Hi,

The “Restrict Path Access” doesn’t work for sites which are deployed. I guess because of the path which is made with symbolic links (current, latest…).

I have a view old apps with a directory called “admin” and they don’t have an authentication feature. The previous server was Apache based and the .htpasswd / .htaccess authentication worked for many years.

I also tried the .htpasswd restriction with Nginx:

location /admin/ {
    auth_basic           "Administrator’s Area";
    auth_basic_user_file /home/username/.htpasswd; 
}

But this works only for the URL https://domain.com/admin/ and not for all the files inside that directory.

It appears the feature is broken, at least for my WordPress tests. We’ll look into it further and work on a fix.

I use this feature often voor locking the whole WordPress site and that works. The problem I have (for a longer time) is for PHP deployments.