Nginx Security for wordpress & phpmyadmin

March 13, 2013 12.5k views
desiredpersona
By:
desiredpersona
Hi all, How do i protect phpmyadmin. Currently anyone can access example.com/phpmyadmin how do i protect wordpress files and folders. I have seen tutorials on the web where nginx config links to a made up global restrictions file so you can link to it when creating new server blocks but im not sure if its up to date. http://codex.wordpress.org/Nginx
Sign In to Comment
6 Answers
desiredpersona March 13, 2013
Also how can i restrict phpmyadmin by ip?
Report
dave March 14, 2013
echo "allow 127.0.0.1;" > /etc/nginx/allow_list
echo "allow 192.168.0.155; # whatever your ip is" >> /etc/nginx/allow_list
echo "deny all;" >> /etc/nginx/allow_list

then wherever you want restrictions inplace

include allow_list;

Example that will restrict an entire domain:

server {
server_name domain.com;

root /var/www/;
error_log /var/log/nginx/error.log warn;
access_log /var/log/nginx/access.log;
include allow_list;

}

Example that will restrict one folder under one domain


server {
server_name domain.com;

root /var/www/;
error_log /var/log/nginx/error.log warn;
access_log /var/log/nginx/access.log;

location /wordpress/ {
include allow_list;
}
}
Report
desiredpersona March 16, 2013
Thanks Dave ;-)
Report
roozbehk March 17, 2013
Hi, The easier way would be to protect the folder with auth_basic module . I am guessing you have fastcgi


location ~* /phpmyadmin/.*\.php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;

auth_basic "Password Protected Folder";
auth_basic_user_file /var/www/.htpasswd;

}

This will protect the folder and will ask for your username and password from .htpasswd file that you put somewhere on the server that is not accessible by web in my case is /var/www/.htpasswd

to create .htpasswd file you can use this site or do it from command line. http://www.htaccesstools.com/htpasswd-generator/
Report
roozbehk March 17, 2013
Here is what I use for wordpress:

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

location /wp-admin {
location ~ /wp-admin/admin-ajax.php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;

}

location ~* /wp-admin/.*\.php$ {
try_files $uri = 404;
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;

auth_basic "You shall not pass!";
auth_basic_user_file /var/www/.htpasswd;

}
Report
desiredpersona March 20, 2013
thanks roozbehk
Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!