Similar like Apache, Nginx also has allow & deny directives allowing you to block certain ip. Here’s a config I use to whitelist /wp-admin to certain IP only.

location / {
  try_files $uri $uri/ /index.php?$args;
}

location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
  access_log off; log_not_found off; expires max;
}

location ~ \.php$ {
  try_files                $uri =404;
  fastcgi_pass             localhost:9000;
  fastcgi_index            index.php;
  fastcgi_param            SCRIPT_FILENAME  $document_root$fastcgi_script_name;
  fastcgi_intercept_errors on;
  include                  fastcgi_params;
}

location ~ ^/wp-(admin|login) {
  allow /32;
  deny  all;
  location ~ \.php$ {
    try_files                $uri =404;
    fastcgi_pass             localhost:9000;
    fastcgi_index            index.php;
    fastcgi_param            SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
    include                  fastcgi_params;
  }
}

Apart from any path starting with /wp-admin, this will also restrict /wp-login.php to specified IP only.

Hopefully this come handy when you’re configuring wordpress using nginx php-fpm.