Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon Set up HTTP authentication for wp-login and wp-admin areas in Nginx
    HTTP authentication Nginx WordPress security wp-login.php wp-admin password file Nginx configuration web server security


Set up HTTP authentication for wp-login and wp-admin areas in Nginx


To set up HTTP authentication for the `wp-login.php` and `wp-admin` areas in Nginx, you can follow these steps:

Step 1: Create the Password File

Create a password file using the `htpasswd` command. This file will contain the usernames and passwords for the HTTP authentication. For example, to create a password file named `.htpasswd` in the `/etc/nginx` directory: 

bash
sudo htpasswd -c /etc/nginx/.htpasswd exampleuser

Step 2: Configure Nginx

Add the following configuration to your Nginx server block: 

nginx
server {
    listen 80;
    server_name example.com;

    location /wp-admin {
        auth_basic "Restricted Area";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    location /wp-login.php {
        auth_basic "Restricted Area";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Step 3: Restart Nginx

Restart the Nginx service to apply the new configuration: 

bash
sudo service nginx restart

Step 4: Test the Configuration

Access the `wp-login.php` and `wp-admin` pages in your browser. You should be prompted to enter the username and password. If the credentials are correct, you will be granted access to the respective pages.

Example Configuration

Here is a complete example of how the Nginx configuration file might look: 

nginx
server {
    listen 80;
    server_name example.com;

    location / {
        try_files $uri $uri/ /index.html;
    }

    location /wp-admin {
        auth_basic "Restricted Area";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    location /wp-login.php {
        auth_basic "Restricted Area";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Additional Tips

- Ensure that the `.htpasswd` file is owned by the Nginx user and has the correct permissions. You can do this by running: 

bash
sudo chown nginx:nginx /etc/nginx/.htpasswd
sudo chmod 640 /etc/nginx/.htpasswd

- If you are using a subdirectory for WordPress, you will need to adjust the `location` blocks accordingly. For example, if WordPress is in a subdirectory named `bitmall`, you would use: 

nginx
location /bitmall/wp-admin {
    auth_basic "Restricted Area";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

location /bitmall/wp-login.php {
    auth_basic "Restricted Area";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

- If you encounter issues with the HTTP authentication not working, ensure that the `auth_basic` and `auth_basic_user_file` directives are correctly configured and that the `.htpasswd` file is properly created and updated.

Citations:
[1] https://stackoverflow.com/questions/21312527/nginx-ignores-http-authentication-for-wordpress-login-directory
[2] https://serverfault.com/questions/569377/nginx-ignores-http-authentication-for-wordpress-login-directory
[3] https://gridpane.com/kb/add-http-authentication-to-wp-login-php/
[4] https://dartinnovations.com/how-to-set-up-http-protection-http-authentication-in-nginx-on-ubuntu/
[5] https://docs.rackspace.com/docs/how-to-configure-httppassword-authentication-for-nginx