{
	# debug
	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
	email youremailhere
	# default_sni yourhostnamehere
}

yourhostnamehere {
	root * /usr/local/www/wordpress
	encode gzip
	file_server

	log {
		output file /var/log/yourhostnamehere.log	
	}

  	php_fastcgi 127.0.0.1:9000 {
    		env front_controller_active true
	}

	header {
		# enable HSTS
		# Strict-Transport-Security max-age=31536000;
	}

	@forbidden {
        	not path /wp-includes/ms-files.php
        	path /xmlrpc.php
		path *.sql
		path /wp-content/uploads/*.php
		path /wp-content/debug.log
		path /wp-admin/includes/*.php
		path /wp-includes/*.php
		path /wp-config.php
		path /.user.ini
	}
	respond @forbidden 403
}
