diff --git a/nginx-sample.conf b/nginx-sample.conf
index e601abcb2..fb3967b59 100644
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -13,9 +13,16 @@ server {
 		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	location /vendor {
 		deny all;
+		return 404;
+	}
+
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
+		deny all;
+		return 404;
 	}
 
 	# block git files and folders