nginx settings for WordPress.

wordpress.conf

# https://codex.wordpress.org/Nginx
# Global restrictions configuration file.
# Deleted config for .htaccess, robots.txt, favicon restriction
# because they are already included in the default
# domain.conf created by ispconfig

# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
  deny all;
}

# Copied from iThemes security
# Rules to block access to WordPress specific files and wp-includes
location ~ /\.ht { deny all; }
location ~ wp-config.php { deny all; }
location ~ readme.html { deny all; }
location ~ readme.txt { deny all; }
location ~ /install.php { deny all; }
location ^/wp-admin/includes(.*)$ { deny all; }

# Rules to help reduce spam
location ~* (wp-comments-posts|wp-login)\.php$ {
	valid_referers jetpack.wordpress.com/jetpack-comment/ ;
	set $rule_0 0;
	if ($request_method ~ "POST"){ set $rule_0 1$rule_0; }
	if ($invalid_referer) { set $rule_0 2$rule_0; }
	if ($http_user_agent ~ "^$"){ set $rule_0 3$rule_0; }
	if ($rule_0 = "3210") { return 403; }
}

# WordPress single blog rules.
location / {
	try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off;
       log_not_found off;
       expires max;
}

# Pass all .php files onto a php-fpm/php-fcgi server.
# Removed this config because they are already included
# in the default domain.conf created by ispconfig

# Rewrite for YOAST SEO sitemap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;