/login, /admin, etc not redirecting to /wp-login.php and 404 page not showing
-
Hi all,
I have a site that I put on my server for a friend to test plugins, etc that he was thinking of installing on his main site on. However, he contacted me saying that /login, /admin, etc wasn’t redirecting to /wp-login.php like normal. I did some more digging, and found that anything that is a 404 also doesn’t show a 404 page, instead it shows the homepage. The same happens for /login, /admin, etc. I am using nginx, and the config for both a working site and the site that doesn’t work is below:Working site:
server {
listen 80;
listen [::]:80;
server_name alexman.me http://www.alexman.me;
return 301 https://$server_name$request_uri;
}server {
access_log /var/log/nginx/alexman.me.access.log;
error_log /var/log/nginx/alexman.me.error.log;
server_name alexman.me http://www.alexman.me;
root /storage/websites/alexman.me/public_html;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/alexman.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/alexman.me/privkey.pem;
if ($host != $server_name) {
return 301 https://$server_name$request_uri;
}
index index.php;set $no_cache 0;
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != “”) {
set $no_cache 1;
}
if ($request_uri ~* “(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)”)
{
set $no_cache 1;
}
if ($http_cookie ~* “comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in”) {
set $no_cache 1;
}
location ~* .(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx|woff)$ {
expires 864000;
}# Ensure requests for pagespeed optimized resources go to the pagespeed handler
# and no extraneous headers get set.
location ~ “.pagespeed.([a-z].)?[a-z]{2}.[^.]{10}.[^.]+” {
add_header “” “”;
}
location ~ “^/pagespeed_static/” { }
location ~ “^/ngx_pagespeed_beacon$” { }pagespeed RewriteLevel CoreFilters;
pagespeed EnableFilters
responsive_images,combine_heads,move_css_to_head,outline_javascript,outline_css,rewrite_style_attributes,prioritize_critical_css,make_google_analytics_async,make_show_ads_async,canonicalize_javascript_libraries,local_storage_cache,convert_t
o_webp_animated,insert_image_dimensions,inline_preview_images,remove_comments,collapse_whitespace,elide_attributes,extend_cache_pdfs,sprite_images,trim_urls,dedup_inlined_images,lazyload_images,insert_dns_prefetch,hint_preload_subresources,
in_place_optimize_for_browser;
pagespeed LowercaseHtmlNames on;location / {
try_files $uri $uri/ index.php?$args /index.php?$args;
}## WP Defender – Prevent information disclosure ##
# Turn off directory indexing
autoindex off;# Deny access to wp-config.php file
location = /wp-config.php {
deny all;
}# Deny access to revealing or potentially dangerous files in the /wp-content/ directory (including sub-folders)
location ~* ^/wp-content/.*.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {
deny all;
}
## WP Defender – End ##
## WP Defender – Prevent PHP Execution ##
# Stop php access except to needed files in wp-includes
location ~* ^/wp-includes/.*(?<!(js/tinymce/wp-tinymce)).php$ {
internal; #internal allows ms-files.php rewrite in multisite to work
}# Specifically locks down upload directories in case full wp-content rule below is skipped
location ~* /(?:uploads|files)/.*.php$ {
deny all;
}location ~ ^/wp-content/plugins/wordfence/.*.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/alexmanme.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 10;
fastcgi_send_timeout 10;
fastcgi_read_timeout 30;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;}
# Deny direct access to .php files in the /wp-content/ directory (including sub-folders).
# Note this can break some poorly coded plugins/themes, replace the plugin or remove this block if it causes trouble
location ~* ^/wp-content/.*.php$ {
deny all;
}
## WP Defender – End ##location ~ .php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/alexmanme.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 10;
fastcgi_send_timeout 10;
fastcgi_read_timeout 30;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;}
# No access to .htaccess files.
location ~ /.ht {
deny all;
}}
And now the broken site (see how it’s almost identical? That’s why it confuses me):
server {
listen 80;
listen [::]:80;
server_name test.alexman.me;
return 301 https://$server_name$request_uri;
}server {
access_log /var/log/nginx/test.alexman.me.access.log;
error_log /var/log/nginx/test.alexman.me.error.log;
server_name test.alexman.me;
root /storage/websites/test.alexman.me/public_html;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/test.alexman.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.alexman.me/privkey.pem;
#if ($host != $server_name) {
#return 301 https://$server_name$request_uri;
#}
index index.php;auth_basic “Enter the username and password if you are authorized!”;
auth_basic_user_file /storage/websites/test.alexman.me/site.htpasswd;set $no_cache 1;
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != “”) {
set $no_cache 1;
}
if ($request_uri ~* “(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)”)
{
set $no_cache 1;
}
if ($http_cookie ~* “comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in”) {
set $no_cache 1;
}
location ~* .(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx|woff)$ {
expires 864000;
}# Ensure requests for pagespeed optimized resources go to the pagespeed handler
# and no extraneous headers get set.
location ~ “.pagespeed.([a-z].)?[a-z]{2}.[^.]{10}.[^.]+” {
add_header “” “”;
}
location ~ “^/pagespeed_static/” { }
location ~ “^/ngx_pagespeed_beacon$” { }pagespeed RewriteLevel CoreFilters;
pagespeed EnableFilters
responsive_images,combine_heads,move_css_to_head,outline_javascript,outline_css,rewrite_style_attributes,prioritize_critical_css,make_google_analytics_async,make_show_ads_async,canonicalize_javascript_libraries,local_storage_cache,convert_t
o_webp_animated,insert_image_dimensions,inline_preview_images,remove_comments,collapse_whitespace,elide_attributes,extend_cache_pdfs,sprite_images,trim_urls,dedup_inlined_images,lazyload_images,insert_dns_prefetch,hint_preload_subresources,
in_place_optimize_for_browser;
pagespeed LowercaseHtmlNames on;
pagespeed off;location / {
try_files $uri $uri/ index.php?$args /index.php?$args;
}## WP Defender – Prevent information disclosure ##
# Turn off directory indexing
autoindex off;# Deny access to wp-config.php file
location = /wp-config.php {
deny all;
}# Deny access to revealing or potentially dangerous files in the /wp-content/ directory (including sub-folders)
location ~* ^/wp-content/.*.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$ {
deny all;
}
## WP Defender – End ##
## WP Defender – Prevent PHP Execution ##
# Stop php access except to needed files in wp-includes
location ~* ^/wp-includes/.*(?<!(js/tinymce/wp-tinymce)).php$ {
internal; #internal allows ms-files.php rewrite in multisite to work
}# Specifically locks down upload directories in case full wp-content rule below is skipped
location ~* /(?:uploads|files)/.*.php$ {
deny all;
}location ~ ^/wp-content/plugins/wordfence/.*.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/test_alexman_me.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 10;
fastcgi_send_timeout 10;
fastcgi_read_timeout 30;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;}
# Deny direct access to .php files in the /wp-content/ directory (including sub-folders).
# Note this can break some poorly coded plugins/themes, replace the plugin or remove this block if it causes trouble
location ~* ^/wp-content/.*.php$ {
deny all;
}
## WP Defender – End ##location ~ .php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/test_alexman_me.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 10;
fastcgi_send_timeout 10;
fastcgi_read_timeout 30;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;}
# No access to .htaccess files.
location ~ /.ht {
deny all;
}location /.well-known {
auth_basic “off”;
try_files $uri =404;
}}
Note: If you want to check out the site yourself (to see headers or anything) the user is alex and the password is wily. I put that in place mainly so I don’t need to be as diligent with updating themes, plugins, and core (as this is a test site and no-one except us needs to access it anyway).
Thanks!
-Michael.The page I need help with: [log in to see the link]
- The topic ‘/login, /admin, etc not redirecting to /wp-login.php and 404 page not showing’ is closed to new replies.