如何在Nginx上限制WordPress Admin wp-login.php [英] How to restrict WordPress Admin wp-login.php on Nginx
问题描述
如何使用Nginx Config限制WordPress wp-login.php公开访问.
How do I restrict WordPress wp-login.php using Nginx Config from accessing by the public.
我知道如何使用htaccess限制访问,但是如何在Nginx上做到这一点?
I know how to restrict access using htaccess, but how can I do it on Nginx?
这是我尝试过的配置.
location /wp-login.php {
auth_basic "Restricted";
auth_basic_user_file /var/www/example.com/.htpasswd;
}
当我访问wp-admin时,可以下载整个wp-login.php文件.
When I visit the wp-admin, the whole wp-login.php file can be downloaded.
有什么建议吗?
推荐答案
我在尝试阻止域上的wp-login.php时遇到类似的问题.
I was having a similar issue trying to block wp-login.php on my domains.
我发现,如果我不完全匹配文件名,它将可以正常工作.
I found that if I don't match the filename exactly it will work correctly.
最终为我工作的是:
location ~* (wp-login)\.php$ {
auth_basic "Restricted Area: WordPress";
auth_basic_user_file /home/path/to/passwords/.htpasswd;
}
此设置阻止了我的浏览器下载登录文件并将其实际解析为PHP.
This setup stopped my browser from downloading the login file and actually parsing it as PHP.
这篇关于如何在Nginx上限制WordPress Admin wp-login.php的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!