Disclaimer: I'm not a security expert :)
Since I work from unsecured wireless at coffee shops, etc. I wanted to have a way to access my Wordpress admin area without having to use something like Chris Chandler's secure proxy using Amazon EC2. Here's are the steps I followed.
- Create a self-signed certificate on your webserver
- Tell Nginx how to handle the secure requests by modifying your nginx.conf or virtual host files. Be sure to turn SSL on and point Nginx to the key and certificate you created in step 1
- Modify your wp-config.php file to turn on secure administration in Wordpress
- Restart Nginx
- Test it out by navigating to your wp-admin page; it should redirect you to the secure URL and ask you to make an exception for the self-signed certificate
I'm pretty sure that's all I did, but my memory has proven to be faulty in the past. Is there anything I missed?
Do you have any other suggestions for securing the Wordpress admin area?
Need web application development, maintenance for your existing app, or a third party code review?
Velocity Labs can help.
Hire us!