I occasionally have issues with certain IP addresses trying to access locations for scripts that have vulnerabilities. You can see some of these below:

GET /bannerslideradmin/adminhtml_bannerslider/index HTTP/1.1"
GET /iwdall/adminhtml_support/index HTTP/1.1
GET /soldtogether/adminhtml_order/index HTTP/1.1

I am running Magento and Nginx 1.13. In my /etc/nginx/sites-enabled/mydomain.com.conf file, I have added the following to block some of the common directories that the scanners are looking for.

# Denied locations require a "^~" to prevent regexes (such as the PHP handler below) from matching
# http://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /app/ { return 444; }
location ^~ /service-unavailable/ { return 444; }
location ^~ /a2billing/ { return 444; }
location ^~ /sales/guest/form { return 444; }
location ^~ /administrator/ { return 444; }
location ^~ /wp-login.php { return 444; }
location ^~ /wp-admin/ { return 444; }
location ^~ /wp-content/ { return 444; }
location ^~ /wordpress/ { return 444; }
location ^~ /assets/ { return 444; }
location ^~ /plugins/ { return 444; }
location ^~ /wp/ { return 444; }
location ^~ /scripts/ { return 444; }
location ^~ /blog/ { return 444; }
location ^~ /phpmyadmin/ { return 444; }
location ^~ /backup/ { return 444; }
location ^~ /backups/ { return 444; }

This is fine if these match the location of the ones requested. However, there are many more locations that aren't on this list and my website returns a nice and pretty 404 page with the website logo, fancy CSS, javascript and everything else that goes with modern website. This means RAM gets used on the VPS, RAM usage goes up and it gets slower.

I would like to drop all unknown locations to 444 so that no response gets sent back to client and minimal resources used. How can I do this?