Here is my config:
server {
#...
location ^~ /wp-login.php {
auth_basic "Restricted";
auth_basic_user_file /var/www/.htpasswd;
}
location / {
try_files $uri $uri/ /index.php?_url=$uri;
}
location ~ \.php {
fastcgi_index /index.php;
fastcgi_pass unix:/var/www/php-fpm/fpm.sock;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param APPLICATION_ENV dev;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
try_files $uri =404;
}
#...
I}
All works perfect except wp-login.php. If wp-login.php was initiated it will be downloaded as php file even with declined auth_basic authorization. It means I auth_basic window appered and after that wp-login.php will be downloaded.
What is incorrect in configuration?