Hi Lawrence,
I installed WP fail2ban and Wordfence Security (free version).
It doesn't stop them trying, but I run a "3 strikes and you are out for
60 minutes" regime. It means only 3-4 attempts an hour instead of
thousands.
I believe there is a plug in that moves the wp-admin location somewhere
else as well, but I have not bothered.
Regards
Ian
On 15/04/2020 11:52, Lawrence wrote:
Greetings All,
To start, I am very much a beginner to nginx and coding. I am a
application support engineer, but got very little development skills.
I hope that there is someone out there that can guide me through this maze.
I have searched the web and have seen multiple solutions but none seem
to work exactly how I want it to work.
My nginx server setup, I am running and managing the config for nginx
from the /etc/nginx/nginx.conf file
I have 5 seperate sites under sites-enabled.
Each site has it's own config file where I have tried to manage and
block access to my two wordpress sites on wp-admin/wp-login.
The site www.atlantic-kids-academy.com and www.hockeysticks4clubs.com
are running on wordpress.
The issue I have is that literally thousands of attempts are made on the
site everyday trying to access the wp-admin or wp-login
My goal is to have the sites available but the access to all wp admin
must be limited.
below are a few of the solutions I found. Non seem to work fully. I
assume it is my understanding of nginx configuration.
method #1 -- test unsuccessfully.
URL:
https://graspingtech.com/block-access-wordpress-admin-area-nginx/
location ~ \.php$ {
location ~ \wp-login.php$ {
allow 192.168.1.11;
deny all;
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
method #2 -- tested unsuccessfully.
URL
https://websiteforstudents.com/block-access-wordpress-wp-admin-via-nginx-ubuntu-17-04-17-10/
location ~ ^/(wp-admin|wp-login\.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
allow 68.66.XX.111;
deny all;
error_page 403 = @wp_admin_ban;
}
location @wp_admin_ban {
rewrite ^(.*) https://example.com permanent;
}
location /wp-admin/admin-ajax.php {
allow all;
}
method #3 -- tested and not fully functional. The issues that I have
seen with this are listed below.
it blocks on a countrylevel
when opening the wp-admin page, I am first met with logging into the
wordpress itself, and then after am I prompted with the .htpasswd
authentication.
Any help / advice would be very much appreciated.
URL:
https://www.openprogrammer.info/2013/07/12/protecting-wp-admin-wp-login-php-nginx/
location ~ ^/(wp-login\.php){
auth_basic "Administrator Login";
auth_basic_user_file /home/nginx/domains/yourlocation/private/.htpasswd;
include /usr/local/nginx/conf/php.conf;
}
location /wp-admin {
location ~ ^/(wp-admin/admin-ajax\.php) {
include /usr/local/nginx/conf/php.conf;
}
location ~* /wp-admin/.*\.php$ {
auth_basic "Administrator Login";
auth_basic_user_file
/home/nginx/domains/yourlocation/private/.htpasswd;
include /usr/local/nginx/conf/php.conf;
}
}
location ~ .*\.(php|php4|php5|pl|py)?$ {
location ~ ^/(wp-comments-post\.php$)
allow all;
include /usr/local/nginx/conf/php.conf;
break;
}
#deny all;
rewrite ^(.*)$ / redirect;
}
Thanks
Lawrence
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
--
Ian Hobson
Tel (+351) 910 418 473
--
This email has been checked for viruses by AVG.
https://www.avg.com
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
