Add Me!Close Menu Navigation

My technical corner about Linux, Perl, programming, computer networks and network security

Add Me!Open Categories Menu

WordPress on nginx – how to secure the admin panel

Many people know that the admin panel in the wordpress is located in wp-admin/ dir so we can open it trying an adress domain-of-wordpress-blog/wp-admin. This is no comfortable situation because spambots know it as well. Of course, the first step to improve your security should be a secure password – long (min 10 chars), with CAPITAL letters, with special chars (spaces and !@#$%^&*){}”:<>?) and digits of course.

 

If you use your wordpress with known IP adresses you should consider limited access to the admin panel for those trusted IP addresses.

In nginx, it’s pretty simple. Take a look at the following nginx’s config:

 

server 
{
 listen                     80;
 server_name                somedomain.tld;
 server_name_in_redirect    on;
 [ other basic directives of website ]

 ### Default value is blocked
 set $blocked 1;

 ### Here we specify trusted ip addresses. If a trusted ip
 ### try to enter the site, $blocked var will be set to 0
 if ( $remote_addr = "127.0.0.1" ) { set $blocked 0; }
 if ( $remote_addr = "192.168.0.1" ) { set $blocked 0; }
 if ( $remote_addr = "172.16.0.1" ) { set $blocked 0; }

 if ( $blocked = 1 )
 {
  ### If untrusted ip address trying to access /wp-admin then
  ### redirect it to main page
  rewrite ^/wp-admin/(.*)$ /index.php?q=$1 last;
 }
}

 

 

Leave a Reply

You must be logged in to post a comment.