Setup htpasswd on WordPress wp-admin running on nginx

This tutorial will help you to setup htpasswd on WordPress wp-admin running on Nginx server. For security point of view it is important to protect the wp-admin of WordPress. When any user hit your WordPress blog URL with /wp-admin , it will get the wordpress Admin dashboard to login.
Here, by setting htpasswd on /wp-admin we are making first level of security.

Before migrating to new CentOS 7 powered with Nginx web server, previously I was running this blog on Apache(Worker).In that setup, I was using htdigest for /wp-admin . htdigest is more secure than htpasswd.

Things to remember before setting htpasswd on WordPress /wp-admin

We hope you have already running WordPress on nginx server.

Most of the time reader simply copy paste the lines and used in their server configuration. Mostly newbie do this mistake. I would like suggest that carefully read the below lines and do the changes in configuration which we will describe in next section (Setup htpasswd on WordPress)

Check the address given for FastCGI server in nginx configuration. You can find the FastCGI server address with fastcgi_pass parameter .
We either use Unix-Domain sockets or TCP/IP port for FASTCGI Server address.
For eg.
1. With TCP/IP, it will be as given below


Here, php-fpm service is running and listening on port 9000.

2. With Unix-Domain socket, it can be as given below

fastcgi_pass unix:/var/run/php-fpm.sock;

Here, socket file path can be differen. The extension can be .sock or .socket .

Hence, moral of story is, as per your server php-fpm setup use the fastcgi_pass parameter.

Setup htpasswd on WordPress

1. We need the htpasswd command on system. (There are multiple ways to create .htpasswd file with username and encrypted password.)

On RHEL/CentOS/fedora system, install the package called httpd-tools

sudo yum install httpd-tools

On Debian/Ubuntu system, install the package called apache2-utils

sudo apt-get install apache2-utils

2. Use htpasswd command to create and set username-password.
Replace MyWebsite with your Nginx website data directory name and UserName with your desire user name.

htpasswd -c /usr/local/nginx/html/MyWebsite/.htpasswd UserName

It will show password prompt to set password for user. Give strong password.

3. Now edit the nginx configuration file you are using for your website. And paste the below given content.

    ##### htpasswd (auth_basic) on WordPress admin dashboard /wp-admin 

    location ^~ /wp-login.php {
    auth_basic            "Restricted Area";
    auth_basic_user_file  /usr/local/nginx/html/MyWebsite/.htpasswd;
    include /etc/nginx/fastcgi_params;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Note: Replace the fastcgi_pass address parametr if it is unix-domain socket or in TCP/IP the php-fpm is listening other than port 9000.

4. We will restart the nginx service but before this it is good to health check nginx configuration.
Run nginx -t command to check the Nginx configuration file has no error/mistake.

Restart the Nginx Service

On RHEL 5,6 / CentOS 5,6/ Debian/Ubuntu

sudo service nginx restart

On CentOS 7/RHEL 7

systemctl restart nginx.service

5. Now check your WordPress blog . Use /wp-admin as suffix with your website URL on web browser address bar.

For eg.

wordpress nginx

2 thoughts on “Setup htpasswd on WordPress wp-admin running on nginx”

Comments are closed.