问题描述

我想使用 Nginx 网络服务器阻止对 wp-admin 和 wp-login.php 的 URL 访问.为此，我编辑了位于 /etc/nginx/sites-available/domain.com 中的 WordPress VirtualHost 文件，因为我在托管多个域的地方安装了 Nginx 服务器块，并添加了以下代码拒绝该服务器块(即域)内的所有 Nginx 配置指令，除了我的 IP:

I want to block URL access to wp-admin and wp-login.php using Nginx webserver. To achieve this, I have edited the WordPress VirtualHost file that is located in /etc/nginx/sites-available/domain.com because I have Nginx Server Blocks in place where I host multiple domains and I added the below code to deny all Nginx config directives inside that server block (i.e., domain) except for my IP:

  location ~ ^/(wp-admin|wp-login\.php) {
                allow 111.111.111.111;
                deny all;
  }

我得到的是这个:

1. 任何人都可以访问https://example.com/wp-login.php
2. 每个人(包括我)在尝试访问 https://example.com 时都会收到 403 Forbidden 错误/wp-admin/必需:我们如何正确配置它以便我只能访问它?

1. Anyone can access https://example.com/wp-login.php
2. Everyone (including me) gets a 403 Forbidden error when they try to access https://example.com/wp-admin/Required: How can we configure this properly so that I only can access it?

推荐答案

我终于解决了这个问题的神话，而且我的做法有所不同.我没有依赖 IP 来设置 wp-login.php 页面的访问权限，而是在 Ubuntu 20.04 上使用 Nginx 配置了密码身份验证.我已经使用 apache 实用程序创建了密码文件.按照 本教程安装它.安装后，打开链接到您的 WordPress 站点的 Nginx 配置文件:
sudo nano/etc/nginx/sites-enabled/default
或此配置文件，如果您使用块:
sudo nano/etc/nginx/sites-enabled/example.com

添加此代码段:

I have finally solved the myth of this question, and I did it differently. Instead of relying on the IP to set access permissions to the wp-login.php page, I have configured a Password Authentication with Nginx on Ubuntu 20.04. I have created the password file using the apache utilities. Follow this tutorial to install it. After you install it, open the Nginx configuration file that is linked to your WordPress site:
sudo nano /etc/nginx/sites-enabled/default
or this configuration file, if you use blocks:
sudo nano /etc/nginx/sites-enabled/example.com

Add this snippet:

## Protect my wordpress login page and directory with a password
    location = /wp-login.php {
    auth_basic  "Login";
    include snippets/fastcgi-php.conf;
    auth_basic_user_file /etc/nginx/.htpasswd;
    fastcgi_pass unix:/run/php/php8.0-fpm.sock;
    }

请注意，fastcgi_pass unix:/run/php/php8.0-fpm.sock; 必须与您在网站上运行的当前 PHP 版本相匹配.上面的代码片段对我有用，可以保护 wp-admin 和 wp-login.php.我很难想出这个，因为所有其他版本都用于将登录页面作为文件下载或在没有 wp-login.php 的情况下保护 wp-admin 目录

请不要犹豫，为此主题添加更多内容以完善它.

Please note that fastcgi_pass unix:/run/php/php8.0-fpm.sock; must match your current PHP version which you are running on your website. The above snippet worked for me to protect wp-admin AND wp-login.php. I struggled to come up with this because all other versions used to download the login page as a file or to protect the wp-admin directory without the wp-login.php

Please don't hesitate to add more to this topic to refine it.

这篇关于使用 nginx 配置文件保护 wordpress 中的 wp-login.php的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！