So the site was hacked.!
I fixed it up and have some security installed now but I've got to be in a list of vulnerable sites as the server is getting hammered daily.
In an attempt to lessen the load I decided to protect the WP-ADMIN folder with a location directive allowing me in (by IP) and denying everyone else. I decided to redirect the denied back to the home page.
It worked but then I decided to expand the allowed IP address to cover a subnet using CIDR. The second I did that, the location block doesn't let me access wp-admin and instead, triggers a download of the wp-admin index file in raw unprocessed PHP.
I then took out the CIDR and put the single IP back in and it still did the same thing. I've cleared the server cache and browser cache. I tried loading the page in incognito. I took out the redirect part and still, it will not let me in wp-admin and instead triggers the download.
At a loss as to why it's started doing this. Any ideas.
# Protect WPAdmin Directory
location ^~ /wp-admin/ {
error_page 403 =301 https:/mywebsiteurl.com/;
allow 111.111.111.111; #my external IP address
deny all;
}
I fixed it up and have some security installed now but I've got to be in a list of vulnerable sites as the server is getting hammered daily.
In an attempt to lessen the load I decided to protect the WP-ADMIN folder with a location directive allowing me in (by IP) and denying everyone else. I decided to redirect the denied back to the home page.
It worked but then I decided to expand the allowed IP address to cover a subnet using CIDR. The second I did that, the location block doesn't let me access wp-admin and instead, triggers a download of the wp-admin index file in raw unprocessed PHP.
I then took out the CIDR and put the single IP back in and it still did the same thing. I've cleared the server cache and browser cache. I tried loading the page in incognito. I took out the redirect part and still, it will not let me in wp-admin and instead triggers the download.
At a loss as to why it's started doing this. Any ideas.
# Protect WPAdmin Directory
location ^~ /wp-admin/ {
error_page 403 =301 https:/mywebsiteurl.com/;
allow 111.111.111.111; #my external IP address
deny all;
}