Basically I have an wordpress site (with a ecommerce store and a social login). I have denied all access to wp-login.php based on ip address. The problem is that social login uses this wp-login file. So I wonder if is possible to:
- block almost all queries to wp-login.php by ip address and allow by ip only specific queries.
Meaning
wp-login.php allow 1 ip deny all
wp-login.php?action=lostpassword allow 1 ip deny all
wp-login.php?action=rp&key=.*?&login=.* allow 1 ip deny all
.
.
wp-login.php?ywsl_social=google allow all ip's
wp-login.php?ywsl_social=twitter allow all ip's
Something like this:
location = /wp-login.php {
if ($query_string = "ywsl_social=google|ywsl_social=twitter")
{
allow all;
fastcgi_pass unix:/var/sockets/sock.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTPS on;
}
else {
allow 1.1.1.1;
deny all;
fastcgi_pass unix:/var/sockets/sock.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTPS on;
}
