Restrict /wp-admin by IP
Hi.
I have hestiacp with an Nginx + php fpm installation on Ubuntu.
I want to modify a domain so that access to the WordPress backend is restricted to one IP.
To do this, I go to /etc/nginx/conf.d/ and edit the domain.com.conf file.
I add the lines:
location /wp-admin/ {
allow MY-IP;
deny all;
# Other configuration directives
}
I restart Nginx and php8.0-fpm, which is where the domain is located, and it has no effect.
What should I do?
Thank you.
I’ve created this config file /home/admin/conf/web/DOMAIN/nginx.conf_loginlock and it works.
Maybe it’s not the most optimal solution, but it does the job for now.
location /wp-admin/ {
allow XXX;
allow YYY;
deny all;
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/wp-admin/.*.php(?:/|$) {
allow XXX;
allow YYY;
deny all;
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php8.3-fpm-XXX.sock;
# адмінку не кешуємо
include /home/admin/conf/web/XXX/nginx.fastcgi_cache.conf*;
set $no_cache 1;
}
Your second approach is the recommended solution. You should never modify the domain.com.conf file directly, as it will get overwritten when rebuilding the domain. It is stated right on top of the file.
DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS
Also, the reason why your first approach did not work is because the domain needed to be rebuilt in order for the changes to take effect, BUT back to my point above, your changes would have gotten removed anyways.