記述が冗長になってしまうのですが以下です。
念のため自ホストからのアクセスを可能にしておきます。
server { listen 80; server_name {server_name}; root /var/www/vhosts/wordpress; location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$args; } location /wp-content/plugins/akismet { location ~ /wp-content/plugins/akismet/(.+/)?(form|akismet)\.(css|js)$ { allow all; } location ~ /wp-content/plugins/akismet/(.+/)?(.+)\.(png|gif)$ { allow all; } deny all; } location ~* /wp-login\.php|/wp-admin/((?!admin-ajax\.php).)*$ { allow {アクセス元のIP}; allow {サーバーのグローバルIP}; allow 127.0.0.1; deny all; fastcgi_pass phpfpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; } location ~ \.php$ { fastcgi_pass phpfpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; } }