Securing Your Magento Store Admin to Specific IP Address on Nginx
With the growing popularity of running Magento stores on Nginx it is important to note that utilizing htaccess rewrites will not prevent access. Instead you need to update a stores server configuration file which can usually be located in sites-available/yourdomain.conf  Note: yourdomain will be replaced by the actual domain of the website in question.
Adding the following location block to the stores configuration file will limit access to administrative panel to the specified IP address 196.196.196.196 (you would change this to match your IP Address
location ~* ^/(index.php/)?admin { allow 196.196.196.196; deny all; location ~* .(php) { include fastcgi_params; } try_files $uri $uri/ @bootstrap; }
The previous location block has the expectation that your store administrative path was left as “admin”. However, as leaving your path as admin is in itself a security risk the following shows how to change it to a new administrative path, for this example we will use “secureadmin”
location ~* ^/(index.php/)?secureadmin { allow 196.196.196.196; deny all; location ~* .(php) { include fastcgi_params; } try_files $uri $uri/ @bootstrap; }
By updating the first line of the provided in the location block you are able to update the administrative path restriction as required.