[英]Secure wp-login.php in wordpress using the nginx configuration file
I want to block URL access to wp-admin and wp-login.php using Nginx webserver.我想使用 Nginx 网络服务器阻止 URL 访问 wp-admin 和 wp-login.php。 To achieve this, I have edited the WordPress VirtualHost file that is located in
/etc/nginx/sites-available/domain.com
because I have Nginx Server Blocks in place where I host multiple domains and I added the below code to deny all Nginx config directives inside that server block (ie, domain) except for my IP: To achieve this, I have edited the WordPress VirtualHost file that is located in
/etc/nginx/sites-available/domain.com
because I have Nginx Server Blocks in place where I host multiple domains and I added the below code to deny all Nginx除了我的 IP 之外,该服务器块(即域)内的配置指令:
location ~ ^/(wp-admin|wp-login\.php) {
allow 111.111.111.111;
deny all;
}
What I get is this:我得到的是:
I have finally solved the myth of this question, and I did it differently.我终于解决了这个问题的神话,我做了不同的事情。 Instead of relying on the IP to set access permissions to the wp-login.php page, I have configured a Password Authentication with Nginx on Ubuntu 20.04.
Instead of relying on the IP to set access permissions to the wp-login.php page, I have configured a Password Authentication with Nginx on Ubuntu 20.04. I have created the password file using the apache utilities.
我使用 apache 实用程序创建了密码文件。 Follow this tutorial to install it.
按照本教程安装它。 After you install it, open the Nginx configuration file that is linked to your WordPress site:
安装后,打开链接到 WordPress 站点的 Nginx 配置文件:
sudo nano /etc/nginx/sites-enabled/default
or this configuration file, if you use blocks:或者这个配置文件,如果你使用块:
sudo nano /etc/nginx/sites-enabled/example.com
Add this snippet:添加此代码段:
## Protect my wordpress login page and directory with a password
location = /wp-login.php {
auth_basic "Login";
include snippets/fastcgi-php.conf;
auth_basic_user_file /etc/nginx/.htpasswd;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
}
Please note that fastcgi_pass unix:/run/php/php8.0-fpm.sock;
请注意
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
must match your current PHP version which you are running on your website.必须与您在网站上运行的当前 PHP 版本相匹配。 The above snippet worked for me to protect wp-admin AND wp-login.php.
上面的代码片段对我有用,可以保护 wp-admin 和 wp-login.php。 I struggled to come up with this because all other versions used to download the login page as a file or to protect the wp-admin directory without the wp-login.php
我很难想出这个,因为所有其他版本都用于将登录页面下载为文件或在没有 wp-login.php 的情况下保护 wp-admin 目录
Please don't hesitate to add more to this topic to refine it.请不要犹豫,为这个主题添加更多内容以完善它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.