This tutorial will help you to setup htpasswd on WordPress wp-admin running on Nginx server. For security point of view it is important to protect the wp-admin of WordPress. When any user hit your WordPress blog URL with /wp-admin , it will get the wordpress Admin dashboard to login.
Here, by setting htpasswd on /wp-admin we are making first level of security.
Before migrating to new CentOS 7 powered with Nginx web server, previously I was running this blog on Apache(Worker).In that setup, I was using htdigest for /wp-admin . htdigest is more secure than htpasswd.
Things to remember before setting htpasswd on WordPress /wp-admin
We hope you have already running WordPress on nginx server.
Most of the time reader simply copy paste the lines and used in their server configuration. Mostly newbie do this mistake. I would like suggest that carefully read the below lines and do the changes in configuration which we will describe in next section (Setup htpasswd on WordPress)
Check the address given for FastCGI server in nginx configuration. You can find the FastCGI server address with fastcgi_pass parameter .
We either use Unix-Domain sockets or TCP/IP port for FASTCGI Server address.
For eg.
1. With TCP/IP, it will be as given below
fastcgi_pass 127.0.0.1:9000;
Here, php-fpm service is running and listening on port 9000.
2. With Unix-Domain socket, it can be as given below
fastcgi_pass unix:/var/run/php-fpm.sock;
Here, socket file path can be differen. The extension can be .sock or .socket .
Hence, moral of story is, as per your server php-fpm setup use the fastcgi_pass parameter.
Setup htpasswd on WordPress
1. We need the htpasswd command on system. (There are multiple ways to create .htpasswd file with username and encrypted password.)
On RHEL/CentOS/fedora system, install the package called httpd-tools
sudo yum install httpd-tools
On Debian/Ubuntu system, install the package called apache2-utils
sudo apt-get install apache2-utils
2. Use htpasswd command to create and set username-password.
Replace MyWebsite with your Nginx website data directory name and UserName with your desire user name.
htpasswd -c /usr/local/nginx/html/MyWebsite/.htpasswd UserName
It will show password prompt to set password for user. Give strong password.
3. Now edit the nginx configuration file you are using for your website. And paste the below given content.
##### htpasswd (auth_basic) on WordPress admin dashboard /wp-admin
location ^~ /wp-login.php {
auth_basic "Restricted Area";
auth_basic_user_file /usr/local/nginx/html/MyWebsite/.htpasswd;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
Note: Replace the fastcgi_pass address parametr if it is unix-domain socket or in TCP/IP the php-fpm is listening other than port 9000.
4. We will restart the nginx service but before this it is good to health check nginx configuration.
Run nginx -t command to check the Nginx configuration file has no error/mistake.
Restart the Nginx Service
On RHEL 5,6 / CentOS 5,6/ Debian/Ubuntu
sudo service nginx restart
On CentOS 7/RHEL 7
systemctl restart nginx.service
5. Now check your WordPress blog . Use /wp-admin as suffix with your website URL on web browser address bar.
For eg. https://sharadchhetri.com/wp-admin
Hi sharad, its apache2-utils package on debian/ubuntu. I guess that was a typo… 😉
Thankyou Rudra,
Typo is corrected 🙂
Regards
Sharad