Question

Nginx Security for wordpress & phpmyadmin

  • Posted March 13, 2013

Hi all,

How do i protect phpmyadmin. Currently anyone can access example.com/phpmyadmin

how do i protect wordpress files and folders. I have seen tutorials on the web where nginx config links to a made up global restrictions file so you can link to it when creating new server blocks but im not sure if its up to date. http://codex.wordpress.org/Nginx

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

thanks roozbehk

Here is what I use for wordpress: <br> <br> # Add trailing slash to /wp-admin requests. <br> rewrite /wp-admin$ $scheme://$host$uri/ permanent; <br> <br>location /wp-admin { <br> location ~ /wp-admin/admin-ajax.php$ { <br> try_files $uri = 404; <br> fastcgi_split_path_info ^(.+.php)(.)$; <br> fastcgi_index index.php; <br> fastcgi_pass 127.0.0.1:9000; <br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <br> include fastcgi_params; <br> fastcgi_intercept_errors on; <br> fastcgi_ignore_client_abort off; <br> fastcgi_connect_timeout 60; <br> fastcgi_send_timeout 180; <br> fastcgi_read_timeout 180; <br> fastcgi_buffer_size 128k; <br> fastcgi_buffers 4 256k; <br> fastcgi_busy_buffers_size 256k; <br> fastcgi_temp_file_write_size 256k; <br> <br> } <br> <br> location ~* /wp-admin/..php$ { <br> try_files $uri = 404; <br> fastcgi_split_path_info ^(.+.php)(.)$; <br> fastcgi_index index.php; <br> fastcgi_pass 127.0.0.1:9000; <br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <br> include fastcgi_params; <br> fastcgi_intercept_errors on; <br> fastcgi_ignore_client_abort off; <br> fastcgi_connect_timeout 60; <br> fastcgi_send_timeout 180; <br> fastcgi_read_timeout 180; <br> fastcgi_buffer_size 128k; <br> fastcgi_buffers 4 256k; <br> fastcgi_busy_buffers_size 256k; <br> fastcgi_temp_file_write_size 256k; <br> <br> auth_basic “You shall not pass!”; <br> auth_basic_user_file /var/www/.htpasswd; <br> <br> }

Hi, The easier way would be to protect the folder with auth_basic module . I am guessing you have fastcgi <br> <br> <br> location ~* /phpmyadmin/..php$ { <br> try_files $uri = 404; <br> fastcgi_split_path_info ^(.+.php)(.)$; <br> fastcgi_index index.php; <br> fastcgi_pass 127.0.0.1:9000; <br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; <br> include fastcgi_params; <br> fastcgi_intercept_errors on; <br> fastcgi_ignore_client_abort off; <br> fastcgi_connect_timeout 60; <br> fastcgi_send_timeout 180; <br> fastcgi_read_timeout 180; <br> fastcgi_buffer_size 128k; <br> fastcgi_buffers 4 256k; <br> fastcgi_busy_buffers_size 256k; <br> fastcgi_temp_file_write_size 256k; <br> <br> auth_basic “Password Protected Folder”; <br> auth_basic_user_file /var/www/.htpasswd; <br> <br> } <br> <br>This will protect the folder and will ask for your username and password from .htpasswd file that you put somewhere on the server that is not accessible by web in my case is /var/www/.htpasswd <br> <br>to create .htpasswd file you can use this site or do it from command line. http://www.htaccesstools.com/htpasswd-generator/

Thanks Dave ;-)

echo “allow 127.0.0.1;” > /etc/nginx/allow_list <br>echo “allow 192.168.0.155; # whatever your ip is” >> /etc/nginx/allow_list <br>echo “deny all;” >> /etc/nginx/allow_list <br> <br>then wherever you want restrictions inplace <br> <br>include allow_list; <br> <br>Example that will restrict an entire domain: <br> <br>server { <br> server_name domain.com; <br> <br> root /var/www/; <br> error_log /var/log/nginx/error.log warn; <br> access_log /var/log/nginx/access.log; <br> include allow_list; <br> <br>} <br> <br>Example that will restrict one folder under one domain <br> <br> <br>server { <br> server_name domain.com; <br> <br> root /var/www/; <br> error_log /var/log/nginx/error.log warn; <br> access_log /var/log/nginx/access.log; <br> <br> location /wordpress/ { <br> include allow_list; <br> } <br>}

Also how can i restrict phpmyadmin by ip?