginx-vts-status
@@ -48,24 +48,7 @@ server {
     fastcgi_pass php72;
   }
 
-  # ViMbAdmin Rules
-  location = /vimbadmin/ {
-    return 301 $scheme://$host:22222/vimbadmin/public/;
-  }
-
-
-
-  location ~* /vimbadmin/public/(.*)/(.*) {
-    root /var/www/22222/htdocs/vimbadmin/public;
-    try_files $uri $uri/  /vimbadmin/public/index.php?$args;
-  }
-
-  location ~* /vimbadmin/public/(.*) {
-    root /var/www/22222/htdocs/vimbadmin/public;
-    try_files $uri $uri/  /vimbadmin/public/index.php?$args;
-  }
-
-   location /netdata {
+  location /netdata {
         return 301 /netdata/;
    }