SUPZ!
One of my blogs is getting lots of login attempts from HACKERS :>
Only allow specific IP to access a specific directory
Inside the configuration of the domain (ex. /etc/nginx/sites-enabled/playboy.com), lets add the following entries – this will allow IP 84.91.XXX.XXX to wp-admin folder and block all the others
location /full_movies/ { allow 84.91.XXX.XXX; deny all; }
This should to the trick! but if we are using cloudflare the domain we need to add some lines at our nginx.conf (/etc/nginx/nginx.conf) so nginx reads the correct IP from the visitor…
Inside http { lets add the following
set_real_ip_from 204.93.240.0/24; set_real_ip_from 204.93.177.0/24; set_real_ip_from 199.27.128.0/21; set_real_ip_from 173.245.48.0/20; set_real_ip_from 103.22.200.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 108.162.192.0/18; real_ip_header CF-Connecting-IP;
Horray!
To protect your wordpress login & wp-admin…
location ~ '(/wp-login.php|/wp-admin)' { allow 84.91.4.220; deny all; }
This might affect your theme/plugins.
It protects /wp-admin/wp-ajax.php….