nginxconfig.io/public/templates/conf/nginxconfig.io/wordpress.conf.html

# WordPress: allow TinyMCE
location = /wp-includes/js/tinymce/wp-tinymce.php {
	try_files $uri =404;
	include nginxconfig.io/php_fastcgi.conf;
}

# WordPress: deny wp-content, wp-includes php files
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
	deny all;
}

# WordPress: deny wp-content/uploads nasty stuff
location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
	deny all;
}

# WordPress: deny wp-content/plugins (except earlier rules)
location ~ ^/wp-content/plugins {
	deny all;
}

# WordPress: deny scripts and styles concat
location ~* \/wp-admin\/load-(?:scripts|styles)\.php {
	deny all;
}

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
	deny all;
}<span ng-if="isLimitReq()">

# WordPress: throttle wp-login.php
location = /wp-login.php {
	limit_req zone=login burst=2 nodelay;
	try_files $uri =404;
	include nginxconfig.io/php_fastcgi.conf;
}</span>