2

Here is my config:

server {
        #...
        location ^~ /wp-login.php {
           auth_basic           "Restricted";
           auth_basic_user_file /var/www/.htpasswd;
        }

        location / {
            try_files $uri $uri/ /index.php?_url=$uri;
        }

        location ~ \.php {
            fastcgi_index  /index.php;
            fastcgi_pass unix:/var/www/php-fpm/fpm.sock;
            include fastcgi_params;
            fastcgi_param  QUERY_STRING    $query_string;
            fastcgi_split_path_info       ^(.+\.php)(/.+)$;
            fastcgi_param PATH_INFO       $fastcgi_path_info;
            fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
            fastcgi_param  APPLICATION_ENV dev;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_intercept_errors on;

            try_files    $uri =404;
        }
        #...
    I}

All works perfect except wp-login.php. If wp-login.php was initiated it will be downloaded as php file even with declined auth_basic authorization. It means I auth_basic window appered and after that wp-login.php will be downloaded.

What is incorrect in configuration?

Anthony
  • 141
  • 7
  • Once a location block is matched - no other location block is used. Given that it should be clear that wp-login.php will never be processed as a php file with the config in the question. – AD7six Apr 21 '15 at 12:43
  • You should have fastcgi params in your wp-login.php location or include location wp-login.php inside location .php – Navern Apr 21 '15 at 12:43
  • But why it doesn't return 401 error if I press escape? Just this file is downloaded. – Anthony Apr 21 '15 at 12:53

1 Answers1

1

The problem was in browser. After I've used wrong configuration (wp-login.php has been downloading) every time I check configuration I refresh browser using F5. As a result even it use correct configuration file is downloaded. I just need to open to browser tab to check authorization.

Anthony
  • 141
  • 7