How to Protect wp-login.php by rewriting with nginx

rewrite ^/rsit/(.*)$ /wp-login.php/$1 last;

location /wp-login.php { internal; }

above code not working no apache backend, i don’t want to use any plugin


by default EE add a bruteforce protection on wp-login.php :

# Limit access to avoid brute force attack
location = /wp-login.php {
  limit_req zone=one burst=1 nodelay;
  include fastcgi_params;
  fastcgi_pass php;

But you can also add a http auth to restrict access to wp-login.php page by adding

include common/acl.conf`

In the previous location directive. It will probably be more efficient than rewriting wp-login.php URL

Actually, IMHO, the best available choice right now is a plugin named WPS-Hide-Login.

The brute-force protection is kinda aggressive with legitimate users, frequently locking them out for no reason. I had lots and lots of troubles until I started to install and configure WPS Hide Login in every of my customers’ WPs