具体配置

xxx.xxxx.xxx {
    tls youremail@yourmailserver

    root * /path/to/wordpress

    # GZIP和FPM配置
    encode gzip
    file_server
    php_fastcgi php:9000

    # 静态文件配置
    @static_files {
        path_regexp \.(?:css|js|woff2?|svg|gif|map|png|jpg|webp|gif|jpeg|mp4|mp3|wav|mov|heic)
    }
    header @static_files {
        Cache-Control "public, max-age=15778463"
        X-Robots-Tag "none"
        X-Permitted-Cross-Domain-Policies "none"
        X-Frame-Options "SAMEORIGIN"
        X-Download-Options "noopen"
        X-Content-Type-Options "nosniff"
        # Referrer-Policy "no-referrer"
    }

    # 禁止访问的目录/文件
    @disallowed {
        #path /wp-cron.php
        #path /xmlrpc.php
        path *.sql
        path /wp-content/uploads/*.php
        path /wp-content/uploads/*.html
        path /wp-content/debug.log
    }
    rewrite @disallowed =404
}