Wordpress NGINX configurarion - http://jesus.perezpaz.es/2014/02/wordpress-nginx-configuration/

wordpress-nginx-conf

server {
    listen   80; ## listen for ipv4
    listen   [::]:80; ## listen for ipv6
    server_name domain.com;
    access_log /var/log/nginx/domain.com.access.log;
    error_log  /var/log/nginx/domain.com.error.log;
 
    root /folder/with/wordpress/installation/;
    
    # Include wordpress config file
    include sites-available/wordpress.conf;
}

wordpress.conf

index index.php index.html;
 
set $cache_uri $request_uri;
    
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
    set $cache_uri 'null cache';
}   
if ($query_string != "") {
    set $cache_uri 'null cache';
}   
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
    set $cache_uri 'null cache';
}
 
# Use cached or actual file if they exists, otherwise pass request to WordPress
location / {
    rewrite ^([^.]*[^/])$ $1/ permanent;
    try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args;
}
 
location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
   try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}    
 
#    Show "Not Found" 404 errors in place of "Forbidden" 403 errors, because
#    forbidden errors allow attackers potential insight into your server's
#    layout and contents
  error_page 403 =404;
 
#    Prevent access to any files starting with a dot, like .htaccess
#    or text editor temp files
  location ~ /\. { access_log off; log_not_found off; deny all; }
 
#    Prevent access to any files starting with a $ (usually temp files)
  location ~ ~$ { access_log off; log_not_found off; deny all; }
 
#    Do not log access to robots.txt, to keep the logs cleaner
  location = /robots.txt { access_log off; log_not_found off; }
 
#    Do not log access to the favicon, to keep the logs cleaner
  location = /favicon.ico { access_log off; log_not_found off; }
 
#    Keep images, CSS and other static files around in browser cache for
#    as long as possible, to cut down on server load
location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    expires max; log_not_found off; access_log off;
}
 
#    Common deny or internal locations, to help prevent access to areas of
#    the site that should not be public
  location ~* wp-admin/includes { deny all; }
  location ~* wp-includes/theme-compat/ { deny all; }
  location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
  location /wp-content/ { internal; }
  location /wp-includes/ { internal; }
#    Protects the wp-config.php|readme.html|license.txt files from being 
#    accessed (uncomment after wordpress installation)
#  location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }
 
#    Prevent any potentially-executable files in the uploads directory from
#    being executed by forcing their MIME type to text/plain
  location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
      types { }
      default_type text/plain;
  }
 
#    Add trailing slash to */wp-admin requests so the admin interface
#    works correctly
  rewrite /wp-admin$ $scheme://$host$uri/ permanent;
 
location ~ \.php$ {
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params; 
}