Can't password protect wp-login.php in easy engine

Hi,

I have Easy Engine running VPS. I want to enable password protect all my WordPress sites “wp-login.php” as well as “wp-admin” area. To test this process I have added following code to site enabled directory ( /etc/nginx/sites-enabled) site file (mysite.com).

location ^~ /wp-login.php { auth_basic “Restricted Area: WordPress”; auth_basic_user_file /var/www/.htpasswd; try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; }

Then I created .htpasswd file and uploaded to /var/www directory and set the permission to rw-r-----.

Then I restarted php and nginx with service php5-fpm reload && service nginx reload command. Now when I try access /wp-login.php nothing changed. It’s just like the regular login page and not promote any password popup window.

Could someone please tell me how do I fix this issue?

Hi @aka20,

To add HTTP auth for wp-login.php, https://github.com/rtCamp/easyengine/issues/342 this link will be usefull for you.

Thank you gau1991 for your reply. If you don’t mind, you you please describe it little bit detail.

First I have to create a new HTTPS user (using “ee site create example.com --auth --auth-user=user name --auth-pass=user pass”.

Then how do I add “auth_basic_user_file” path?

Hi @aka20

Please try the following snippet:

location ^~ /wp-login.php { 
auth_basic     "Restricted Area: WordPress"; 		        auth_basic_user_file  /var/www/.htpasswd;  
allow 127.0.0.1; 
deny all; 
try_files $uri =404; 
fastcgi_pass 127.0.0.1:9000; 
fastcgi_index index.php; 
include fastcgi_params; 	}

If their more ips that you need to whitelist , you can enable using allow directive.

alternatively, replace auth_basic "Restricted Area: WordPress"; auth_basic_user_file /var/www/.htpasswd; allow 127.0.0.1; deny all; with include common/acl.conf;

And to whitelist more IPs use ee secure --auth

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further.