Nginx IP Restrict Access WordPress wp-admin

This article will show you how to block all IP addresses to a specific folder (wp-admin) and only allow access to your IP address. Additionally, the blocked IP’s will be redirected to a location that you choose. This is a fantastic way to lock down your WordPress installation with minimal effort and maximum results.

How to block all access and redirect IP’s to wp-admin in Nginx

To get started, open up your Nginx site configuration file and add the following lines of code:

location ~ ^(wp-admin|wp-login.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
    allow x.x.x.x;
    deny all;
    error_page 403 = @wp_admin_ban;
}

location @wp_admin_ban {
    rewrite ^(.*) http://mywebsite.com permanent;
}

This will only allow access to the IP you specify (i.e. x.x.x.x) and redirect all other IP’s to mywebsite.com.

Allow multiple IP’s access to wp-admin in Nginx

If you would like to allow access for multiple IP addresses to your wp-admin folder, this can be done by adding a another allow x.x.x.x; directive in your Nginx site configuration file:

location ~ ^(wp-admin|wp-login.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
    allow x.x.x.x; # First IP to allow access
    allow x.x.x.x; # Second IP to allow access
    allow x.x.x.x; # Third IP to allow access
    deny all;
    error_page 403 = @wp_admin_ban;
}

location @wp_admin_ban {
    rewrite ^(.*) http://mywebsite.com permanent;
}
Advertisements

Author: drewsymo

Developer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s