So currently I have the basic auth enabled to protect wp-login which is great. location ~* ${WPSUBDIR}/(wp-login\.php) { limit_req zone=xwplogin burst=1 nodelay; #limit_conn xwpconlimit 30; auth_basic "Private"; auth_basic_user_file...