Created
February 25, 2024 14:18
-
-
Save antonlukin/5d219bad4e7e3d9bc7fbf3ad3c521ff8 to your computer and use it in GitHub Desktop.
Protect WordPress admin panel with nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
limit_req_zone $binary_remote_addr zone=login:10m rate=3r/m; | |
set $secret_admin "948b5fee-a224-4c7d-bbf4-d4231e85be2c"; | |
location ~* ^/hidden-wp-admin/?$ { | |
add_header Set-Cookie "secret_admin=$secret_admin; Path=/"; | |
return 302 /wp-admin/; | |
} | |
location = /wp-login.php { | |
set $login_pass 0; | |
if ($arg_action = 'logout') { | |
set $login_pass 1; | |
} | |
if ($cookie_secret_admin = $secret_admin) { | |
set $login_pass 1; | |
} | |
if ($login_pass = 0) { | |
return 302 /; | |
} | |
limit_req zone=login burst=3 nodelay; | |
include fastcgi_params; | |
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; | |
fastcgi_param SCRIPT_FILENAME $document_root/wp-login.php; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment