Suggestion - permit access to wp-admin by trusted ip
-
Barnaby
MemberI think it would be useful to add a few lines to the script which creates the virtual hosts files to restrict access to blog.com/wp-admin and blog.com/wp-login.php to permitted IPs only.
I added the following to my file (although I haven't tested it yet)
# Permit access to wp-admin, or wp-login to selected IPs only
# First Permitted IP
if ($remote_addr = "12.34.56.78") {
break;
}# Second Permitted IP
if ($remote_addr = "12.34.56.78") {
break;
}# Third Permitted IP
if ($remote_addr = "12.34.56.78") {
break;
}# My Home IP
# Nginx 'if' statements do not allow 'and' or 'or', so the above is necessary
if ($remote_addr != "12.34.56.78") {
rewrite ^/wp-admin/(.*)$ /index.php?q=$1 last;
rewrite ^/wp-login.php(.*)$ /index.php?q=$1 last;
}Posted 1 year ago # -
splendid Barnaby . superb.
Posted 1 year ago # -
gizmos forgeeks
MemberOne other note. If your wp-admin/ dir is not at the top-level of your htdocs. For example, let's say it's in /wp/wp-admin, then you'll need to ditch the ^s at the start of the string. So for example, the last 4 lines would look like:
if ($remote_addr != "12.34.56.78") {
rewrite /wp-admin/(.*)$ /index.php?q=$1 last;
rewrite /wp-login.php(.*)$ /index.php?q=$1 last;
}
Cheers and thx @Barnaby
PS> Spotted a similar explanation that talked about allowing wp-comments-post.php here: http://www.phrison.com/securing-arbitrary-uris/
Posted 1 year ago #
Reply
You must log in to post.
Want HTML?
a blockquote code em strong ul ol liPlace code between backticks `codeHere`
You've got it.