Question
PHP file is downloaded when attempting to secure Wordpress wp-admin and wp-login.php
I have defined the following block for PHP:
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Whenever I attempt to define a location block to prevent access to wp-admin or wp-login.php, the PHP file is downloaded:
Root location:
location / {
try_files $uri $uri/ /index.php?$args;
}
and directly underneath that:
location ~ ^/(wp-admin|wp-login\.php) {
try_files $uri $uri/ /index.php?$args;
allow xxx.xxx.xxx.xxx;
allow xxx.xxx.xxx.xxx;
deny all;
}
I can’t for the life of me figure out why it’s bypassing PHP and downloading.
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to AnswerThese answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
Hello,
You could
try_filespart from the deny block, I think that this should fix the issue for you.So it should look something like:
Hope that this helps! Bobby
Hello mbdrake76 !
Are you using a .htaccess file and if so, do you have the default WordPress rewrite rules in it?
Looking forward to your reply Alex