I use this to deny access to wp-login.php location ~ /wp-login.php$ { deny all; } However, I want to add an exception and allow it only if it contains "itsec-hb-token", I.e. wp-login.php?itsec-hb-token=wplogin where wplogin can be any usernameby translatorgreek - How to...