i've protected my /wp-admin/ and wp-login.php with htpasswd in nginx.
this is the .conf file
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name www.url;
access_log /var/log/nginx/url.access.log;
error_log /var/log/nginx/url.error.log;
client_max_body_size 16M;
large_client_header_buffers 4 32k;
# live system
root /var/www/prod-domain;
index index.php;
# in case of maintenance use this directory
# root /var/www/maintenance;
# index index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
# protect admin area
location /wp-admin/ {
auth_basic "Backend Login";
auth_basic_user_file /var/www/.htpasswd;
}
# allow file from admin area for frontend login/registration
location /wp-admin/js/password-strength-meter.min.js {
satisfy any;
allow all;
}
# also protect wp-login file
location = /wp-login.php {
auth_basic "Backend Login";
include snippets/fastcgi-php.conf;
auth_basic_user_file /var/www/.htpasswd;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
Problem: if you want to logout in woocommerce as customer, you can't. the logout process also use the wp-login.php and the browser prompt the login screen for htpasswd
can i exclude the process to allow the logout?
it looks like:
wp-login.php?action=logout&redirect_to=https%3A%2F%2Fwww.url%2Fmein-konto%2F&_wpnonce=78d2a420af
