Please try this:
1) Save the rewrite rules to the file: /absolute/path/to/wp_security.conf.
2) Then include it in your NginX configuration file, with the line:
include /absolute/path/to/wp_security.conf;
and place it in the server context:
server {
#... cut ...
##
# include the Better WP Security configuration file
##
include /absolute/path/to/wp_security.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
#... cut ...
}
3) Remember to reload NginX:
nginx -t && service nginx reload
4) One of the things you can easily test is this part:
location ~ readme.html { deny all; }
When this rule is activated it should deny access to the readme.html file when you try to view it in a browser:
