<html><head></head><body>Greetings All,<br><br>To start, I am very much a beginner to nginx and
coding. I am a application support engineer, but got very little
development skills.<br>I hope that there is someone out there that can guide me through this maze.<br><br>I have searched the web and have seen multiple solutions but none seem to work exactly how I want it to work.<br><br>My nginx server setup, I am running and managing the config for nginx from the /etc/nginx/nginx.conf file<br><br>I have 5 seperate sites under sites-enabled.<br>Each site has it's own config file where I have tried to manage and block access to my two wordpress sites on wp-admin/wp-login.<br><br>The site www.atlantic-kids-academy.com and www.hockeysticks4clubs.com are running on wordpress.<br><br>The issue I have is that literally thousands of attempts are made on
the site everyday trying to access the wp-admin or wp-login<br><div><br></div><div>My goal is to have the sites available but the access to all wp admin must be limited.<br></div>below are a few of the solutions I found. Non seem to work fully. I assume it is my understanding of nginx configuration.<br><br>method #1 -- test unsuccessfully.<br>URL: <br>https://graspingtech.com/block-access-wordpress-admin-area-nginx/<br><br><br>location ~ \.php$ {<br> location ~ \wp-login.php$ {<br> allow 192.168.1.11;<br> deny all;<br> include fastcgi.conf;<br> fastcgi_intercept_errors on;<br> fastcgi_pass unix:/run/php/php7.0-fpm.sock;<br> }<br> include fastcgi.conf;<br> fastcgi_intercept_errors on;<br> fastcgi_pass unix:/run/php/php7.0-fpm.sock;<br>}<br><br><br>method #2 -- tested unsuccessfully.<br>URL<br>https://websiteforstudents.com/block-access-wordpress-wp-admin-via-nginx-ubuntu-17-04-17-10/<br><br><br> location ~ ^/(wp-admin|wp-login\.php) {<br> try_files $uri $uri/ /index.php?$args;<br> index index.html index.htm index.php;<br> allow 68.66.XX.111;<br> deny all;<br> error_page 403 = @wp_admin_ban;<br> }<br> <br> location @wp_admin_ban {<br> rewrite ^(.*) https://example.com permanent;<br> }<br> location /wp-admin/admin-ajax.php {<br> allow all;<br> }<br><div><br></div><div>method #3 -- tested and not fully functional. The issues that I have seen with this are listed below.</div><div>it blocks on a countrylevel</div><div>when opening the wp-admin page, I am first met with logging into the wordpress itself, and then after am I prompted with the .htpasswd authentication.<br></div><div><br></div><div>Any help / advice would be very much appreciated.<br></div><br>URL:<br>https://www.openprogrammer.info/2013/07/12/protecting-wp-admin-wp-login-php-nginx/<br><br><br>location ~ ^/(wp-login\.php){<br> auth_basic "Administrator Login";<br> auth_basic_user_file /home/nginx/domains/yourlocation/private/.htpasswd;<br> include /usr/local/nginx/conf/php.conf;<br>}<br><br>location /wp-admin {<br> location ~ ^/(wp-admin/admin-ajax\.php) {<br> include /usr/local/nginx/conf/php.conf;<br> }<br> location ~* /wp-admin/.*\.php$ {<br> auth_basic "Administrator Login";<br> auth_basic_user_file /home/nginx/domains/yourlocation/private/.htpasswd;<br> include /usr/local/nginx/conf/php.conf;<br> }<br>}<br><br><br>location ~ .*\.(php|php4|php5|pl|py)?$ {<br> location ~ ^/(wp-comments-post\.php$)<br> allow all;<br> include /usr/local/nginx/conf/php.conf;<br> break;<br> }<br> #deny all;<br> rewrite ^(.*)$ / redirect;<br>}<br><br>Thanks<br>Lawrence</body></html>