Please fill in any relevant information that applies to you: CentOS Version: CentOS 7 64bit Centmin Mod Version Installed: 123.09beta01 Nginx Version Installed: 1.13.10 PHP Version Installed:7.1.5 MariaDB MySQL Version Installed: 10.1.24 When was last time updated Centmin Mod code base ? : 5 minutes ago as of this post Persistent Config: Code: LETSENCRYPT_DETECT='y' NGINX_PAGESPEED='y' NGXDYNAMIC_NGXPAGESPEED='y' Not a big issue, just a minor security concern. So I did a fresh install of above settings (upgraded php post-install), along with wordpress vhost via option #22. Activated pagespeed following the centmin guide. Afterwards, I realized that XXX_phpi.php is not password protected anymore. My Spoiler: vhostconf server { listen 80 default_server backlog=2048 reuseport; server_name XXXXX; root html; access_log /var/log/nginx/localhost.access.log combined buffer=8k flush=1m; error_log /var/log/nginx/localhost.error.log error; # ngx_pagespeed & ngx_pagespeed handler include /usr/local/nginx/conf/pagespeed.conf; include /usr/local/nginx/conf/pagespeedhandler.conf; include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } location / { # block common exploits, sql injections etc #include /usr/local/nginx/conf/block.conf; # Enables directory listings when index file not found # autoindex on; # Shows file listing times as local time # autoindex_localtime on; # Enable for vBulletin usage WITHOUT vbSEO installed # try_files $uri $uri/ /index.php; } include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/include_opcache.conf; include /usr/local/nginx/conf/php.conf; #include /usr/local/nginx/conf/phpstatus.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; #include /usr/local/nginx/conf/vts_mainserver.conf; }
As far back as I can remember, phpi.php was never password protected it was created with a randomly generated prefix XXXXX_phpi.php instead and is hosted off the main hostname's virtual host with web root at /usr/local/nginx/html outlined in step 1 of Getting Started Guide I guess I could add native password protection within the phpi.php file itself like I did for zend opcache and memcache.php files too.
123.09beta01 updated for new installs to natively password protect phpi.php https://community.centminmod.com/threads/new-installs-password-protect-phpi-php-file-natively.11889/