Sep 122011

This is just a quick note on how to password protect wp-admin using nginx.

You may have to fiddle with the location of the lines in the site.conf file.

Where I thought the config variables needed to go, gave me a “download file” of type bin in nginx after authentication.

So, here is how I did it:

server {
   listen 80;
   access_log /logs/;
   error_log /logs/;
   root /var/www/sites/;
location / {
try_files $uri $uri/ /index.php?q=$request_uri;
include /usr/nginx/conf/staticfiles.conf;
include /usr/nginx/conf/php.conf;
include /usr/nginx/conf/drop.conf;
        # password protect wp-admin
                location ~ ^/wp-admin {
                auth_basic “Restricted”;
                auth_basic_user_file /path/to/htpasswd/file;
                try_files $uri $uri/ /index.php?q=$request_uri;

  One Response to “þ姧wðrÐ þrð†ê¢†ïñg wþ-åÐmïñ wï†h ñgïñx”

  1. […] easier.  BTW, if you follow my articles, you know brute forcing users is stopped by protecting the wp-admin url using this article. Also, you can determine by simply incrementing the number until you get an error to determine how […]

This site uses Akismet to reduce spam. Learn how your comment data is processed.