I am running WordPress in a subfolder of my domain for testing and development purposes on a VPS LEMP-stack. In order to password-protect the wp-login.php with an etxra layer, I used HTTP authentication for the wp-admin folder.
The problem is that the http authentication is ignored. When the wp-login.php or wp-admin-folder is called, it goes directly to the normal WordPress-login.
I installed everything from the command line in the following way:
sudo apt-get install apache2-utils
sudo htpasswd -c /var/www/bitmall/wp-admin/.htpasswd exampleuser
New password:
Re-type new password:
Adding password for user exampleuser
My Nginx configuration file looks like this:
server {
listen 80;
root /var/www;
index index.php index.html index.htm;
server_name eample.com;
location / {
try_files $uri $uri/ /index.html;
}
location /bitmall/wp-admin/ {
auth_basic "Restricted Section";
auth_basic_user_file /var/www/bitmall/wp-admin/.htpasswd;
}
location ~ /.ht {
deny all;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I already tried to change the nginx configuration following this question:
location ~* (wp-login).php$ {
auth_basic "Restricted Area";
auth_basic_user_file /var/www/bitmall/.htpasswd;
}
This code will call the http authentification, but the browser downloads the wp-login.php, when the credentials have been entered, instead of going to the main login screen.
Could you please advice me how to fix this?
The problem was that the old location block does not pass the PHP configuration to the new block, so that PHP requests are not processed. The following solved this problem: