Say your website is example.com. The particular location will be example.com/.ht. So the deny all directive will deny all requests to example.com/.ht*. (* indicate any following string)
~ say nginx to go for regular expression based matching. / is root directory of your website. \ is escape character. It says to interpret . literally and not as a part of regular expression.
I've never seen such an expression in nginx and it's relation with WordPress.