WordPress App how to restrict access to specific pages on the site

Question

WordPress App how to restrict access to specific pages on the site

Sergei Drew 40

Hello all,

I have a WordPress App hosted on Azure and I am struggling with how I can secure specific pages from public access.

For example:

[www.mysite.com/wp-admin]

[www.mysite.com/info.php]

I'd like it so that only specific IP addresses or Microsoft user accounts can access some, such as admin pages and for some pages I'd like no access at all, to where it just blocks any sort of visit.

I've viewed the documentation for Front Door and some networking restrictions but that seems to be just IP addresses and I'm confused about how I can set those rule for specific pages within the App/Site.

I know WordPress offer plugins which have this sort of functionality but I'd like to take advantage of Azure's security features rather than plugins from WordPress.

Any help is very appreciated. Thank you

ajkuma 28,116 Reputation points Microsoft Employee

2023-11-27T19:28:50.77+00:00
Apologies for the delayed response. Based on your scenario description, I understand that you want to secure/restrict access to specific pages on your public Azure WebApp and that you have referenced multiple documentations.

Just to highlight, Azure App Service on Linux images using PHP 8.x are now bundled with NGINX instead of Apache.

To restrict access to specific pages on your WordPress site hosted on Azure, you may use Azure App Service Authentication and Authorization. This feature allows you to authenticate users and then add logic to restrict access to specific pages based on their identity.

Authentication and authorization in Azure App Service and Azure Functions

I understand you do not want to leverage WordPress plugins or custom code to restrict access to specific pages. Alternatively, you may write custom code to check the user's identity and restrict access to specific pages based on their identity.

To provide an approach:

NGINXRewrite Rules for Azure App Service Linux PHP 8.x

PHPconfiguration: Customizing NGINX’s error page handling

Here's a basic example that shows how to restrict access to specific pages and allow only certain IP addresses. Note that for Microsoft user accounts, you might need to use a different authentication mechanism like OAuth, as Nginx doesn't directly integrate with Microsoft user accounts.

By combining these steps, you may restrict access to your web app and specific pages based on user identity.

At a high-level, sharing this as an example only:

nginx server { listen 80; server_name location /wp-admin { allow 192.168.1.1; # Replace with your allowed IP address or range deny all; satisfy any; # Additional configuration for /wp-admin if needed } location /info.php { allow 192.168.1.1; # Replace with your allowed IP address or range deny all; satisfy any; # Additional configuration for /info.php if needed } location / { deny all; # Block access to all other pages }

---Kindly let us know, I'll follow-up with you further.
Sergei Drew 40 Reputation points

2023-11-28T09:35:02.1366667+00:00

Hello @ajkuma,

This seems like exactly what I'm looking for. Issue at the first hurdle however, /home/site/default doesn't exist inside my server.

Trying to follow the documentation you sent through.

Best regards,

Sergei
Sergei Drew 40 Reputation points

2023-11-28T09:37:11.7066667+00:00

Hello @ajkuma,

This is exactly what I'm looking for. Issue at the first hurdle however,

/home/site/default doesn't exist in my server.

Trying to follow the documentation you sent through.

Best regards,

Sergei
ajkuma 28,116 Reputation points Microsoft Employee

2023-11-29T04:03:21.6+00:00

Thanks for the follow-up and update. Kindly let us know how it goes.

Just to clarify, is this Azure App Service on Linux blessed image or a custom container for App Service?

Also, just to highlight, to change the site root, you need to change the Nginx configuration file in the PHP 8.0 container (/etc/nginx/sites-available/default). Doc section : Change site root
ajkuma 28,116 Reputation points Microsoft Employee

2023-12-04T19:19:37.3566667+00:00

@Sergei Drew , Just checking in to see if you had got a chance to see the previous response. If the answer helped (pointed, you in the right direction) > please click Accept Answer Or please share the requested/more info to help you better.

Sergei Drew 40

@ajkuma, Hello, apologies for the accepting answer then unaccepting. The solution you proposed worked until I added a new domain name. since then no matter what combination of =, *~, or no operator at all will let me get the same results as I had previously. I even re-did the whole configuration file, copying it over but still to no prevail.

I had got it working and it was denying access to unknown IP addresses. I'm very confused as to why now it's not functioning as it did yesterday.

Any help is appreciated.

this is the config I have at the moment:

upstream php {
        server unix:/var/run/php/php-fpm.sock;        
        #server 127.0.0.1:9000;
}

server {
        listen 80;
        ## Your website name goes here.
        server_name _;
        ## Your only path reference.
        root /var/www/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;
        
        set_real_ip_from 0.0.0.0/0;
        real_ip_header X-Forwarded-For;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        
        location /wp-admin {
            allow <My IP>;
            allow <My IP>;
            deny all;
            
            #Copied from the existing PHP location block
            include fastcgi.conf;
            include fastcgi_params;
            fastcgi_intercept_errors on;
            fastcgi_pass php;

            fastcgi_read_timeout 300;
            fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;
            fastcgi_cache off;
            fastcgi_cache_valid 60m;     
        }
        
        location ~* wp-login\.php {
            allow <My IP>;
			allow <My IP>;
            deny all;
            
            #Copied from the existing PHP location block
            include fastcgi.conf;
            include fastcgi_params;
            fastcgi_intercept_errors on;
            fastcgi_pass php;

            fastcgi_read_timeout 300;
            fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;
            fastcgi_cache off;
            fastcgi_cache_valid 60m;     
        }
        
        location /wp-json/wp/v2/users/ {
            deny all;
        }

        # Add locations of phpmyadmin here.
        location /phpmyadmin {
                root /home/;
                index index.php index.html index.htm;
                location ~ ^/phpmyadmin/(.+\.php)$ {
                        try_files $uri =404;
                        root /home/;
                        fastcgi_pass unix:/var/run/php/php-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        include /etc/nginx/fastcgi_params;
                }
                location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                        root /home/;
                }
        }

        location /phpMyAdmin {
                rewrite ^/* /phpmyadmin last;
                allow 78.150.226.36;
                allow 185.70.134.51;
                deny all;
        }

ajkuma 28,116 Reputation points Microsoft Employee

2023-12-07T19:08:42.57+00:00
No worries, thanks for your follow-up.

Kindly try the steps outlined in the doc:

WordPress: Redirecting to wrong URL!! ( wp-config.php config options)

-Review - Wp-config.php showing defined constants affecting URL Redirection.

-Stopping The Redirection (and taking control of the site)

-Manually update the HOME and SITEURL through a client like MySQL Workbench or PHPMyAdmin
Sergei Drew 40 Reputation points

2023-12-14T10:36:17.56+00:00

Going to need to use the SQL route for the solution on this. Have spent the last few days trying to figure out the way to connect to the SQL server connected to my WordPress App.

My workbench doesn't allow the connection to the SQL server and neither does Microsoft SQL Server Management.

I believe it is something to do with the method of which the SQL entity has been configured, only allowing internal connections which are connected to the V-Net.

This, I believe is the final step I need to take to finally close of this project.

Best regards,
Sergei
ajkuma 28,116 Reputation points Microsoft Employee

2023-12-15T10:52:57.6733333+00:00

Sergei, Apologies it's taking a while to setup your project.

Just to highlight, you may always leverage App Service diagnostics from Azure Portal and see if it provides any pointers> Navigate to your App Service app in the Azure Portal.

In the left navigation, click on Diagnose and solve problems - Review and run – Network troubleshooter and ““Configuration and Management” (IP address configuration).

Also, check this discussion thread.

For a quick and closer investigation, we would need additional info about your subscription and Azure resource (to check internal logs), if you have a support plan, you may raise a support ticket, else please let me know, I'll follow-up further offline.
david the miller 0 Reputation points

2024-02-05T21:30:43.13+00:00

I appreciate your engagement in finding a solution to restrict access to specific pages, on your WordPress App hosted on Azure. It seems you are on the right track, and I'm here to assist you further. I understand that you encountered an issue regarding the /home/site/default path not existing on your server while following the provided documentation. Let's address that concern: Azure App Service on Linux Blessed Image or Custom Container: Before proceeding, could you confirm whether you are using the Azure App Service on Linux blessed image or a custom container for App Service? The steps may vary slightly based on this distinction. Nginx Configuration File: To change the site root and resolve the issue with the /home/site/default path, you need to modify the Nginx configuration file in the PHP 8.0 container. The file is typically located at /etc/nginx/sites-available/default. You can follow the documentation section on changing the site root for guidance: Change site root

Feel free to provide additional details about your setup or let me know if you encounter any further obstacles. I'm here to assist you in ensuring a smooth implementation of the access restrictions, because I also undergo that process while working on my site, so I'm always here to assist you.

Best regards,

1 answer

Your answer

Sergei Drew 40 Reputation points

2023-11-28T09:35:02.1366667+00:00

Hello @ajkuma,

This seems like exactly what I'm looking for. Issue at the first hurdle however, /home/site/default doesn't exist inside my server.

Trying to follow the documentation you sent through.

Best regards,

Sergei
Sergei Drew 40 Reputation points

2023-11-28T09:37:11.7066667+00:00

Hello @ajkuma,

This is exactly what I'm looking for. Issue at the first hurdle however,

/home/site/default doesn't exist in my server.

Trying to follow the documentation you sent through.

Best regards,

Sergei
ajkuma 28,116 Reputation points Microsoft Employee

2023-11-29T04:03:21.6+00:00

Thanks for the follow-up and update. Kindly let us know how it goes.

Just to clarify, is this Azure App Service on Linux blessed image or a custom container for App Service?

Also, just to highlight, to change the site root, you need to change the Nginx configuration file in the PHP 8.0 container (/etc/nginx/sites-available/default). Doc section : Change site root
ajkuma 28,116 Reputation points Microsoft Employee

2023-12-04T19:19:37.3566667+00:00

@Sergei Drew , Just checking in to see if you had got a chance to see the previous response. If the answer helped (pointed, you in the right direction) > please click Accept Answer Or please share the requested/more info to help you better.
ajkuma 28,116 Reputation points Microsoft Employee

2023-12-07T19:08:42.57+00:00

No worries, thanks for your follow-up.

Kindly try the steps outlined in the doc:

WordPress: Redirecting to wrong URL!! ( wp-config.php config options)

-Review - Wp-config.php showing defined constants affecting URL Redirection.

-Stopping The Redirection (and taking control of the site)

-Manually update the HOME and SITEURL through a client like MySQL Workbench or PHPMyAdmin
Sergei Drew 40 Reputation points

2023-12-14T10:36:17.56+00:00

Going to need to use the SQL route for the solution on this. Have spent the last few days trying to figure out the way to connect to the SQL server connected to my WordPress App.

My workbench doesn't allow the connection to the SQL server and neither does Microsoft SQL Server Management.

I believe it is something to do with the method of which the SQL entity has been configured, only allowing internal connections which are connected to the V-Net.

This, I believe is the final step I need to take to finally close of this project.

Best regards,
Sergei
ajkuma 28,116 Reputation points Microsoft Employee

2023-12-15T10:52:57.6733333+00:00

Sergei, Apologies it's taking a while to setup your project.

Just to highlight, you may always leverage App Service diagnostics from Azure Portal and see if it provides any pointers> Navigate to your App Service app in the Azure Portal.

In the left navigation, click on Diagnose and solve problems - Review and run – Network troubleshooter and ““Configuration and Management” (IP address configuration).

Also, check this discussion thread.

For a quick and closer investigation, we would need additional info about your subscription and Azure resource (to check internal logs), if you have a support plan, you may raise a support ticket, else please let me know, I'll follow-up further offline.
david the miller 0 Reputation points

2024-02-05T21:30:43.13+00:00

I appreciate your engagement in finding a solution to restrict access to specific pages, on your WordPress App hosted on Azure. It seems you are on the right track, and I'm here to assist you further. I understand that you encountered an issue regarding the /home/site/default path not existing on your server while following the provided documentation. Let's address that concern: Azure App Service on Linux Blessed Image or Custom Container: Before proceeding, could you confirm whether you are using the Azure App Service on Linux blessed image or a custom container for App Service? The steps may vary slightly based on this distinction. Nginx Configuration File: To change the site root and resolve the issue with the /home/site/default path, you need to modify the Nginx configuration file in the PHP 8.0 container. The file is typically located at /etc/nginx/sites-available/default. You can follow the documentation section on changing the site root for guidance: Change site root

Feel free to provide additional details about your setup or let me know if you encounter any further obstacles. I'm here to assist you in ensuring a smooth implementation of the access restrictions, because I also undergo that process while working on my site, so I'm always here to assist you.

Best regards,

Answer 1

Adding more:

You may follow the suggestions outlined (step-step) in the below guide walks through configuring IP access restrictions on wp-admin for the WordPress on App Service offering.

How to enable IP access restrictions on wp-admin for the WordPress on App Service offering

The article outlines the following high-level steps:

Using the SSH console, copy /etc/nginx/conf.d/default.conf to /home/dev/default.conf
Edit /home/dev/default.conf to use the X-Forwarder-For header and add a location block for wp-login.php
Update /home/dev/startup.sh with the below snippet
Point to /home/dev/startup.sh in the App Service portal under configuration –> general settings. Saving the changes will restart the App Service.
Test the access using different devices to ensure the IP access restrictions are applied.

(converting to answer from comment) + adding summary

If the answer helped (pointed, you in the right direction) > please click Accept Answer Or please share the requested/more info to help you better.

Share via

WordPress App how to restrict access to specific pages on the site

1 answer

Your answer