Nginx ignores HTTP Authentication for WordPress login directory

Posted by MrNerdy on Server Fault See other posts from Server Fault or by MrNerdy
Published on 2014-01-23T15:10:59Z Indexed on 2014/08/20 4:23 UTC
Read the original article Hit count: 486

I am running WordPress in a subfolder of my domain for testing and development purposes on a VPS LEMP-stack. In order to password-protect the wp-login.php with an etxra layer, I used HTTP authentication for the wp-admin folder.

The problem is that the http authentication is ignored. When the wp-login.php or wp-admin-folder is called, it goes directly to the normal WordPress-login.

I installed everything from the command line in the following way:

sudo apt-get install apache2-utils

sudo htpasswd -c /var/www/bitmall/wp-admin/.htpasswd exampleuser

New password:
Re-type new password:
Adding password for user exampleuser

My Nginx configuration file looks like this:

server {
    listen   80;


    root /var/www;
    index index.php index.html index.htm;

    server_name example.com;

    location / {
            try_files $uri $uri/ /index.html;
    }

location /bitmall/wp-admin/ {
    auth_basic "Restricted Section";
    auth_basic_user_file /var/www/bitmall/wp-admin/.htpasswd;
}

location ~ /\.ht {
    deny all;
}   

    error_page 404 /404.html;

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
          root /var/www;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

}

I would appreciate your advive on this.

© Server Fault or respective owner

Related posts about nginx

Related posts about vps