Password protected access to “/wp-admin” on nginx

Posted on by Ivan

Here i found advice how to make wordpress more securely, idea is to protect access to “/wp-admin” by http auth, but “/wp-admin/admin-ajax.php” must stay available for everyone, same is true for some .css files.
I spend some time to research solution, it was a bit complicated:

location /wp-admin {
	location ~ /wp-admin/admin-ajax.php$ {
		# Php handler
	}
	location ~* /wp-admin/.*\.php$ {
		auth_basic            "You shall not pass!";
		auth_basic_user_file  $document_root/.htpasswd;
		# Php handler
	}
}

It is possible to add additional location to serve static content, but i am too lazy to do it.

PS
Also here i found receipts for apache and lighttpd if anybody interesting. Continue reading

Forbid access to php into “wp-content”.

Posted on by Ivan

I expected in few articles an advice to disable direct access to php scripts into “/wp-content/uploads” i done small research and observed, than .php placed into “/wp-content” and into subdirs was newer directly accessed thru web. So i just completely disabled direct access to php scripts placed into that dir and subdirs. Looks more securely.

PS
I made mistake. At least tiny-mce php scripts must be accessible thru web. So i just convert  this rules that touch ‘/wp-include’ for nginx:

location ~* /wp-includes {
	location ~* /wp-includes/[^/]+\.php$ {
		deny all;
	}
	location ~* /wp-includes/js/tinymce/langs/.+\.php$ {
		deny all;
	}
	location ~* /wp-includes/theme-compat {
		deny all;
	}
	location ~ /wp-includes/.+\.php$ {
		include php_wordpress_handler;
	}
}

Strange pattern on roof of my car

Posted on by Ivan

Strange pattern Yesterday before i go to sleep, i looked through the window and found strange circle on roof of my car. Day was very sunny and first i thought that something dark (like a leaf) fell on roof, heated it and melted snow. But edges was very sharp and it looked like accurate circle, next guess was that somebody forget something on my car or it just a prank. With these thoughts i fell asleep. At the morning i want to the car and found frozen water streams on the windshield and grounded battery. After that i remember that last sunday i tuned shock sensor and used lamp attached to roof inside the car. I remember that i swiched it off, but this lamp have strange complicated construction and i was not turned of it completely. The final surprise was that the car could not be opened with a remote control and  all locks on doors was blocked by dust (because i never used it before), but WD-40 saved the situation.

How to change page order of top menu in wordpress.

Posted on by Ivan

I try to reorder menu items by setting page order into Dashboard/Pages/Quick Edit, also i try plugin called ‘my page orders’, but anyway menu items was sorted alphabetically by page title, so i started to dig deeper.
In my template ‘top menu’ generated by function ‘wp_nav_menu‘ placed into header.php. When i looked at template, i saw that in parameters specified  ‘fallback_cb‘ function defined in function.php. When i found this function, i saw that this function uses ‘get_pages‘ with default arguments to get pages, so i just define 'sort_column' now function looks like get_pages(array( ‘sort_column’ => ‘menu_order’))
After that modification pages in menu sorted by as i expected.