<?php if ($VAR->domain->hasWordpressConfigSecured) : ?>
    location ~* wp-config.php { deny all; }
<?php endif; ?>

<?php foreach ($VAR->domain->wordpressInstances as $wordpress): ?>
    <?php if ($wordpress->isDirectoryContentSecured) : ?>
        location ~* "^/<?php echo $wordpress->location; ?>wp-content/.*\.php" { deny all; }
    <?php endif; ?>
    <?php if ($wordpress->isDirectoryIncludesSecured) : ?>
        location ~* "^/<?php echo $wordpress->location; ?>wp-includes/.*\.php" { deny all; }
    <?php endif; ?>
<?php endforeach; ?>