How to apply access restriction to WordPress management screen?

To apply access restriction to the WordPress management screen , check the following file directory:

  • /wp-login.php
  • /wp – admin/ ※ exclude admin – ajax . php

Since Amimoto AMI does not use .htaccess in Nginx, you may edit /Etc/nginx/conf.D/default.Conf (or /etc/nginx/conf.d/example.com.conf ).
This file can be changed by the root user only, so please be sure to change the user to su - .

server {
    listen 80 default;
    server_name _;
    root /var/www/vhosts/example.com;
    index index.html index.htm;
    charset utf-8;

    access_log /var/log/nginx/example.com.access.log main;
    error_log /var/log/nginx/example.com.error.log;

    include / etc / nginx / drop;

    rewrite / wp-admin $ $ scheme: // $ host $ uri / permanent;
    (. *).? #rewrite ^ (index | home | default) \ html $ 1 permanent;

    set $ mobile '';
    #include / etc / nginx / mobile-detect;

    location ~ * ^ / wp- (content | admin | includes) {
        index index.php index.html index.htm;
        if ($ request_filename ~. * \. php) {
            break;
            proxy_pass http: // backend;
        }
        include / etc / nginx / expires;
    }

    . #location ~ * \ (js | css | html |? xml | gz |? jpe g | gif | png | swf | wmv | flv | ico) $ {
    # Index index.html index.htm;
    # Include / etc / nginx / expires;
    #}

    location / {
        if ($ request_filename ~. * \. php) {
            break;
            proxy_pass http: // backend;
        }
        include / etc / nginx / expires;

        set $ do_not_cache 0;
        if ($ http_cookie ~ * "comment_author_ | wordpress _ (?! test_cookie) | wp-postpass_") {
            set $ do_not_cache 1;
        }
        if ($ request_method = POST) {
            set $ do_not_cache 1;
        }
        proxy_no_cache $ do_not_cache;
        proxy_cache_bypass $ do_not_cache;

        proxy_redirect off;
        proxy_cache czone;
        proxy_cache_key "$ scheme: // $ host $ request_uri $ mobile";
        proxy_cache_valid 200 0m;
        proxy_pass http: // backend;
    }

    #
    # When you use phpMyAdmin, uncomment the line "include / etc / nginx / phpmyadmin;"
    # And delete or comment out the below line "location ~ * / (phpmyadmin | myadmin | pma) {}".
    #
    #include / etc / nginx / phpmyadmin;
    location ~ * / (phpmyadmin | myadmin | pma) {
        access_log off;
        log_not_found off;
        return 404;
    }

    #
    # Redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root / usr / share / nginx / html;
    }
}

If you want to limit the IP address

In Line 18, please add the following code (before the line that starts with “location”):

location ~ * /wp-login\.php|/wp-admin/((?!admin-ajax\.php).)*$ {
    index index.php index.html index.htm;

    # To describe the IP address you want to allow
    allow 192.168.0.1;
    deny all;

    if ($ request_filename ~. * \. php) {
        break;
        proxy_pass http: // backend;
    }
    include / etc / nginx / expires;
}

; allow 192.168.0.1 , please add the IP address you want to allow.

If you want to limit in the Basic Authentication

Create .htpasswd.
First, after you login to the instance in SSH, su - for the root user change.

/etc/nginx/conf.d/ in .htpasswd to create, and the Basic Authentication of the username if you want it as “wpbasic”.

# Htpasswd -c /etc/nginx/conf.d/.htpasswd wpbasic

Input the code above.
When the command is through, you will be asked to re-enter the new password and its duplicate.

New password:
Re-type new password:

If successful, Adding password for user wpbasic will be displayed.

If successful, /Etc/nginx/conf.D/default.Conf(or/etc/nginx/conf.d/example.com.conf the following code in Line 18 (before the line that begins with “location”) will appear:

location ~ * /wp-login\.php|/wp-admin/((?!admin-ajax\.php).)*$ {
    index index.php index.html index.htm;

    # Basic authentication of message
    auth_basic "Please enter your ID and password";
    Path of # .htpasswd file
    auth_basic_user_file /etc/nginx/conf.d/.htpasswd;

    if ($ request_filename ~. * \. php) {
        break;
        proxy_pass http: // backend;
    }
    include / etc / nginx / expires;
}

Then, in order to reflect the settings, please restart Nginx using # service nginx restart .

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk