如何在Nginx上限制WordPress Admin wp-login.php [英] How to restrict WordPress Admin wp-login.php on Nginx

问题描述

如何使用Nginx Config限制WordPress wp-login.php公开访问.

How do I restrict WordPress wp-login.php using Nginx Config from accessing by the public.

我知道如何使用htaccess限制访问，但是如何在Nginx上做到这一点?

I know how to restrict access using htaccess, but how can I do it on Nginx?

这是我尝试过的配置.

location /wp-login.php {
       auth_basic            "Restricted";
       auth_basic_user_file  /var/www/example.com/.htpasswd;
}

当我访问wp-admin时，可以下载整个wp-login.php文件.

When I visit the wp-admin, the whole wp-login.php file can be downloaded.

有什么建议吗?

推荐答案

我在尝试阻止域上的wp-login.php时遇到类似的问题.

I was having a similar issue trying to block wp-login.php on my domains.

我发现，如果我不完全匹配文件名，它将可以正常工作.

I found that if I don't match the filename exactly it will work correctly.

最终为我工作的是:

location ~* (wp-login)\.php$ {
    auth_basic            "Restricted Area: WordPress";
    auth_basic_user_file  /home/path/to/passwords/.htpasswd;
}

此设置阻止了我的浏览器下载登录文件并将其实际解析为PHP.

This setup stopped my browser from downloading the login file and actually parsing it as PHP.

这篇关于如何在Nginx上限制WordPress Admin wp-login.php的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！