Join the community today
Become a Member

my domain redirect to demodomain.com

Discussion in 'Centmin Mod Insights' started by gamal, Sep 4, 2018.

  1. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    after successfully installed my website using option 22 and i visited to proof working, i decided to remove the demodomain.com using this code

    Code:
    rm -rf /usr/local/nginx/conf/conf.d/demodomain.com.conf
    rm -rf /home/nginx/domains/demodomain.com
    ngxrestart
    
    now when i go to my wordpress website at ellingtongroup.tk – Just another WordPress site, it redirect me to a strange website where i can buy demodomain.com ??

    what can be wrong i check my conf files for ellingtongroup and it doesn't have any redirects to any websites
     
  2. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    now it's ok after 1000 refreshes
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    weird..

    check your command history to be sure you ran the proper commands and didn't have typos too
    Code (Text):
    history
    
     
  4. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    yes now it's working, appeared to be a caching problem
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    strange.. behind cloudflare ?
     
  6. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    yes now i can't login to my wp-admin, it gives 403 error, i have setup page rule on cloudflare to bybass wp-admin and wp-login, still giving 403
     
  7. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    hmmm removing demodomain.com.conf shouldn't affect other nginx vhost sites though

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  8. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    Code:
    /usr/local/nginx/conf/conf.d/ellingtongroup.tk.conf
    
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name ellingtongroup.tk;
    #            return 301 $scheme://www.ellingtongroup.tk$request_uri;
    #       }
    
    server {
    
      server_name ellingtongroup.tk www.ellingtongroup.tk;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/ellingtongroup.tk/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/ellingtongroup.tk/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/ellingtongroup.tk/autoprotect-ellingtongroup.tk.conf;
      root /home/nginx/domains/ellingtongroup.tk/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/wpcacheenabler_ellingtongroup.tk.conf;
      #include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/wpsupercache_ellingtongroup.tk.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/rediscache_ellingtongroup.tk.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/ellingtongroup.tk/htpasswd_wplogin;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/wpsecure_ellingtongroup.tk.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-ellingtongroup.tk.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
    Code:
    /usr/local/nginx/conf/conf.d/ellingtongroup.tk.ssl.conf
    
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #   server_name ellingtongroup.tk www.ellingtongroup.tk;
    #    return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name ellingtongroup.tk www.ellingtongroup.tk;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/ellingtongroup.tk/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/ellingtongroup.tk/ellingtongroup.tk.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/ellingtongroup.tk/ellingtongroup.tk.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/ellingtongroup.tk/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/ellingtongroup.tk/ellingtongroup.tk-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/ellingtongroup.tk/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/ellingtongroup.tk/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/ellingtongroup.tk/autoprotect-ellingtongroup.tk.conf;
      root /home/nginx/domains/ellingtongroup.tk/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/wpcacheenabler_ellingtongroup.tk.conf;
      #include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/wpsupercache_ellingtongroup.tk.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/rediscache_ellingtongroup.tk.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/ellingtongroup.tk/htpasswd_wplogin;
        include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/ellingtongroup.tk/wpsecure_ellingtongroup.tk.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-ellingtongroup.tk.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
    Code:
    curl -I https://ellingtongroup.tk 
    Code:
    curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
    More details here: http://curl.haxx.se/docs/sslcerts.html
    
    curl performs SSL certificate verification by default, using a "bundle"
     of Certificate Authority (CA) public keys (CA certs). If the default
     bundle file isn't adequate, you can specify an alternate file
     using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
     the bundle, the certificate verification probably failed due to a
     problem with the certificate (it might be expired, or the name might
     not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use
     the -k (or --insecure) option.
    
    Code:
    https://www.ellingtongroup.tk
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 04 Sep 2018 08:48:58 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d79c409000044694516692ab2925eb7581536050938; expires=Wed, 04-Sep-19 08:48:58 GMT; path=/; domain=.ellingtongroup.tk; HttpOnly; Secure
    Location: https://ellingtongroup.tk/
    X-Powered-By: centminmod
    Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: MISS
    Expires: Tue, 04 Sep 2018 12:48:58 GMT
    Cache-Control: public, max-age=14400
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 454f333a78a96f90-SIN
    
    
    Code:
    curl -I http://ellingtongroup.tk 
    Code:
    HTTP/1.1 200 OK
    Date: Tue, 04 Sep 2018 08:49:50 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 6484
    Last-Modified: Mon, 03 Sep 2018 23:24:44 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "5b8dc2bc-1954"
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Accept-Ranges: bytes
    
    Code:
    curl -I http://www.ellingtongroup.tk 
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 04 Sep 2018 08:50:41 GMT
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Tue, 04 Sep 2018 09:50:41 GMT
    Location: https://www.ellingtongroup.tk/
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 454f35c1a494703e-SIN
    
    
     
  9. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Are you using cloudflare flexible ssl or full ssl ?

    Also did you set your wordpress url in wp admin to https:// version ?

    If you still get 403 after setting cloudflare full ssl and https:// defualt in wp admin settings, check below info

    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
  10. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    Are you using cloudflare flexible ssl or full ssl ?
    * i use full ssl

    Also did you set your wordpress url in wp admin to https:// version ?
    *default to https://

    for plugins i only have akismet default wordpress plugin which is already whitelisted.
     
  11. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    also i have this in error log regarding wp-login

    Code:
    ellingtongroup.tk, request: "GET /wp-login.php HTTP/1.1", host: "ellingtongroup.tk"
    2018/09/04 09:43:06 [crit] 28978#28978: *1623 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 140.207.236.80, server: 0.0.0.0:443
    2018/09/04 09:43:14 [crit] 28978#28978: *1825 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 60.216.202.56, server: 0.0.0.0:443
    2018/09/04 09:43:23 [crit] 28978#28978: *2041 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 60.176.86.41, server: 0.0.0.0:443
    2018/09/04 09:43:45 [crit] 28978#28978: *2632 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 60.216.202.56, server: 0.0.0.0:443
    2018/09/04 09:44:21 [crit] 28978#28978: *3632 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 60.191.40.28, server: 0.0.0.0:443
    
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    SSlv3 is deprecated and not supported out of the box so that is normal so not related

    so should be all good

    when i do curl check against your domain's wp-login.php url at HTTP Header Check with an online CURL tool both get back 401 permission denied which is correct if you have http password configured
     
  13. gamal

    gamal Member

    38
    3
    8
    Jan 31, 2018
    Ratings:
    +3
    Local Time:
    12:41 PM
    1.13.8
    yes i have the wp-login and wp-admin protected, but even i put the right password it giver 403
     
  14. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  15. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    then check your autoprotect and whitelisting for wpsecure include files outline at my domain redirect to demodomain.com
     
  16. eva2000

    eva2000 Administrator Staff Member

    36,815
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:41 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    what does contents of your domain's autoprotect include file say /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf ?

    to rule out autoprotect completely you can comment out include line in both non-https and https yourdomain.com.conf and yourdomain.com.ssl.conf for line
    Code (Text):
      include /usr/local/nginx/conf/autoprotect/ellingtongroup.tk/autoprotect-ellingtongroup.tk.conf;
    

    change to
    Code (Text):
      #include /usr/local/nginx/conf/autoprotect/ellingtongroup.tk/autoprotect-ellingtongroup.tk.conf;
    

    restart nginx and php-fpm
    Code (Text):
    nprestart
    
     
..