Related

NGINX Config Generator Tool

Easily configure a performant, secure, and stable NGINX server.

 Learn More
Why doesn't chown -R root:www-data work on my Wordpress installation? Question Question
Why are snapshots so slow Question Question

Question

Wordpress wp-login.php and other admin files are getting downloaded instead of opening. How to solve this?

Posted May 20, 2015 18.1k views
NginxUbuntuWordPressSecurity

I am using this rule in nginx config present in /etc/nginx/sites-available/wordpress.

location ~ '(/wp-login.php|/wp-admin)' { if ($http_cookie !~ 'cookiename') { return 404; } }

This works and shows 404 when cookie is not present but problem comes when cookie exists and thereafter a dialog box opens to ask where to save wp-login.php and wp-admin files.

How to solve this ?
Any help is appreciated.

Add a comment
gts13
By:
gts13

Related

NGINX Config Generator Tool

Easily configure a performant, secure, and stable NGINX server.

 Learn More
Why doesn't chown -R root:www-data work on my Wordpress installation? Question Question
Why are snapshots so slow Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
5 answers
eldin May 20, 2015

Sounds like you have no php installed 

sudo apt-get install php5-mysql mysql-server
Reply Report
eldin May 20, 2015

And this

“`sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt

Sorry
Reply Report
jesin May 20, 2015

On Nginx, when you create a location block for PHP you have to copy the fastcgi block too. So it should look like:

location ~ '(/wp-login.php|/wp-admin)' {
    if ($http_cookie !~ 'cookiename') { return 404; }
    include fastcgi.conf;
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
}

Also it isn’t a good idea to block /wp-admin as the AJAX handler admin-ajax.php file exists in this directory.

Reply Report
jesin May 21, 2015
[deleted]
Reply Report
  • gts13 May 22, 2015

    Hey @jesin , I did nginx -t before changing. I received 

    nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2015/05/22 11:47:56 [warn] 24811#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
2015/05/22 11:47:56 [emerg] 24811#0: open() "/etc/nginx/fastcgi.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/wordpress:46
nginx: configuration file /etc/nginx/nginx.conf test failed

    And restarted nginx after changing, problems seems to have gone but other files like css, js, dashicons are not opening.
    Screenshot: http://i.imgur.com/tFDV3d4.png

    Reply Report
  • gts13 May 22, 2015
    Reply Report
  • gts13 May 23, 2015

    @jesin , sorted the problem. The line
    location ~ /wp-includes { internal; }
    code was causing problem. Thanks for your help.

    Do you know does wordpress processes urls? I mean how does they end with .php as I have seen all wordpress nginx configs contain this line

    location ~ \.php$ {
    Reply Report
  • jesin May 23, 2015

    @gts13 Glad you got it working!

    The following line does the trick:

    try_files $uri $uri/ /index.php?q=$uri&$args;

    So if http://example.com/hello-world is accessed, Nginx will check:

    • if a file named “hello-world” exists, $uri
    • if it doesn’t it will check if a directory named “hello-world” exists, $uri/
    • if that too doesn’t exist, it will process the request via /index.php

    Now the request will match location ~ \.php$ { which will pass it to the PHP-FPM socket file - unix:/var/run/php5-fpm.sock

    This is how permalinks work.

    Reply Report
gts13 May 26, 2015

@jesin, you explained it clearly.

I have a doubt that why location ~ \.php$ { is unable to match wp-login.php?

Reply Report

Related

Looking for something else?

Ask a new question Search for more help