Sep 122011
This is just a quick note on how to password protect wp-admin using nginx.
You may have to fiddle with the location of the lines in the site.conf file.
Where I thought the config variables needed to go, gave me a “download file” of type bin in nginx after authentication.
So, here is how I did it:
server {
listen 80;
server_name domain.com www.domain.com;
access_log /logs/domain.com-access.log;
error_log /logs/domain.com-error.log;
root /var/www/sites/domain.com/htdocs;
location / {
try_files $uri $uri/ /index.php?q=$request_uri;
}
include /usr/nginx/conf/staticfiles.conf;
include /usr/nginx/conf/php.conf;
include /usr/nginx/conf/drop.conf;
# password protect wp-admin
location ~ ^/wp-admin {
auth_basic “Restricted”;
auth_basic_user_file /path/to/htpasswd/file;
try_files $uri $uri/ /index.php?q=$request_uri;
}
}
[…] easier. BTW, if you follow my articles, you know brute forcing users is stopped by protecting the wp-admin url using this article. Also, you can determine by simply incrementing the number until you get an error to determine how […]