Password protect wp-admin

Hello, Trying to password protect my wp-admin login but I’m not having great luck with it. I’ve tried a few posts that are posted here:

But it doesn’t work. Can anyone give any suggestions on making it work?

Hey,

If your running your WP site using EE, then you don’t need to specify/setup Auth Basic.

All you need to do is create a location block and add include common/acl.conf;.

For example:

ee site edit example.com

then add your location block:

location = /wp-login.php {
                
include common/acl.conf;	# EE file that holds default HTTP Auth 

}

It will then be password protected. Use your AUth details EE provided when you installed it via the command line.

You can change this if needed by:

ee secure --auth [Optional user name] [Optional password]

Also I add my home static IP to the whitelist so I can bypass the basic auth when at home by:

ee secure --ip [Optional comma separated IPs]

Also for additional security look at setting up Fail2Ban.

4 Likes

Hello, if you’re interested, you may also try this:

Install htpasswd program:

sudo apt-get install apache2-utils

Create directory for my custom password file:

sudo mkdir /home/mypassword

Create my custom password with mycoolusername as username:

sudo htpasswd -c /home/mypassword/.htpasswd mycoolusername

Now your custom password is ready.

Lock wp-admin except admin-ajax.php

Since EasyEngine usually rewritten its configuration after update, I recommend you to create a new configuration file, which is later included into your site configuration.

sudo nano /etc/nginx/common/lockwpadmin.conf

copy paste this

location /wp-admin {
  location ~ /wp-admin/admin-ajax.php$ {
   include fastcgi_params;
   fastcgi_pass php;
  }
  location ~* /wp-admin/.*\.php$ {
   include fastcgi_params;
   fastcgi_pass php;

   satisfy any;
   allow 127.0.0.1;
   deny all;
   auth_basic "Authorization Required";
   auth_basic_user_file /home/mypassword/.htpasswd;
  }
}

Save it.

Now edit your site configuration:

sudo nano /etc/nginx/sites-available/mysite.com.conf

include lockwpadmin.conf between server { } block:

server {
...
include common/lockwpadmin.conf;
....
}

Restart your NGINX

sudo service nginx restart

Done.

Please remember, in this case your wp-login.php still not protected by Http Authentication method. But EasyEngine already protect wp-login.php with limit request method.

Hello

and sorry for my stupid question but i am quite new to nginx and easyengine, but when i open the file with “ee site edit mysite.org” i am inside the server block and i can´t add a location block to a server block, correct ?

So i addet the line “include common/acl.conf;” which succeed, but where do i put the line “location = /wp-login.php {” ?

Thanks

Hey @macbroadcast

Yes you can add or modify the server block as usual.

One thing to be mindful though which I ran into recently as I am new to easy engine as well you will see this in one of my posts on here also. you can not use the same location block more than once.

Usually, by default in one of the includes files there is already a

location = /wp-login.php {

}

Therefore to add what you wish which is what I wanted to do. The best way is to open the file that has that location block and add the include to it.

If you have than one nginx will fail to restart.

Hope that helps.

1 Like

hey @rex

ok when i open the file ee site edit mysite.org

i see a common/locations.conf , guess thats what you are talking about, but how do i get there , since i am using the ee cli and not a normal editor ?

Thanks again

Hey,

Now that’s testing my memory where I found it. If I remember correctly it’s not in the domain files it is somewhere else. Using the cd command to find it or search the whole system for that file name. Do a quick google on searching for a file on Linux.

Sorry I in a hurry at the moment. I’ll dig it up later if you still can’t find it.

Also worth remembering that updating EE may make changes to the file and therefore you will loose your settings. So maybe worth copy pasting (custom name) it and modify a version of it. Then update the name in the server block. That way updates won’t break it.

Every now a then maybe check if there are any changes that should be in your version as well.

Try looking in /etc/nginx not 100% but maybe in there.

thanks @rexi88 ,

found it was under /etc/nginx/common# but when you open it ,you will see on top:

NGINX CONFIGURATION FOR COMMON LOCATION

DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)

Basic locations files

but when i add the line location = /wp-login.php { } in locations.conf , safe it and test it with nginx -t nginx spit out an error, so that means changing the files manual, is´nt recommened , because you will loose all changes after updating anyway ?

This cant be the right way …

Did you create that server block or modify the one that’s already there?

You won’t loose the change after nginx reboots only when you update EE

ee update

To get around it you

cp /etc/nginx/common/filename.conf /etc/nginx/common/custom.conf

Then in your server block change the include file to the new one.

ok just add this line include common/acl.conf; inside the location = /wp-login.php { block in common/wpcommon.conf restart with ee stack restart and voila

Greetings

https://macbroadcast.org

That’s it.

You don’t need to ee stack restart as when you edit the server block using EE e.g. ee site edit domain.com and save/close it will automatically test and restart nginx.

If you modified the server block the normal way e.g. nano /etc/nginx/sites-available/domain.com

then you would need to run the test and restart manually.

yep, but i edited the common/wpcommon.conf manually, so it did not automaticly restart nginx. But the problem is still when i update the easyengine, i need to make the changes again, thats not a perfect solution at all, but i think as soon as i will dive deeper into easyengine, i might find another way. :yum:

By the way you are using the same setup like me, WP and redis , its really fast is´nt it ? :rocket:

Greetings and thanks again

A little bit of a late reply.

I have just tested using --wpfc (fastcgi) and also added REDIS Object Cache and it seams to be faster than REDIS alone.

Hey @rexi88 , thanks for the late reply :grinning: , you have any link or documentation about it ?

Hey I will upload some comparisons when I get home and remember.

Also I should note something else I have come across. It’s probably best not to edit the server block EE created. Rather than to creat a .conf file in domain/conf/nginx/mysettings.conf

It will automatically be included.

Also I wanted to add an extra server {} block to redirect http to https which I originally did editing the required server block. It’s best to do this the old fashion way e.g.

nano /etc/nginx/sites-available/custom

add in fields there that can’t be done using the previous method.

Then

ln -s /etc/nginx/sites-available/custom /etc/nginx/sites-enabled/custom

That way when EE updates or you change your cache method your site won’t go down.

Took me a bit to figure out what went wrong when I changed my cache method and it wipes the server block to stock.