Nginx Security for wordpress & phpmyadmin

thanks roozbehk

Here is what I use for wordpress: <br> <br> # Add trailing slash to /wp-admin requests. <br> rewrite /wp-admin$ $scheme://$host$uri/ permanent; <br> <br>location /wp-admin { <br> location ~ /wp-admin/admin-ajax.php$ { <br> try_files $uri = 404; <br> fastcgi_split_path_info ^(.+.php)(.)$; <br> fastcgi_index index.php; <br> fastcgi_pass 127.0.0.1:9000; <br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <br> include fastcgi_params; <br> fastcgi_intercept_errors on; <br> fastcgi_ignore_client_abort off; <br> fastcgi_connect_timeout 60; <br> fastcgi_send_timeout 180; <br> fastcgi_read_timeout 180; <br> fastcgi_buffer_size 128k; <br> fastcgi_buffers 4 256k; <br> fastcgi_busy_buffers_size 256k; <br> fastcgi_temp_file_write_size 256k; <br> <br> } <br> <br> location ~* /wp-admin/..php$ { <br> try_files $uri = 404; <br> fastcgi_split_path_info ^(.+.php)(.)$; <br> fastcgi_index index.php; <br> fastcgi_pass 127.0.0.1:9000; <br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <br> include fastcgi_params; <br> fastcgi_intercept_errors on; <br> fastcgi_ignore_client_abort off; <br> fastcgi_connect_timeout 60; <br> fastcgi_send_timeout 180; <br> fastcgi_read_timeout 180; <br> fastcgi_buffer_size 128k; <br> fastcgi_buffers 4 256k; <br> fastcgi_busy_buffers_size 256k; <br> fastcgi_temp_file_write_size 256k; <br> <br> auth_basic “You shall not pass!”; <br> auth_basic_user_file /var/www/.htpasswd; <br> <br> }

Hi, The easier way would be to protect the folder with auth_basic module . I am guessing you have fastcgi <br> <br> <br> location ~* /phpmyadmin/..php$ { <br> try_files $uri = 404; <br> fastcgi_split_path_info ^(.+.php)(.)$; <br> fastcgi_index index.php; <br> fastcgi_pass 127.0.0.1:9000; <br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <br> include fastcgi_params; <br> fastcgi_intercept_errors on; <br> fastcgi_ignore_client_abort off; <br> fastcgi_connect_timeout 60; <br> fastcgi_send_timeout 180; <br> fastcgi_read_timeout 180; <br> fastcgi_buffer_size 128k; <br> fastcgi_buffers 4 256k; <br> fastcgi_busy_buffers_size 256k; <br> fastcgi_temp_file_write_size 256k; <br> <br> auth_basic “Password Protected Folder”; <br> auth_basic_user_file /var/www/.htpasswd; <br> <br> } <br> <br>This will protect the folder and will ask for your username and password from .htpasswd file that you put somewhere on the server that is not accessible by web in my case is /var/www/.htpasswd <br> <br>to create .htpasswd file you can use this site or do it from command line. http://www.htaccesstools.com/htpasswd-generator/

Thanks Dave ;-)

echo “allow 127.0.0.1;” > /etc/nginx/allow_list <br>echo “allow 192.168.0.155; # whatever your ip is” >> /etc/nginx/allow_list <br>echo “deny all;” >> /etc/nginx/allow_list <br> <br>then wherever you want restrictions inplace <br> <br>include allow_list; <br> <br>Example that will restrict an entire domain: <br> <br>server { <br> server_name domain.com; <br> <br> root /var/www/; <br> error_log /var/log/nginx/error.log warn; <br> access_log /var/log/nginx/access.log; <br> include allow_list; <br> <br>} <br> <br>Example that will restrict one folder under one domain <br> <br> <br>server { <br> server_name domain.com; <br> <br> root /var/www/; <br> error_log /var/log/nginx/error.log warn; <br> access_log /var/log/nginx/access.log; <br> <br> location /wordpress/ { <br> include allow_list; <br> } <br>}

Also how can i restrict phpmyadmin by ip?