Hi,
I’m experiencing attacks to wp-login.php so I decided to protect it. here is the code:
# Block wp-admin or wp-login.php from all but our IPs
location ~ ^/(wp-admin|wp-login.php) {
allow x.x.x.x;
deny all;
}
I placed this code to /etc/nginx/common/locations.conf
It protects wp-admin directory OK but the protection of wp-login.php doesn’t work. It allows me to access the wp-login.php whatever IP I use. Any idea ?