Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to secure only wp-admin folder on my domain?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to secure only wp-admin folder on my domain?

gianggiang Veteran
edited September 2011 in Help

Hi guys,

I got a QuickSSL, but I would like to install only my wp-admin only (the rest of the site will use http). I have found some tutorial on v2.lowendbox.com and the internet but it's not working as I expected.

Only http://mydomain.com/wp-admin will redirect to https://mydomain.com/wp-admin. It didn't work with any other url inside wp-admin (for example: wp-admin/index.php).

Here is my current nginx config:

server {
    listen  80;
    server_name domain.com www.domain.com;
    root /var/www/domain.com;
    include /etc/nginx/fastcgi_php;
    index index.php index.html;
    location / {
        if (!-e $request_filename) {
            rewrite ^(.*)$  /index.php last;
        }
    }
    location /wp-admin {
        rewrite ^/ https://$http_host$request_uri permanent;
    }
}

server {
    listen  443 ssl;
    ssl_certificate         /etc/nginx/ssl/csr.csr;
    ssl_certificate_key     /etc/nginx/ssl/csr.key;
    keepalive_timeout    60;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;
    
    server_name domain.com www.domain.com;
    root /var/www/domain.com;
    include /etc/nginx/fastcgi_php;
    index index.php index.html;
    location / {
        rewrite ^ http://$http_host$request_uri permanent;
    }   
    location /wp-admin {
    }
}

Thank for reading,

Giang

Comments

  • Hi Giang

    Please check your wp-config.php to make sure that admin logins are via https

    You should have this in there:

    define('FORCE_SSL_ADMIN', true);

  • gianggiang Veteran
    edited September 2011

    kiloserve said: Hi Giang

    Please check your wp-config.php to make sure that admin logins are via https

    You should have this in there:

    define('FORCE_SSL_ADMIN', true);

    Thank Kiloserver, I didn't know WordPress got this feature :P

    Is there any way to setup SSL on another folder (not the WordPress blog)?

  • Just for reference: http://codex.wordpress.org/Administration_Over_SSL

    We do the ssl on wp-admin for our mu installs.

    I'm always iffy about setting up another folder under a wp install as wp will catch calls to it on occasion. Is the folder currently setup and working or do you still have to do it?

    I want to say it's this right before your !-e bit within location:


    if (-f $request_filename) {
    break
    }

    which appears to skip existing files. Not 100% sure as google'ing for this is a waste of time. Everything comes up with people stating "you should install nginx instead" as a solution. sigh

  • How do you do the green code by the way?

  • drmike said: How do you do the green code by the way?

    < pre > code </ pre>
    
  • Thanks was using the code tag.

  • kiloservekiloserve Member
    edited September 2011

    giang said: Is there any way to setup SSL on another folder (not the WordPress blog)?

    With SEO tools in most scripts these days, SSL is often handled by the script. You would setup SSL for the server and the script would determine the URL (http or https).

    For example, scripts like vBulletin, Joomla and Drupal all control their own URL's and you would set the SSH through them and not within your nginx config.

  • @drmike, you can also indent your code with a tab or four spaces.

    Thanked by 1drmike
  • @Xeoncross Thanks. (Oh, I'm going to remember that...)

  • gianggiang Veteran
    edited September 2011

    drmike said: I want to say it's this right before your !-e bit within location:

    if (-f $request_filename) {
         break
    }

    Sorry, I didn't catch what you meant. Please explain this, my english is limited :(

  • Look at the code you copied and pasted for the lines with the !-e. Try pasting that in right before it.

  • drmike said: Look at the code you copied and pasted for the lines with the !-e. Try pasting that in right before it.

    Thank you, it seems I've done it and there was no change :(

Sign In or Register to comment.