location ~ ^/(wp-admin|wp-login\.php|priv\.dog|companies\/sidekick) {
  deny all;
  break;
}
# file extensions that should never be served, this prevents
# potential malicious downloads in case someone manages to manipulate
# a Rails URL or write a file that can be served
# (~* matches case-insensitive)
location ~* \.(?:git|svn|DS_Store|asp|aspx|cgi|pt|pl|idx|php|exe|scpt|AppleScript|dll|dmg|pif|msi|application|msp|com|scr|hta|cpl|gadget|msc|jar|bat|vb|vbs|vbe|ws|wsh|inf|lnk|reg|scf|wsc|wsh|ps1|ps1xml|ps2|ps2xml|psc1|psc2|msh|msh1|msh2|mshxml|msh1xml|msh2xml)$ {
  deny all;
  break;
}