Closed jeremyj closed 2 years ago
enabling limit_req with Wordpress-specific rules breaks wp-login.php
limit_req
wp-login.php
www.example.com/wp-login.php should return the wordpress admin page, instead the browser tries to download the wp-login.php file.
Adding a fastcgi_pass directive in nginxconfig.io/wordpress.conf fixes the problem:
fastcgi_pass
nginxconfig.io/wordpress.conf
## WordPress: throttle wp-login.php location ~ /wp-login.php { limit_req zone=login burst=20 nodelay; include nginxconfig.io/php_fastcgi.conf; fastcgi_pass unix:/run/php/php7.4-fpm.sock; }
Information
Details
Description
enabling
limit_reqwith Wordpress-specific rules breakswp-login.phpSteps to reproduce
limit_reqin the Global config/Security tabExpected behavior
www.example.com/wp-login.php should return the wordpress admin page, instead the browser tries to download the wp-login.php file.
Adding a
fastcgi_passdirective innginxconfig.io/wordpress.conffixes the problem:Screenshots