diff --git a/pages/docs/getting-started/installation.mdx b/pages/docs/getting-started/installation.mdx
index fc5ce88a..2989fe93 100644
--- a/pages/docs/getting-started/installation.mdx
+++ b/pages/docs/getting-started/installation.mdx
@@ -73,6 +73,16 @@ server {
 		return 403;
 	}
 
+	# Block /vendor completely
+	location ^~ /vendor/ {
+		return 403;
+	}
+	
+	# Block direct access to config.php
+	location = /config.php {
+		return 403;
+	}
+
 	# Block access to hidden files except .well-known
 	location ~ /\.(?!well-known\/) {
 		return 403;