ÈÐ Wïgê† Ðð† ñåmê

ïñ£ð§ê¢, ïñ£ðrmå†ïðñ §ê¢µr, Ðïgï†ål £ðrêñ§ï¢§, hå¢kïñg, §¥§†êm åÐmïñ阮rå†ïðñ, lïñµx ßlðg

þ姧wðrÐ þrð†ê¢†ïñg wþ-åÐmïñ wï†h ñgïñx

, , , , , ,

This is just a quick note on how to password protect wp-admin using nginx.

You may have to fiddle with the location of the lines in the site.conf file.

Where I thought the config variables needed to go, gave me a “download file” of type bin in nginx after authentication.

So, here is how I did it:

[codesyntax lang=”bash”]

server {
   listen 80;
   server_name domain.com www.domain.com;
   access_log /logs/domain.com-access.log;
   error_log /logs/domain.com-error.log;
   root /var/www/sites/domain.com/htdocs;
location / {
try_files $uri $uri/ /index.php?q=$request_uri;
	   }
include /usr/nginx/conf/staticfiles.conf;
include /usr/nginx/conf/php.conf;
include /usr/nginx/conf/drop.conf;

        # password protect wp-admin
                location ~ ^/wp-admin {
                auth_basic “Restricted”;
                auth_basic_user_file /path/to/htpasswd/file;
                try_files $uri $uri/ /index.php?q=$request_uri;
                }
}

[/codesyntax]


One response to “þ姧wðrÐ þrð†ê¢†ïñg wþ-åÐmïñ wï†h ñgïñx”

  1. […] easier.  BTW, if you follow my articles, you know brute forcing users is stopped by protecting the wp-admin url using this article. Also, you can determine by simply incrementing the number until you get an error to determine how […]

Leave a Reply