Protecting wp-admin and wp-login.php with nginx
Installing iThemes Security Plugin gives you a huge security to your site, but nevertheless bots and all the junk online will keep bugging you and the WP security will block them (Still process) I did some research and found the best way to block incoming junk is to keep your admin section quiet protected.
If your security freak and you would like to allow only certain pages to be executed you can add this rule:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
location ~ ^/(wp-login\.php){ auth_basic "Administrator Login"; auth_basic_user_file /home/nginx/domains/yourlocation/private/.htpasswd; include /usr/local/nginx/conf/php.conf; } location /wp-admin { location ~ ^/(wp-admin/admin-ajax\.php) { include /usr/local/nginx/conf/php.conf; } location ~* /wp-admin/.*\.php$ { auth_basic "Administrator Login"; auth_basic_user_file /home/nginx/domains/yourlocation/private/.htpasswd; include /usr/local/nginx/conf/php.conf; } } |
This configuration will allow you to keep your site clean from attempts.
1 2 3 4 5 6 7 8 9 |
location ~ .*\.(php|php4|php5|pl|py)?$ { location ~ ^/(wp-comments-post\.php$) allow all; include /usr/local/nginx/conf/php.conf; break; } #deny all; rewrite ^(.*)$ / redirect; } |