diff --git a/services/etc/nginx/sites/example.com.conf b/services/etc/nginx/sites/example.com.conf
index 461cef4..40dd75b 100644
--- a/services/etc/nginx/sites/example.com.conf
+++ b/services/etc/nginx/sites/example.com.conf
@@ -48,7 +48,7 @@ server {
     location ~* ^/(wp-admin|admin|login|wp-login|signin).* {
         add_header X-Proxy-Cache $upstream_cache_status;
         proxy_cache off;
-        return 403;
+        proxy_pass http://127.0.0.1:10080;
     }
 
     # WordPress themes
@@ -119,6 +119,21 @@ server {
             return 301 $redirect_fbclid;
         }
         
+        # if we have the wordpress admin cookie set, no caching please
+        # 
+        # this makes previews work and fixes the admin interface
+        # (by allowing /wp-json/ requests to be uncached and have cookies on them)
+        # 
+        # using an error page hack because nginx config is lacking in this area
+        # ref:
+        # - https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
+        # - https://serverfault.com/a/811981
+        # - https://wordpress.stackexchange.com/questions/218588/post-preview-mechanism-architecture
+        error_page 418 = @uncached;
+        if ( $http_cookie ~* ".*wordpress_logged_in_.+" ) {
+            return 418;
+        }
+        
         # forced cache
         include snippets/proxy_headers_caching.conf;
         # generic settings we need to re-include due to the above using `proxy_set_header`
@@ -138,3 +153,10 @@ server {
     }
 
 }
+
+# explicitly uncached
+location @uncached {
+    add_header X-Proxy-Cache-Status $upstream_cache_status;
+    proxy_cache off;
+    proxy_pass http://127.0.0.1:10080;
+}