Limit Wordpress login to certain ip-addresses on Nginx and PHP-FPM

Question

I've seen a lot of bruce force attacks on Wordpress, so I want to limit access to wp-login.php. It's the latest Wordpress on a Ubuntu 16.04LTS Nginx server with PHP-FPM.

I've tried the advice from the Wordpress Codex:

location /wp-admin {
  allow   x.x.x.x;
  deny    all;
}

But that doesn't seem to work. It only blocks /wp-admin, but allows /wp-admin/index.php

There are many articles about Nginx around, this one is something you should read if you're going to use it: https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms — Tim, Oct 06 '16 at 18:39

score 0 · Answer 1 · answered Oct 06 '16 at 14:14

0

Block it recursive beginning with the /wp-admin directory

location ^~ /wp-admin {
  allow x.x.x.x;
  deny all;
}

answered Oct 06 '16 at 14:14

uptime365

21
2

Limit Wordpress login to certain ip-addresses on Nginx and PHP-FPM

1 Answers1