使用 nginx 配置文件保护 wordpress 中的 wp-login.php
[英]Secure wp-login.php in wordpress using the nginx configuration file
问题描述
I want to block URL access to wp-admin and wp-login.php using Nginx webserver.
我想使用 Nginx 网络服务器阻止 URL 访问 wp-admin 和 wp-login.php。 To achieve this, I have edited the WordPress VirtualHost file that is located in /etc/nginx/sites-available/domain.com because I have Nginx Server Blocks in place where I host multiple domains and I added the below code to deny all Nginx config directives inside that server block (ie, domain) except for my IP: To achieve this, I have edited the WordPress VirtualHost file that is located in /etc/nginx/sites-available/domain.com because I have Nginx Server Blocks in place where I host multiple domains and I added the below code to deny all Nginx除了我的 IP 之外,该服务器块(即域)内的配置指令:
location ~ ^/(wp-admin|wp-login\.php) {
allow 111.111.111.111;
deny all;
}
What I get is this:我得到的是:
- Anyone can access https://example.com/wp-login.php任何人都可以访问https://example.com/wp-login.php
- Everyone (including me) gets a 403 Forbidden error when they try to access https://example.com/wp-admin/ Required: How can we configure this properly so that I only can access it?每个人(包括我)在尝试访问https://example.com/wp-admin/时都会收到 403 Forbidden 错误 要求:我们如何正确配置它以便我只能访问它?
1 个解决方案
解决方案1
0 2021-03-10 05:31:56
I have finally solved the myth of this question, and I did it differently.我终于解决了这个问题的神话,我做了不同的事情。 Instead of relying on the IP to set access permissions to the wp-login.php page, I have configured a Password Authentication with Nginx on Ubuntu 20.04. Instead of relying on the IP to set access permissions to the wp-login.php page, I have configured a Password Authentication with Nginx on Ubuntu 20.04. I have created the password file using the apache utilities.我使用 apache 实用程序创建了密码文件。 Follow this tutorial to install it.按照本教程安装它。 After you install it, open the Nginx configuration file that is linked to your WordPress site:安装后,打开链接到 WordPress 站点的 Nginx 配置文件:
sudo nano /etc/nginx/sites-enabled/default
or this configuration file, if you use blocks:或者这个配置文件,如果你使用块:
sudo nano /etc/nginx/sites-enabled/example.com
Add this snippet:添加此代码段:
## Protect my wordpress login page and directory with a password
location = /wp-login.php {
auth_basic "Login";
include snippets/fastcgi-php.conf;
auth_basic_user_file /etc/nginx/.htpasswd;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
}
Please note that fastcgi_pass unix:/run/php/php8.0-fpm.sock;请注意fastcgi_pass unix:/run/php/php8.0-fpm.sock; must match your current PHP version which you are running on your website.必须与您在网站上运行的当前 PHP 版本相匹配。 The above snippet worked for me to protect wp-admin AND wp-login.php.上面的代码片段对我有用,可以保护 wp-admin 和 wp-login.php。 I struggled to come up with this because all other versions used to download the login page as a file or to protect the wp-admin directory without the wp-login.php我很难想出这个,因为所有其他版本都用于将登录页面下载为文件或在没有 wp-login.php 的情况下保护 wp-admin 目录
Please don't hesitate to add more to this topic to refine it.请不要犹豫,为这个主题添加更多内容以完善它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.